diff --git a/bindings/java/README.txt b/bindings/java/README.txt
index e3c8122290d3864bd047f414d34f50d6495ddf54..0f7e7e07945be48ed315636cae120fc9cfa89a99 100644
--- a/bindings/java/README.txt
+++ b/bindings/java/README.txt
@@ -1,22 +1,42 @@
-To build the java bindings first download the sqlitejdbc .jar files http://www.xerial.org/maven/repository/artifact/org/xerial/sqlite-jdbc/ (newest version is at the BOTTOM)
+Sleuth Kit Java Bindings
-Put the .jar files in sleuthkit/bindings/java/lib
+Overview
-use the Ant target build.xml in sleuthkit/bindings/java/
+The core functionality of the Sleuth Kit is in the C/C++ library.
+The functionality is made available to Java applications by using
+JNI. The theory is that a SQLite database is created by the C++
+library and then it is queried by native Java code. JNI methods
+exist to make the database and to read file content (and other raw
+data that is too large to fit into the database).
-To set up Ant download it from: http://ant.apache.org/ then follow the directions in the Ant Manual (http://ant.apache.org/manual/index.html) for installation
+To use the Java bindings, you must have the Sleuth Kit datamodel
+JAR file compiled and have compiled the associated dynamic library
+from the C/C++ code.
-To build the .dll build the win32 visual studio project. You will need to have a version of JDK for the .dll to build. You will need to set the JDK_HOME environment variable If it is not already set.
-To use these bindings you will need to move the .dll to the appropriate location to be found by your java compiler. This will be specific to your IDE or should be specified on the command line if using a command linem compiler.
-To build the java bindings first download the sqlitejdbc .jar files http://www.xerial.org/maven/repository/artifact/org/xerial/sqlite-jdbc/ (newest version is at the BOTTOM)
+Building The Jar File
-Put the .jar files in sleuthkit/bindings/java/lib
+You will need:
+* The sqlitejdbc Jar file:
+ http://www.xerial.org/maven/repository/artifact/org/xerial/sqlite-jdbc/ (newest version is at the BOTTOM)
+* Java JDK
+* Ant
-use the Ant target build.xml in sleuthkit/bindings/java/
+Place the JAR file in the 'lib' folder.
-To set up Ant download it from: http://ant.apache.org/ then follow the directions in the Ant Manual (http://ant.apache.org/manual/index.html) for installation
+Build with the default ant target (by running 'ant')
-To build the .dll build the win32 visual studio project. You will need to have a version of JDK for the .dll to build. You will need to set the JDK_HOME environment variable If it is not already set.
-To use these bindings you will need to move the .dll to the appropriate location to be found by your java compiler. This will be specific to your IDE or should be specified on the command line if using a command linem compiler.
\ No newline at end of file
+Building the Dynamic Library (for JNI)
+
+To build the .dll build the win32 visual studio project. You will
+need to have a version of JDK for the .dll to build. You will need
+to set the JDK_HOME environment variable If it is not already set.
+
+
+Using the Jar file and Library
+
+Make sure the Jar file is in your CLASSPATH. The dynamic library
+will also need to be available when the program is run. Typically
+that means that it must be in the path.
+
diff --git a/bindings/java/build.xml b/bindings/java/build.xml
index 91313ac16357c2bdc64ed0ad90816149ee2bd1a5..54071c6c45ed2ecb57caff690d9ac5333bb72807 100644
--- a/bindings/java/build.xml
+++ b/bindings/java/build.xml
@@ -19,12 +19,15 @@
<target name="init">
<mkdir dir="${build}"/>
<mkdir dir="${dist}"/>
+ <mkdir dir="${lib}"/>
</target>
<target name="compile" depends="init"
description="compile the source " >
<!-- Compile the java code from ${src} into ${build} -->
- <javac srcdir="${src}" destdir="${build}" classpathref="libraries"/>
+ <javac srcdir="${src}" destdir="${build}" classpathref="libraries" >
+ <!--<compilerarg value="-Xlint"/>-->
+ </javac>
</target>
<target name="dist" depends="jni"
@@ -47,52 +50,3 @@
<delete dir="${dist}"/>
</target>
</project>
-<project name="DataModel" default="dist" basedir=".">
- <description>
- Sleuthkit Java DataModel
- </description>
- <!-- set global properties for this build -->
- <property name="src" location="src/org/sleuthkit/datamodel"/>
- <property name="build" location="build/"/>
- <property name="dist" location="dist"/>
- <property name="lib" location="lib"/>
-
- <path id="libraries">
- <fileset dir="${lib}">
- <include name="*.jar"/>
- </fileset>
- <pathelement path="${build}"/>
- </path>
-
-
- <target name="init">
- <mkdir dir="${build}"/>
- <mkdir dir="${dist}"/>
- </target>
-
- <target name="compile" depends="init"
- description="compile the source " >
- <!-- Compile the java code from ${src} into ${build} -->
- <javac srcdir="${src}" destdir="${build}" classpathref="libraries"/>
- </target>
-
- <target name="dist" depends="jni"
- description="generate the distribution" >
- <!-- Put everything in ${build} into the MyProject-${DSTAMP}.jar file -->
- <jar jarfile="${dist}/Tsk_DataModel.jar" basedir="${build}"/>
- </target>
-
- <target name="jni" depends="compile" description="make the jni.h file">
- <javah classpath = "${build}" outputFile="jni/dataModel_SleuthkitJNI.h" force="yes">
- <class name="org.sleuthkit.datamodel.SleuthkitJNI"/>
- </javah>
- </target>
-
-
- <target name="clean"
- description="clean up" >
- <!-- Delete the ${build} and ${dist} directory trees -->
- <delete dir="${build}"/>
- <delete dir="${dist}"/>
- </target>
-</project>
\ No newline at end of file
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.cpp b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
index ba30afe4955514a8cf2933e1a1096cb2336ced18..755404b72d7a69c30acc648623091f43435ed886 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.cpp
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.cpp
@@ -21,7 +21,13 @@ TskAutoDbJNI::TskAutoDbJNI(){
TskAutoDb::TskAutoDb();
}
-
+/**
+ * Overriden processFile method to stop processing files if the
+ * cancelProcess method is called
+ * @return STOP if cancelled otherwise use return value from super class
+ * @param fs_file file details
+ * @param path full path of parent directory
+ */
TSK_RETVAL_ENUM
TskAutoDbJNI::processFile(TSK_FS_FILE * fs_file,
const char *path) {
@@ -30,6 +36,9 @@ TskAutoDbJNI::processFile(TSK_FS_FILE * fs_file,
else
return TskAutoDb::processFile(fs_file, path);
}
+/**
+ * Cancel the running process
+ */
void TskAutoDbJNI::cancelProcess(){
m_cancelled = true;
}
@@ -51,9 +60,13 @@ static void throwTskError(JNIEnv *env){
}
/*
- * Class: datamodel_SleuthkitJNI
- * Method: loaddb
- * Signature: (Ljava/lang/String;I)J
+ * Create a database for the given image (process cannot be cancelled)
+ * @return the 0 for success 1 for failure
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param paths array of strings from java, the paths to the image parts
+ * @param num_imgs number of image parts
+ * @param outDir the output directory
*/
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_loaddbNat
(JNIEnv *env, jclass obj, jobjectArray paths, jint num_imgs, jstring outDir){
@@ -104,9 +117,10 @@ JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_loaddbNat
}
/*
- * Class: datamodel_SleuthkitJNI
- * Method: loaddb
- * Signature: (Ljava/lang/String;I)J
+ * Create a loaddb process that can later be run with specific inputs
+ * @return the pointer to the process
+ * @param env pointer to java environment this was called from
+ * @param timezone timezone for the image
*/
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_startloaddbNat
(JNIEnv *env, jclass obj, jstring timezone){
@@ -124,10 +138,15 @@ JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_startloaddbNat
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: runloaddbNat
-* Signature: (J)V
-*/
+ * Create a database for the given image using a pre-created process which can be cancelled
+ * @return the 0 for success 1 for failure
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param process the loaddb proces created by startloaddbNat
+ * @param paths array of strings from java, the paths to the image parts
+ * @param num_imgs number of image parts
+ * @param outDir the output directory
+ */
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_runloaddbNat
(JNIEnv * env, jclass obj, jlong process, jobjectArray paths, jint num_imgs, jstring outDir){
jboolean isCopy;
@@ -178,10 +197,11 @@ JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_runloaddbNat
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: runloaddbNat
-* Signature: (J)V
-*/
+ * Cancel the given loaddb process
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param process the loaddb proces created by startloaddbNat
+ */
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_stoploaddbNat
(JNIEnv * env, jclass obj, jlong process){
((TskAutoDbJNI*)process)->cancelProcess();
@@ -190,12 +210,14 @@ JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_stoploaddbNat
-
/*
-* Class: datamodel_SleuthkitJNI
-* Method: openImage
-* Signature: (Ljava/lang/String;I)J
-*/
+ * Open an image pointer for the given image
+ * @return the created TSK_IMG_INFO pointer
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param paths the paths to the image parts
+ * @param num_imgs number of image parts
+ */
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openImageNat
(JNIEnv *env, jclass obj, jobjectArray paths, jint num_imgs){
TSK_IMG_INFO * img_info;
@@ -226,95 +248,108 @@ JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openImageNat
return (jlong)img_info;
}
-/*
-* Class: datamodel_SleuthkitJNI
-* Method: openVol
-* Signature: (J)J
-*/
+/*
+ * Open the volume system at the given offset
+ * @return the created TSK_VS_INFO pointer
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_img_info the pointer to the parent img object
+ * @param vsOffset the offset of the volume system in bytes
+ */
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openVsNat
-(JNIEnv * env, jclass obj, jlong img_info, jlong vsOffset){
- TSK_IMG_INFO * img = (TSK_IMG_INFO *) img_info;
- TSK_VS_INFO * vsInfo;
+(JNIEnv * env, jclass obj, jlong a_img_info, jlong vsOffset){
+ TSK_IMG_INFO * img_info = (TSK_IMG_INFO *) a_img_info;
+ TSK_VS_INFO * vs_info;
- vsInfo = tsk_vs_open(img, vsOffset, TSK_VS_TYPE_DETECT);
- if(vsInfo == NULL){
+ vs_info = tsk_vs_open(img_info, vsOffset, TSK_VS_TYPE_DETECT);
+ if(vs_info == NULL){
throwTskError(env);
}
- return (jlong)vsInfo;
+ return (jlong)vs_info;
}
/*
- * Class: datamodel_SleuthkitJNI
- * Method: openVol
- * Signature: (JJ)J
+ * Open volume with the given id from the given volume system
+ * @return the created TSK_VS_PART_INFO pointer
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_vs_info the pointer to the parent vs object
+ * @param vol_id the id of the volume to get
*/
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openVolNat
-(JNIEnv * env, jclass obj, jlong vs_info, jlong vol_id){
- TSK_VS_INFO * vsInfo = (TSK_VS_INFO *) vs_info;
- TSK_VS_PART_INFO * volInfo;
-
- volInfo = (TSK_VS_PART_INFO *) tsk_vs_part_get(vsInfo, (TSK_PNUM_T) vol_id);
- if(volInfo == NULL){
+(JNIEnv * env, jclass obj, jlong a_vs_info, jlong vol_id){
+ TSK_VS_INFO * vs_info = (TSK_VS_INFO *) a_vs_info;
+ TSK_VS_PART_INFO * vol_info;
+ vol_info = (TSK_VS_PART_INFO *) tsk_vs_part_get(vs_info, (TSK_PNUM_T) vol_id);
+ if(vol_info == NULL){
throwTskError(env);
}
- return (jlong)volInfo;
+ return (jlong)vol_info;
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: openFs
-* Signature: (J)J
-*/
+ * Open file system with the given offset
+ * @return the created TSK_FS_INFO pointer
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_img_info the pointer to the parent img object
+ * @param fs_offset the offset in bytes to the file system
+ */
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openFsNat
-(JNIEnv * env, jclass obj, jlong img_info, jlong fs_offset){
- TSK_IMG_INFO * img = (TSK_IMG_INFO *) img_info;
- TSK_FS_INFO * fsInfo;
+(JNIEnv * env, jclass obj, jlong a_img_info, jlong fs_offset){
+ TSK_IMG_INFO * img = (TSK_IMG_INFO *) a_img_info;
+ TSK_FS_INFO * fs_info;
- fsInfo = tsk_fs_open_img(img, (TSK_OFF_T) fs_offset /** img->sector_size*/, TSK_FS_TYPE_DETECT);
- if(fsInfo == NULL){
+ fs_info = tsk_fs_open_img(img, (TSK_OFF_T) fs_offset /** img->sector_size*/, TSK_FS_TYPE_DETECT);
+ if(fs_info == NULL){
throwTskError(env);
return NULL;
}
- return (jlong)fsInfo;
+ return (jlong)fs_info;
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: openFile
-* Signature: (JJ)J
-*/
+ * Open the file with the given id in the given file system
+ * @return the created TSK_FS_FILE pointer
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_fs_info the pointer to the parent file system object
+ * @param file_id id of the file to open
+ */
JNIEXPORT jlong JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_openFileNat
-(JNIEnv * env, jclass obj, jlong fs_info, jlong file_id){
- TSK_FS_INFO * fs = (TSK_FS_INFO *) fs_info;
- TSK_FS_FILE * file;
+(JNIEnv * env, jclass obj, jlong a_fs_info, jlong file_id){
+ TSK_FS_INFO * fs_info = (TSK_FS_INFO *) a_fs_info;
+ TSK_FS_FILE * file_info;
- if (fs->tag != TSK_FS_INFO_TAG) {
+ if (fs_info->tag != TSK_FS_INFO_TAG) {
throwTskError(env, "openFile: Invalid FS_INFO object");
return NULL;
}
- file = tsk_fs_file_open_meta(fs, NULL, (TSK_INUM_T) file_id);
- if(file == NULL){
- throwTskError(env);
+ file_info = tsk_fs_file_open_meta(fs_info, NULL, (TSK_INUM_T) file_id); if(file_info == NULL){ throwTskError(env);
}
- return (jlong)file;
+ return (jlong)file_info;
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: readImgNat
-* Signature: (JJ)[B
-*/
+ * Read bytes from the given image
+ * @return array of bytes read from the image
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_img_info the pointer to the image object
+ * @param offset the offset in bytes to start at
+ * @param len number of bytes to read
+ */
JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readImgNat
-(JNIEnv * env, jclass obj, jlong img_info, jlong offset, jlong len){
+(JNIEnv * env, jclass obj, jlong a_img_info, jlong offset, jlong len){
char * buf = (char *) tsk_malloc((size_t)len);
if(buf == NULL){
throwTskError(env);
return NULL;
}
- TSK_IMG_INFO * img = (TSK_IMG_INFO *) img_info;
+ TSK_IMG_INFO * img_info = (TSK_IMG_INFO *) a_img_info;
- ssize_t retval = tsk_img_read(img, (TSK_OFF_T) offset, buf, (size_t) len);
+ ssize_t retval = tsk_img_read(img_info, (TSK_OFF_T) offset, buf, (size_t) len);
if (retval != -1){
jbyteArray return_array = env->NewByteArray(retval);
@@ -337,20 +372,24 @@ JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readImgNa
}
/*
- * Class: datamodel_SleuthkitJNI
- * Method: readVsNat
- * Signature: (JJJ)[B
+ * Read bytes from the given volume system
+ * @return array of bytes read from the volume system
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_vs_info the pointer to the volume system object
+ * @param offset the offset in bytes to start at
+ * @param len number of bytes to read
*/
JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readVsNat
-(JNIEnv * env, jclass obj, jlong vs_info, jlong offset, jlong len){
+(JNIEnv * env, jclass obj, jlong a_vs_info, jlong offset, jlong len){
char * buf = (char *) tsk_malloc((size_t) len);
if(buf == NULL){
throwTskError(env);
return NULL;
}
- TSK_VS_INFO * vs = (TSK_VS_INFO *) vs_info;
+ TSK_VS_INFO * vs_info = (TSK_VS_INFO *) a_vs_info;
- ssize_t retval = tsk_vs_read_block(vs, (TSK_DADDR_T) offset, buf, (size_t) len);
+ ssize_t retval = tsk_vs_read_block(vs_info, (TSK_DADDR_T) offset, buf, (size_t) len);
if (retval != -1){
jbyteArray return_array = env->NewByteArray(retval);
@@ -372,21 +411,25 @@ JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readVsNat
return NULL;
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: readVolNat
-* Signature: (JJJ)[B
-*/
+ * Read bytes from the given volume
+ * @return array of bytes read from the volume
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_vol_info the pointer to the volume object
+ * @param offset the offset in bytes to start at
+ * @param len number of bytes to read
+ */
JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readVolNat
-(JNIEnv * env, jclass obj, jlong vol_info, jlong offset, jlong len){
+(JNIEnv * env, jclass obj, jlong a_vol_info, jlong offset, jlong len){
char * buf = (char *) tsk_malloc((size_t) len);
if(buf == NULL){
throwTskError(env);
return NULL;
}
- TSK_VS_PART_INFO * vs = (TSK_VS_PART_INFO *) vol_info;
+ TSK_VS_PART_INFO * vol_info = (TSK_VS_PART_INFO *) a_vol_info;
- ssize_t retval = tsk_vs_part_read(vs, (TSK_OFF_T) offset, buf, (size_t) len);
+ ssize_t retval = tsk_vs_part_read(vol_info, (TSK_OFF_T) offset, buf, (size_t) len);
if (retval != -1){
jbyteArray return_array = env->NewByteArray(retval);
@@ -409,25 +452,28 @@ JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readVolNa
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: readFsNat
-* Signature: (JJJ)[B
-*/
+ * Read bytes from the given file system
+ * @return array of bytes read from the file system
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_fs_info the pointer to the file system object
+ * @param offset the offset in bytes to start at
+ * @param len number of bytes to read
+ */
JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readFsNat
-(JNIEnv * env, jclass obj, jlong fs_info, jlong offset, jlong len){
+(JNIEnv * env, jclass obj, jlong a_fs_info, jlong offset, jlong len){
char * buf = (char *) tsk_malloc((size_t) len);
if(buf == NULL){
throwTskError(env);
return NULL;
}
-
- TSK_FS_INFO * fs = (TSK_FS_INFO *) fs_info;
- if (fs->tag != TSK_FS_INFO_TAG) {
+ TSK_FS_INFO * fs_info = (TSK_FS_INFO *) a_fs_info;
+ if (fs_info->tag != TSK_FS_INFO_TAG) {
throwTskError(env, "readFsNat: Invalid TSK_FS_INFO object");
return NULL;
}
- ssize_t retval = tsk_fs_read(fs, (TSK_OFF_T) offset, buf, (size_t) len);
+ ssize_t retval = tsk_fs_read(fs_info, (TSK_OFF_T) offset, buf, (size_t) len);
if (retval != -1){
jbyteArray return_array = env->NewByteArray(retval);
@@ -450,24 +496,28 @@ JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readFsNat
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: readFileNat
-* Signature: (JJJ)[B
-*/
+ * Read bytes from the given file
+ * @return array of bytes read from the file
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_file_info the pointer to the file object
+ * @param offset the offset in bytes to start at
+ * @param len number of bytes to read
+ */
JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readFileNat
-(JNIEnv * env, jclass obj, jlong file_info, jlong offset, jlong len){
+(JNIEnv * env, jclass obj, jlong a_file_info, jlong offset, jlong len){
char * buf = (char *) tsk_malloc((size_t) len);
if(buf == NULL){
throwTskError(env);
return NULL;
}
- TSK_FS_FILE * file = (TSK_FS_FILE *) file_info;
- if (file->tag != TSK_FS_FILE_TAG) {
+ TSK_FS_FILE * file_info = (TSK_FS_FILE *) a_file_info;
+ if (file_info->tag != TSK_FS_FILE_TAG) {
throwTskError(env, "readFile: Invalid TSK_FS_FILE address");
return NULL;
}
- ssize_t retval = tsk_fs_file_read(file, (TSK_OFF_T) offset, buf, (size_t) len, TSK_FS_FILE_READ_FLAG_NONE);
+ ssize_t retval = tsk_fs_file_read(file_info, (TSK_OFF_T) offset, buf, (size_t) len, TSK_FS_FILE_READ_FLAG_NONE);
if (retval != -1){
jbyteArray return_array = env->NewByteArray(retval);
@@ -490,39 +540,33 @@ JNIEXPORT jbyteArray JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_readFileN
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: closeImgNat
-* Signature: ()V
-*/
+ * Close the given image
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_img_info the pointer to the image object
+ */
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeImgNat
-(JNIEnv * env, jclass obj, jlong img_info){
- tsk_img_close((TSK_IMG_INFO *) img_info);
+(JNIEnv * env, jclass obj, jlong a_img_info){
+ tsk_img_close((TSK_IMG_INFO *) a_img_info);
}
/*
- * Class: datamodel_SleuthkitJNI
- * Method: closeVsNat
- * Signature: (J)V
+ * Close the given volume system
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_vs_info the pointer to the volume system object
*/
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeVsNat
-(JNIEnv *env, jclass obj, jlong vsInfo){
- tsk_vs_close((TSK_VS_INFO *) vsInfo);
+(JNIEnv *env, jclass obj, jlong a_vs_info){
+ tsk_vs_close((TSK_VS_INFO *) a_vs_info);
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: closeVolNat
-* Signature: (J)V
-*/
-JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeVolNat
-(JNIEnv * env, jclass obj, jlong vol_info){
-}
-
-/*
-* Class: datamodel_SleuthkitJNI
-* Method: closeFsNat
-* Signature: ()V
-*/
+ * Close the given volume system
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_fs_info the pointer to the file system object
+ */
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeFsNat
(JNIEnv * env, jclass obj, jlong a_fs_info){
TSK_FS_INFO *fs_info = (TSK_FS_INFO *)a_fs_info;
@@ -533,24 +577,26 @@ JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeFsNat
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: closeFileNat
-* Signature: (J)V
-*/
+ * Close the given file
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ * @param a_file_info the pointer to the file object
+ */
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeFileNat
-(JNIEnv * env, jclass obj, jlong file_info){
- TSK_FS_FILE *file = (TSK_FS_FILE *)file_info;
- if (file->tag != TSK_FS_FILE_TAG) {
+(JNIEnv * env, jclass obj, jlong a_file_info){
+ TSK_FS_FILE *file_info = (TSK_FS_FILE *)a_file_info;
+ if (file_info->tag != TSK_FS_FILE_TAG) {
return;
}
- tsk_fs_file_close(file);
+ tsk_fs_file_close(file_info);
}
/*
-* Class: datamodel_SleuthkitJNI
-* Method: getVersionNat
-* Signature: ()J
-*/
+ * Get the current Sleuthkit version number
+ * @return the version string
+ * @param env pointer to java environment this was called from
+ * @param obj the java object this was called from
+ */
JNIEXPORT jstring JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_getVersionNat
(JNIEnv * env, jclass obj){
const char * cversion = tsk_version_get_str();
diff --git a/bindings/java/jni/dataModel_SleuthkitJNI.h b/bindings/java/jni/dataModel_SleuthkitJNI.h
index dcb41cdefa218e8c35a9a227c5e929518962affa..feddb43f7512720d3e958c8f1c4d88adb79a957a 100644
--- a/bindings/java/jni/dataModel_SleuthkitJNI.h
+++ b/bindings/java/jni/dataModel_SleuthkitJNI.h
@@ -143,14 +143,6 @@ JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeImgNat
JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeVsNat
(JNIEnv *, jclass, jlong);
-/*
- * Class: org_sleuthkit_datamodel_SleuthkitJNI
- * Method: closeVolNat
- * Signature: (J)V
- */
-JNIEXPORT void JNICALL Java_org_sleuthkit_datamodel_SleuthkitJNI_closeVolNat
- (JNIEnv *, jclass, jlong);
-
/*
* Class: org_sleuthkit_datamodel_SleuthkitJNI
* Method: closeFsNat
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Content.java b/bindings/java/src/org/sleuthkit/datamodel/Content.java
index 0823b5455a40de72ba751062a9082d4fac7f8c07..cea121436853c6276fd574d9f692ff1f67f84f47 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Content.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Content.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
/**
@@ -6,17 +24,17 @@
*/
public interface Content {
- /**
- * read data from the content in the sleuthkit
- * @param offset offset to start reading from
- * @param len amount of data to read (in bytes)
- * @return a character array of data (in bytes)
- */
- public byte[] read(long offset, long len) throws TskException;
+ /**
+ * read data from the content in the sleuthkit
+ * @param offset offset to start reading from
+ * @param len amount of data to read (in bytes)
+ * @return a character array of data (in bytes)
+ */
+ public byte[] read(long offset, long len) throws TskException;
- /**
- * get the size of the content
- * @return size of the content
- */
- public long getSize();
+ /**
+ * get the size of the content
+ * @return size of the content
+ */
+ public long getSize();
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Directory.java b/bindings/java/src/org/sleuthkit/datamodel/Directory.java
index 5801d520e64ab0c07d3f33ebef7bde1cbda7f3f5..5ffb9876028f7c6ef2ffdda69a0c2b3d557d36c3 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Directory.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Directory.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
import java.sql.SQLException;
@@ -8,30 +26,30 @@
* @author alawrence
*/
public class Directory extends FsContent{
-
- /**
- * Contructor: most inputs are from the database
- * @param db java database structure
- * @param fs_id
- * @param file_id
- * @param attr_type
- * @param attr_id
- * @param name
- * @param par_file_id
- * @param dir_type
- * @param meta_type
- * @param dir_flags
- * @param meta_flags
- * @param size
- * @param ctime
- * @param crtime
- * @param atime
- * @param mtime
- * @param mode
- * @param uid
- * @param gid
- */
- protected Directory(Sleuthkit db, long fs_id, long file_id, long attr_type, long attr_id, String name, long par_file_id,
+
+ /**
+ * Contructor: most inputs are from the database
+ * @param db java database structure
+ * @param fs_id
+ * @param file_id
+ * @param attr_type
+ * @param attr_id
+ * @param name
+ * @param par_file_id
+ * @param dir_type
+ * @param meta_type
+ * @param dir_flags
+ * @param meta_flags
+ * @param size
+ * @param ctime
+ * @param crtime
+ * @param atime
+ * @param mtime
+ * @param mode
+ * @param uid
+ * @param gid
+ */
+ protected Directory(Sleuthkit db, long fs_id, long file_id, long attr_type, long attr_id, String name, long par_file_id,
long dir_type, long meta_type, long dir_flags, long meta_flags, long size,
long ctime, long crtime, long atime, long mtime, long mode, long uid, long gid) throws SQLException{
this.db = db;
@@ -39,7 +57,7 @@ protected Directory(Sleuthkit db, long fs_id, long file_id, long attr_type, long
this.file_id = file_id;
this.attr_type = attr_type;
this.attr_id = attr_id;
- this.name = name;
+ this.name = name;
this.par_file_id = par_file_id;
this.dir_type = dir_type;
this.meta_type = meta_type;
@@ -56,42 +74,36 @@ protected Directory(Sleuthkit db, long fs_id, long file_id, long attr_type, long
childIds = db.getChildIds(file_id, fs_id);
childNames = db.getChildNames(file_id, fs_id);
- /**
- * If name is empty, it means we adding the root metadata. In
- * this case, we add this to the child as well. We will change
- * the name to "." on "getFile(fs_id, file_id, name)" method.
- */
- if(name.equals("") && !childIds.contains(file_id)){
- childIds.add(file_id);
- childNames.add(name);
- }
+ /**
+ * If name is empty, it means we adding the root metadata. In
+ * this case, we add this to the child as well. We will change
+ * the name to "." on "getFile(fs_id, file_id, name)" method.
+ */
+ if(name.equals("") && !childIds.contains(file_id)){
+ childIds.add(file_id);
+ childNames.add(name);
+ }
}
-
+
private ArrayList<Long> childIds; //could use set or other structure
private ArrayList<String> childNames;
-
- /**
- * is this a directory?
- * @return true, it is a directory
- */
- @Override
- public boolean isDir(){
+
+ /**
+ * is this a directory?
+ * @return true, it is a directory
+ */
+ @Override
+ public boolean isDir(){
return true;
}
- /**
- * gets all child files and directories of this directory
- * @return an arraylist of the children
- */
- public ArrayList<FsContent> getFiles() throws SQLException{
+ /**
+ * gets all child files and directories of this directory
+ * @return an arraylist of the children
+ */
+ public ArrayList<FsContent> getFiles() throws SQLException{
ArrayList<FsContent> content = new ArrayList<FsContent>();
- for(int i = 0; i < childIds.size(); i++){
- FsContent file = db.getFile(fs_id, childIds.get(i), childNames.get(i));
- if (file != null /*&&!file.getName().equals(".")&&!file.getName().equals("..") */){
- file.setParent(parentFileSystem);
- content.add(file);
- }
- }
- return content;
+ content = db.getChildren(file_id, fs_id, parentFileSystem);
+ return content;
}
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/File.java b/bindings/java/src/org/sleuthkit/datamodel/File.java
index 9f9f3f6ab5ddb93547441d245480022214dd63eb..de628f6ea59c74dd9bfd6f7e3b8c7b7971dd1f92 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/File.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/File.java
@@ -1,3 +1,22 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.sleuthkit.datamodel;
@@ -6,31 +25,31 @@
* @author alawrence
*/
public class File extends FsContent{
-
+
//constructor used for getfile from tskDb
- /**
- * Constructor most fields are from the database
- * @param db java database class
- * @param fs_id
- * @param file_id
- * @param attr_type
- * @param attr_id
- * @param name
- * @param par_file_id
- * @param dir_type
- * @param meta_type
- * @param dir_flags
- * @param meta_flags
- * @param size
- * @param ctime
- * @param crtime
- * @param atime
- * @param mtime
- * @param mode
- * @param uid
- * @param gid
- */
- protected File(Sleuthkit db, long fs_id, long file_id, long attr_type, long attr_id, String name, long par_file_id,
+ /**
+ * Constructor most fields are from the database
+ * @param db java database class
+ * @param fs_id
+ * @param file_id
+ * @param attr_type
+ * @param attr_id
+ * @param name
+ * @param par_file_id
+ * @param dir_type
+ * @param meta_type
+ * @param dir_flags
+ * @param meta_flags
+ * @param size
+ * @param ctime
+ * @param crtime
+ * @param atime
+ * @param mtime
+ * @param mode
+ * @param uid
+ * @param gid
+ */
+ protected File(Sleuthkit db, long fs_id, long file_id, long attr_type, long attr_id, String name, long par_file_id,
long dir_type, long meta_type, long dir_flags, long meta_flags, long size,
long ctime, long crtime, long atime, long mtime, long mode, long uid, long gid){
this.db = db;
@@ -53,15 +72,15 @@ protected File(Sleuthkit db, long fs_id, long file_id, long attr_type, long attr
this.uid = uid;
this.gid = gid;
}
-
- /**
- * is this a file?
- * @return true, it is a file
- */
- public boolean isFile(){
+
+ /**
+ * is this a file?
+ * @return true, it is a file
+ */
+ public boolean isFile(){
return true;
}
-
-
+
+
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java b/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java
index 94598dd9151cc7b1aacdbdfd00072979719ab7d7..33c87af40f86838457983e18ac35aaf624c2dd44 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/FileSystem.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
import java.sql.SQLException;
import java.util.*;
@@ -7,27 +25,27 @@
* @author alawrence
*/
public class FileSystem implements Content{
-
+
long fs_id, img_offset, vol_id, fs_type, block_size, block_count, root_inum,
- first_inum, last_inum;
+ first_inum, last_inum;
private Sleuthkit db;
private Volume parentVolume;
private long filesystemHandle = 0;
-
- /**
- * Constructor most inputs are from the database
- * @param db java database class
- * @param fs_id
- * @param img_offset
- * @param vol_id
- * @param fs_type
- * @param block_size
- * @param block_count
- * @param root_inum
- * @param first_inum
- * @param last_inum
- */
- protected FileSystem(Sleuthkit db, long fs_id, long img_offset, long vol_id, long fs_type,
+
+ /**
+ * Constructor most inputs are from the database
+ * @param db java database class
+ * @param fs_id
+ * @param img_offset
+ * @param vol_id
+ * @param fs_type
+ * @param block_size
+ * @param block_count
+ * @param root_inum
+ * @param first_inum
+ * @param last_inum
+ */
+ protected FileSystem(Sleuthkit db, long fs_id, long img_offset, long vol_id, long fs_type,
long block_size, long block_count, long root_inum, long first_inum,
long last_inum){
this.db = db;
@@ -41,21 +59,21 @@ protected FileSystem(Sleuthkit db, long fs_id, long img_offset, long vol_id, lon
this.first_inum = first_inum;
this.last_inum = last_inum;
}
-
- /**
- * set the parent class, will be called by the parent
- * @param parent parent volume
- */
- protected void setParent(Volume parent){
+
+ /**
+ * set the parent class, will be called by the parent
+ * @param parent parent volume
+ */
+ protected void setParent(Volume parent){
parentVolume = parent;
}
-
-
- /**
- * get the root directory if one exists
- * @return a directory object if the root is listed in the db otherwise null
- */
- public FsContent getRootDir() throws SQLException{
+
+
+ /**
+ * get the root directory if one exists
+ * @return a directory object if the root is listed in the db otherwise null
+ */
+ public FsContent getRootDir() throws SQLException{
//get the root directory. good for starting a file browser
FsContent dir = db.getFile(fs_id, root_inum);
if (dir != null){
@@ -63,32 +81,32 @@ public FsContent getRootDir() throws SQLException{
}
return dir;
}
-
- /**
- * gets a list of files and directories in the root of this file system
- * @return an arraylist of files and directories in the root directory
- */
- public ArrayList<FsContent> getRootFiles() throws SQLException{
+
+ /**
+ * gets a list of files and directories in the root of this file system
+ * @return an arraylist of files and directories in the root directory
+ */
+ public ArrayList<FsContent> getRootFiles() throws SQLException{
//getfiles in root directory
ArrayList<Long> childIds = db.getChildIds(root_inum, fs_id);
ArrayList<FsContent> content = new ArrayList<FsContent>();
-
+
for(Long id : childIds){
FsContent newContent = db.getFile(fs_id, id);
if(!newContent.getName().equals(".")&&!newContent.getName().equals("..")){
- newContent.setParent(this);
- content.add(newContent);
- }
+ newContent.setParent(this);
+ content.add(newContent);
+ }
}
return content;
}
-
- /**
- * gets a directory with the given inum
- * @param INUM directory's id
- * @return a directory or null if it doesn't exist
- */
- public FsContent getDirectory(long INUM) throws SQLException{
+
+ /**
+ * gets a directory with the given inum
+ * @param INUM directory's id
+ * @return a directory or null if it doesn't exist
+ */
+ public FsContent getDirectory(long INUM) throws SQLException{
//get the directory at the given inum, will need to use commandline tools
//if file id is the same as inum then can use database
FsContent dir = db.getFile(fs_id, INUM);
@@ -98,13 +116,13 @@ public FsContent getDirectory(long INUM) throws SQLException{
return dir;
}
- /**
- * read data from the filesystem
- * @param offset offset in bytes from the start of the filesystem
- * @param len how many bytes to read
- * @return the bytes
- * @throws TskException
- */
+ /**
+ * read data from the filesystem
+ * @param offset offset in bytes from the start of the filesystem
+ * @param len how many bytes to read
+ * @return the bytes
+ * @throws TskException
+ */
public byte[] read(long offset, long len) throws TskException{
// read from the file system
if(filesystemHandle == 0){
@@ -113,100 +131,100 @@ public byte[] read(long offset, long len) throws TskException{
return SleuthkitJNI.readFs(filesystemHandle, offset, len);
}
- /**
- * get the parent volume
- * @return volume object
- */
- public Volume getParent(){
+ /**
+ * get the parent volume
+ * @return volume object
+ */
+ public Volume getParent(){
return parentVolume;
}
- /**
- * get the size of the filesystem
- * @return size of the filesystem
- */
+ /**
+ * get the size of the filesystem
+ * @return size of the filesystem
+ */
public long getSize() {
// size of the file system
return block_size * block_count;
}
-
- /**
- * lazily loads the filesystem pointer ie: won't be loaded until this is called
- * @return a filesystem pointer from the sleuthkit
- */
- public long getFileSystemHandle() throws TskException{
+
+ /**
+ * lazily loads the filesystem pointer ie: won't be loaded until this is called
+ * @return a filesystem pointer from the sleuthkit
+ */
+ public long getFileSystemHandle() throws TskException{
if (filesystemHandle == 0){
filesystemHandle = SleuthkitJNI.openFs(this.getParent().getParent().getParent().getImageHandle(), img_offset);
}
return this.filesystemHandle;
}
-
+
//methods get exact data from database. could be manipulated to get more
//meaningful data.
- /**
- * get the file system id
- * @return fs id
- */
- public long getFs_id() {
+ /**
+ * get the file system id
+ * @return fs id
+ */
+ public long getFs_id() {
return fs_id;
}
- /**
- * get the byte offset of this filesystem in the image
- * @return offset
- */
- public long getImg_offset() {
+ /**
+ * get the byte offset of this filesystem in the image
+ * @return offset
+ */
+ public long getImg_offset() {
return img_offset;
}
- /**
- * get the volume id
- * @return id
- */
- public long getVol_id() {
+ /**
+ * get the volume id
+ * @return id
+ */
+ public long getVol_id() {
return vol_id;
}
- /**
- * get the file system type
- * @return enum number from sleuthkit database
- */
- public long getFs_type() {
+ /**
+ * get the file system type
+ * @return enum number from sleuthkit database
+ */
+ public long getFs_type() {
return fs_type;
}
- /**
- * get the block size
- * @return block size
- */
- public long getBlock_size() {
+ /**
+ * get the block size
+ * @return block size
+ */
+ public long getBlock_size() {
return block_size;
}
- /**
- * get the number of blocks
- * @return block count
- */
- public long getBlock_count() {
+ /**
+ * get the number of blocks
+ * @return block count
+ */
+ public long getBlock_count() {
return block_count;
}
- /**
- * get the inum of the root directory
- * @return
- */
- public long getRoot_inum() {
+ /**
+ * get the inum of the root directory
+ * @return
+ */
+ public long getRoot_inum() {
return root_inum;
}
- /**
- * get the first inum in this file system
- * @return first inum
- */
- public long getFirst_inum() {
+ /**
+ * get the first inum in this file system
+ * @return first inum
+ */
+ public long getFirst_inum() {
return first_inum;
}
- /**
- * get the last inum
- * @return last inum
- */
- public long getLast_inum() {
+ /**
+ * get the last inum
+ * @return last inum
+ */
+ public long getLast_inum() {
return last_inum;
}
-
+
public void finalize(){
if(filesystemHandle != 0){
SleuthkitJNI.closeFs(filesystemHandle);
diff --git a/bindings/java/src/org/sleuthkit/datamodel/FsContent.java b/bindings/java/src/org/sleuthkit/datamodel/FsContent.java
index 103336faa4e1d30462fb35d8b7130633b0d82177..6292041ff31a113c3c81eec31cf8ee9408f5fb9d 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/FsContent.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/FsContent.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
/**
@@ -6,593 +24,593 @@
*/
public class FsContent implements Content{
- /*
- * database fields
- */
- protected long attr_type, attr_id, par_file_id, dirtype, meta_type, dir_type, dir_flags,
- meta_flags, size, ctime, crtime, atime, mtime, uid, gid, fs_id, mode,
- file_id;
- /**
- * name from the database
- */
- protected String name;
- /**
- * parent file system
- */
- protected FileSystem parentFileSystem;
- /**
- * file Handle
- */
- protected long fileHandle = 0;
- /**
- * database object
- */
- protected Sleuthkit db;
-
- /**
- * sets the parent, called by parent on creation
- * @param parent parent file system object
- */
- protected void setParent(FileSystem parent){
- parentFileSystem = parent;
- }
-
- @Override
- public byte[] read(long offset, long len) throws TskException{
- if (fileHandle == 0){
- fileHandle = SleuthkitJNI.openFile(parentFileSystem.getFileSystemHandle(), file_id);
- }
- return SleuthkitJNI.readFile(fileHandle, offset, len);
- }
-
- //methods get exact data from database. could be manipulated to get more
- //meaningful data.
- /**
- * is this a file?
- * @return false unless overridden by a subclass (specifically the file subclass)
- */
- public boolean isFile(){
- return false;
- }
- /**
- * is this a directory?
- * @return false unless overridden by a subclass (specifically the directory subclass)
- */
- public boolean isDir(){
- return false;
- }
-
- /**
- * get the parent file system
- * @return the file system object of the parent
- */
- public FileSystem getParent(){
- return parentFileSystem;
- }
-
- /**
- * get the sleuthkit database object
- * @return the sleuthkit object
- */
- public Sleuthkit getSleuthkit(){
- return db;
- }
-
- /**
- * get the name
- * @return name
- */
- public String getName(){
- return name;
- }
-
- /**
- * get the attribute type
- * @return attribute type
- */
- public long getAttr_type(){
- return attr_type;
- }
-
- /**
- * get the attribute id
- * @return attribute id
- */
- public long getAttr_id(){
- return attr_id;
- }
-
- /**
- * get the file id
- * @return file id
- */
- public long getPar_file_id(){
- return par_file_id;
- }
-
- /**
- * get the directory type
- * @return directory type
- */
- public long getDirtype(){
- return dirtype;
- }
-
- /**
- * get the meta data type
- * @return meta data type
- */
- public long getMeta_type(){
- return meta_type;
- }
- /**
- * get the meta data type as String
- * @return meta data type as String
- */
- public String getMetaTypeAsString(){
- return FsContent.metaTypeToString(meta_type);
- }
-
- /**
- * get the directory type
- * @return directory type
- */
- public long getDir_type(){
- return dir_type;
- }
- /**
- * get the directory type as String
- * @return directory type as String
- */
- public String getDirTypeAsString(){
- return FsContent.dirTypeToString(dir_type);
- }
-
- /**
- * get the directory flags
- * @return directory flags
- */
- public long getDir_flags(){
- return dir_flags;
- }
- /**
- * get the directory flags as String
- * @return directory flags as String
- */
- public String getDirFlagsAsString(){
- return FsContent.dirFlagToString(dir_flags);
- }
-
- /**
- * get the meta data flags
- * @return meta data flags
- */
- public long getMeta_flags(){
- return meta_flags;
- }
- /**
- * get the meta data flags as String
- * @return meta data flags as String
- */
- public String getMetaFlagsAsString(){
- return FsContent.metaFlagToString(meta_flags);
- }
-
- /**
- * get the size of the content
- * @return size of the content
- */
- @Override
- public long getSize(){
- return size;
- }
- /**
- * get the change time
- * @return change time
- */
- public long getCtime(){
- return ctime;
- }
- /**
- * get the change time as Date
- * @return change time as Date
- */
- public String getCtimeAsDate(){
- return FsContent.epochToTime(ctime);
- }
-
- /**
- * get the creation time
- * @return creation time
- */
- public long getCrtime(){
- return crtime;
- }
- /**
- * get the creation time as Date
- * @return creation time as Date
- */
- public String getCrtimeAsDate(){
- return FsContent.epochToTime(crtime);
- }
-
- /**
- * get the access time
- * @return access time
- */
- public long getAtime(){
- return atime;
- }
- /**
- * get the access time as Date
- * @return access time as Date
- */
- public String getAtimeAsDate(){
- return FsContent.epochToTime(atime);
- }
-
- /**
- * get the modified time
- * @return modified time
- */
- public long getMtime(){
- return mtime;
- }
- /**
- * get the modified time as Date
- * @return modified time as Date
- */
- public String getMtimeAsDate(){
- return FsContent.epochToTime(mtime);
- }
-
- /**
- * get the user id
- * @return user id
- */
- public long getUid(){
- return uid;
- }
- /**
- * get the group id
- * @return group id
- */
- public long getGid(){
- return gid;
- }
- /**
- * get the file system id
- * @return file system id
- */
- public long getFs_id(){
- return fs_id;
- }
- /**
- * get the mode
- * @return mode
- */
- public long getMode(){
- return mode;
- }
- /**
- * get the mode as String
- * @return mode as String
- */
- public String getModeAsString(){
- return FsContent.modeToString(mode, meta_type);
- }
-
- /**
- * get the file id
- * @return file id
- */
- public long getFile_id(){
- return file_id;
- }
-
- public void finalize(){
- if(fileHandle != 0){
- SleuthkitJNI.closeFile(fileHandle);
- }
- }
-
- /*
- * -------------------------------------------------------------------------
- * All the methods below are used to convert / map the data
- * -------------------------------------------------------------------------
- */
-
- // return the epoch into string in ISO 8601 dateTime format
- public static String epochToTime(long epoch){
- String time = "0000-00-00 00:00:00";
- if(epoch != 0){
- // Note: new java.util.Date(long date) -> date represent the specific number of milliseconds since the standard base time known.
- // Therefore we need to times the date / epoch with 1000.
- time = new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new java.util.Date(epoch*1000));
- }
- return time;
- }
-
- // return the date in the ISO 8601 dateTime format into epoch
- public static long timeToEpoch(String time){
- long epoch = 0;
- try{
- epoch = new java.text.SimpleDateFormat ("yyyy-MM-dd HH:mm:ss").parse(time).getTime() / 1000;
- }
- catch(Exception e){}
-
- return epoch;
- }
-
- // --- Here are all the methods for Directory Type conversion / mapping ---
- public static String dirTypeToValue(long dirType){
-
- String result = "";
-
- for (TskData.TSK_FS_NAME_TYPE_ENUM type : TskData.TSK_FS_NAME_TYPE_ENUM.values()){
- if(type.getDirType() == dirType){
- result = type.toString();
- }
- }
- return result;
- }
-
- public static long valueToDirType(String dirType){
-
- long result = 0;
-
- for (TskData.TSK_FS_NAME_TYPE_ENUM type : TskData.TSK_FS_NAME_TYPE_ENUM.values()){
- if(type.toString().equals(dirType)){
- result = type.getDirType();
- }
- }
- return result;
- }
-
- public static String dirTypeToString(long dirType){
- return TskData.tsk_fs_name_type_str[(int)dirType];
- }
-
-
- // -------- Here all the methods for Meta Type conversion / mapping --------
- public static String metaTypeToValue(long metaType){
-
- String result = "";
-
- for (TskData.TSK_FS_META_TYPE_ENUM type : TskData.TSK_FS_META_TYPE_ENUM.values()){
- if(type.getMetaType() == metaType){
- result = type.toString();
- }
- }
- return result;
- }
-
- public static long valueToMetaType(String metaType){
-
- long result = 0;
-
- for (TskData.TSK_FS_META_TYPE_ENUM type : TskData.TSK_FS_META_TYPE_ENUM.values()){
- if(type.toString().equals(metaType)){
- result = type.getMetaType();
- }
- }
- return result;
- }
-
- public static String metaTypeToString(long metaType){
- return TskData.tsk_fs_meta_type_str[(int)metaType];
- }
-
- // ----- Here all the methods for Directory Flags conversion / mapping -----
- public static String dirFlagToValue(long dirFlag){
-
- String result = "";
-
- for (TskData.TSK_FS_NAME_FLAG_ENUM flag : TskData.TSK_FS_NAME_FLAG_ENUM.values()){
- if(flag.getDirFlag() == dirFlag){
- result = flag.toString();
- }
- }
- return result;
- }
-
- public static long valueToDirFlag(String dirFlag){
-
- long result = 0;
-
- for (TskData.TSK_FS_NAME_FLAG_ENUM flag : TskData.TSK_FS_NAME_FLAG_ENUM.values()){
- if(flag.toString().equals(dirFlag)){
- result = flag.getDirFlag();
- }
- }
- return result;
- }
-
- public static String dirFlagToString(long dirFlag){
-
- String result = "";
-
- long allocFlag = TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_ALLOC.getDirFlag();
- long unallocFlag = TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag();
-
- if((dirFlag & allocFlag) == allocFlag){
- result = "Allocated";
- }
- if((dirFlag & unallocFlag) == unallocFlag){
- result = "Unallocated";
- }
-
- return result;
- }
-
- // ----- Here all the methods for Meta Flags conversion / mapping -----
- public static String metaFlagToValue(long metaFlag){
-
- String result = "";
-
- for (TskData.TSK_FS_META_FLAG_ENUM flag : TskData.TSK_FS_META_FLAG_ENUM.values()){
- if(flag.getMetaFlag() == metaFlag){
- result = flag.toString();
- }
- }
- return result;
- }
-
- public static long valueToMetaFlag(String metaFlag){
-
- long result = 0;
-
- for (TskData.TSK_FS_META_FLAG_ENUM flag : TskData.TSK_FS_META_FLAG_ENUM.values()){
- if(flag.toString().equals(metaFlag)){
- result = flag.getMetaFlag();
- }
- }
- return result;
- }
-
- public static String metaFlagToString(long metaFlag){
-
- String result = "";
-
- long allocFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_ALLOC.getMetaFlag();
- long unallocFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_UNALLOC.getMetaFlag();
-
- // some variables that might be needed in the future
- long usedFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_USED.getMetaFlag();
- long unusedFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_UNUSED.getMetaFlag();
- long compFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_COMP.getMetaFlag();
- long orphanFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_ORPHAN.getMetaFlag();
-
- if((metaFlag & allocFlag) == allocFlag){
- result = "Allocated";
- }
- if((metaFlag & unallocFlag) == unallocFlag){
- result = "Unallocated";
- }
- // ... add more code here if needed
-
- return result;
- }
-
- // ----- Here is the method to convert Mode to String -----
- public static String modeToString(long mode, long metaType){
-
- String result = "";
-
- long metaTypeMax = TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_STR_MAX.getMetaType();
-
- long isuid = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID.getMode();
- long isgid = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID.getMode();
- long isvtx = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX.getMode();
-
- long irusr = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR.getMode();
- long iwusr = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR.getMode();
- long ixusr = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR.getMode();
-
- long irgrp = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP.getMode();
- long iwgrp = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP.getMode();
- long ixgrp= TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP.getMode();
-
- long iroth = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH.getMode();
- long iwoth = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH.getMode();
- long ixoth = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH.getMode();
-
- // first character = the Meta Type
- if(metaType < metaTypeMax){
- result += FsContent.metaTypeToString(metaType);
- }
- else{result += "-";}
-
- // second and third characters = user permissions
- if((mode & irusr) == irusr){
- result += "r";
- }
- else{result += "-";}
- if((mode & iwusr) == iwusr){
- result += "w";
- }
- else{result += "-";}
-
- // fourth character = set uid
- if((mode & isuid) == isuid){
- if((mode & ixusr) == ixusr){
- result += "s";
- }
- else{
- result += "S";
- }
- }
- else{
- if((mode & ixusr) == ixusr){
- result += "x";
- }
- else{
- result += "-";
- }
- }
-
- // fifth and sixth characters = group permissions
- if((mode & irgrp) == irgrp){
- result += "r";
- }
- else{result += "-";}
- if((mode & iwgrp) == iwgrp){
- result += "w";
- }
- else{result += "-";}
-
- // seventh character = set gid
- if((mode & isgid) == isgid){
- if((mode & ixgrp) == ixgrp){
- result += "s";
- }
- else{
- result += "S";
- }
- }
- else{
- if((mode & ixgrp) == ixgrp){
- result += "x";
- }
- else{
- result += "-";
- }
- }
-
- // eighth and ninth character = other permissions
- if((mode & iroth) == iroth){
- result += "r";
- }
- else{result += "-";}
- if((mode & iwoth) == iwoth){
- result += "w";
- }
- else{result += "-";}
-
- // tenth character = sticky bit
- if((mode & isvtx) == isvtx){
- if((mode & ixoth) == ixoth){
- result += "t";
- }
- else{
- result += "T";
- }
- }
- else{
- if((mode & ixoth) == ixoth){
- result += "x";
- }
- else{
- result += "-";
- }
- }
-
- // check the result
- if(result.length() != 10){
- // throw error here
- result = "ERROR";
- }
- return result;
- }
+ /*
+ * database fields
+ */
+ protected long attr_type, attr_id, par_file_id, dirtype, meta_type, dir_type, dir_flags,
+ meta_flags, size, ctime, crtime, atime, mtime, uid, gid, fs_id, mode,
+ file_id;
+ /**
+ * name from the database
+ */
+ protected String name;
+ /**
+ * parent file system
+ */
+ protected FileSystem parentFileSystem;
+ /**
+ * file Handle
+ */
+ protected long fileHandle = 0;
+ /**
+ * database object
+ */
+ protected Sleuthkit db;
+
+ /**
+ * sets the parent, called by parent on creation
+ * @param parent parent file system object
+ */
+ protected void setParent(FileSystem parent){
+ parentFileSystem = parent;
+ }
+
+ @Override
+ public byte[] read(long offset, long len) throws TskException{
+ if (fileHandle == 0){
+ fileHandle = SleuthkitJNI.openFile(parentFileSystem.getFileSystemHandle(), file_id);
+ }
+ return SleuthkitJNI.readFile(fileHandle, offset, len);
+ }
+
+ //methods get exact data from database. could be manipulated to get more
+ //meaningful data.
+ /**
+ * is this a file?
+ * @return false unless overridden by a subclass (specifically the file subclass)
+ */
+ public boolean isFile(){
+ return false;
+ }
+ /**
+ * is this a directory?
+ * @return false unless overridden by a subclass (specifically the directory subclass)
+ */
+ public boolean isDir(){
+ return false;
+ }
+
+ /**
+ * get the parent file system
+ * @return the file system object of the parent
+ */
+ public FileSystem getParent(){
+ return parentFileSystem;
+ }
+
+ /**
+ * get the sleuthkit database object
+ * @return the sleuthkit object
+ */
+ public Sleuthkit getSleuthkit(){
+ return db;
+ }
+
+ /**
+ * get the name
+ * @return name
+ */
+ public String getName(){
+ return name;
+ }
+
+ /**
+ * get the attribute type
+ * @return attribute type
+ */
+ public long getAttr_type(){
+ return attr_type;
+ }
+
+ /**
+ * get the attribute id
+ * @return attribute id
+ */
+ public long getAttr_id(){
+ return attr_id;
+ }
+
+ /**
+ * get the file id
+ * @return file id
+ */
+ public long getPar_file_id(){
+ return par_file_id;
+ }
+
+ /**
+ * get the directory type
+ * @return directory type
+ */
+ public long getDirtype(){
+ return dirtype;
+ }
+
+ /**
+ * get the meta data type
+ * @return meta data type
+ */
+ public long getMeta_type(){
+ return meta_type;
+ }
+ /**
+ * get the meta data type as String
+ * @return meta data type as String
+ */
+ public String getMetaTypeAsString(){
+ return FsContent.metaTypeToString(meta_type);
+ }
+
+ /**
+ * get the directory type
+ * @return directory type
+ */
+ public long getDir_type(){
+ return dir_type;
+ }
+ /**
+ * get the directory type as String
+ * @return directory type as String
+ */
+ public String getDirTypeAsString(){
+ return FsContent.dirTypeToString(dir_type);
+ }
+
+ /**
+ * get the directory flags
+ * @return directory flags
+ */
+ public long getDir_flags(){
+ return dir_flags;
+ }
+ /**
+ * get the directory flags as String
+ * @return directory flags as String
+ */
+ public String getDirFlagsAsString(){
+ return FsContent.dirFlagToString(dir_flags);
+ }
+
+ /**
+ * get the meta data flags
+ * @return meta data flags
+ */
+ public long getMeta_flags(){
+ return meta_flags;
+ }
+ /**
+ * get the meta data flags as String
+ * @return meta data flags as String
+ */
+ public String getMetaFlagsAsString(){
+ return FsContent.metaFlagToString(meta_flags);
+ }
+
+ /**
+ * get the size of the content
+ * @return size of the content
+ */
+ @Override
+ public long getSize(){
+ return size;
+ }
+ /**
+ * get the change time
+ * @return change time
+ */
+ public long getCtime(){
+ return ctime;
+ }
+ /**
+ * get the change time as Date
+ * @return change time as Date
+ */
+ public String getCtimeAsDate(){
+ return FsContent.epochToTime(ctime);
+ }
+
+ /**
+ * get the creation time
+ * @return creation time
+ */
+ public long getCrtime(){
+ return crtime;
+ }
+ /**
+ * get the creation time as Date
+ * @return creation time as Date
+ */
+ public String getCrtimeAsDate(){
+ return FsContent.epochToTime(crtime);
+ }
+
+ /**
+ * get the access time
+ * @return access time
+ */
+ public long getAtime(){
+ return atime;
+ }
+ /**
+ * get the access time as Date
+ * @return access time as Date
+ */
+ public String getAtimeAsDate(){
+ return FsContent.epochToTime(atime);
+ }
+
+ /**
+ * get the modified time
+ * @return modified time
+ */
+ public long getMtime(){
+ return mtime;
+ }
+ /**
+ * get the modified time as Date
+ * @return modified time as Date
+ */
+ public String getMtimeAsDate(){
+ return FsContent.epochToTime(mtime);
+ }
+
+ /**
+ * get the user id
+ * @return user id
+ */
+ public long getUid(){
+ return uid;
+ }
+ /**
+ * get the group id
+ * @return group id
+ */
+ public long getGid(){
+ return gid;
+ }
+ /**
+ * get the file system id
+ * @return file system id
+ */
+ public long getFs_id(){
+ return fs_id;
+ }
+ /**
+ * get the mode
+ * @return mode
+ */
+ public long getMode(){
+ return mode;
+ }
+ /**
+ * get the mode as String
+ * @return mode as String
+ */
+ public String getModeAsString(){
+ return FsContent.modeToString(mode, meta_type);
+ }
+
+ /**
+ * get the file id
+ * @return file id
+ */
+ public long getFile_id(){
+ return file_id;
+ }
+
+ public void finalize(){
+ if(fileHandle != 0){
+ SleuthkitJNI.closeFile(fileHandle);
+ }
+ }
+
+ /*
+ * -------------------------------------------------------------------------
+ * All the methods below are used to convert / map the data
+ * -------------------------------------------------------------------------
+ */
+
+ // return the epoch into string in ISO 8601 dateTime format
+ public static String epochToTime(long epoch){
+ String time = "0000-00-00 00:00:00";
+ if(epoch != 0){
+ // Note: new java.util.Date(long date) -> date represent the specific number of milliseconds since the standard base time known.
+ // Therefore we need to times the date / epoch with 1000.
+ time = new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss").format(new java.util.Date(epoch*1000));
+ }
+ return time;
+ }
+
+ // return the date in the ISO 8601 dateTime format into epoch
+ public static long timeToEpoch(String time){
+ long epoch = 0;
+ try{
+ epoch = new java.text.SimpleDateFormat ("yyyy-MM-dd HH:mm:ss").parse(time).getTime() / 1000;
+ }
+ catch(Exception e){}
+
+ return epoch;
+ }
+
+ // --- Here are all the methods for Directory Type conversion / mapping ---
+ public static String dirTypeToValue(long dirType){
+
+ String result = "";
+
+ for (TskData.TSK_FS_NAME_TYPE_ENUM type : TskData.TSK_FS_NAME_TYPE_ENUM.values()){
+ if(type.getDirType() == dirType){
+ result = type.toString();
+ }
+ }
+ return result;
+ }
+
+ public static long valueToDirType(String dirType){
+
+ long result = 0;
+
+ for (TskData.TSK_FS_NAME_TYPE_ENUM type : TskData.TSK_FS_NAME_TYPE_ENUM.values()){
+ if(type.toString().equals(dirType)){
+ result = type.getDirType();
+ }
+ }
+ return result;
+ }
+
+ public static String dirTypeToString(long dirType){
+ return TskData.tsk_fs_name_type_str[(int)dirType];
+ }
+
+
+ // -------- Here all the methods for Meta Type conversion / mapping --------
+ public static String metaTypeToValue(long metaType){
+
+ String result = "";
+
+ for (TskData.TSK_FS_META_TYPE_ENUM type : TskData.TSK_FS_META_TYPE_ENUM.values()){
+ if(type.getMetaType() == metaType){
+ result = type.toString();
+ }
+ }
+ return result;
+ }
+
+ public static long valueToMetaType(String metaType){
+
+ long result = 0;
+
+ for (TskData.TSK_FS_META_TYPE_ENUM type : TskData.TSK_FS_META_TYPE_ENUM.values()){
+ if(type.toString().equals(metaType)){
+ result = type.getMetaType();
+ }
+ }
+ return result;
+ }
+
+ public static String metaTypeToString(long metaType){
+ return TskData.tsk_fs_meta_type_str[(int)metaType];
+ }
+
+ // ----- Here all the methods for Directory Flags conversion / mapping -----
+ public static String dirFlagToValue(long dirFlag){
+
+ String result = "";
+
+ for (TskData.TSK_FS_NAME_FLAG_ENUM flag : TskData.TSK_FS_NAME_FLAG_ENUM.values()){
+ if(flag.getDirFlag() == dirFlag){
+ result = flag.toString();
+ }
+ }
+ return result;
+ }
+
+ public static long valueToDirFlag(String dirFlag){
+
+ long result = 0;
+
+ for (TskData.TSK_FS_NAME_FLAG_ENUM flag : TskData.TSK_FS_NAME_FLAG_ENUM.values()){
+ if(flag.toString().equals(dirFlag)){
+ result = flag.getDirFlag();
+ }
+ }
+ return result;
+ }
+
+ public static String dirFlagToString(long dirFlag){
+
+ String result = "";
+
+ long allocFlag = TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_ALLOC.getDirFlag();
+ long unallocFlag = TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag();
+
+ if((dirFlag & allocFlag) == allocFlag){
+ result = "Allocated";
+ }
+ if((dirFlag & unallocFlag) == unallocFlag){
+ result = "Unallocated";
+ }
+
+ return result;
+ }
+
+ // ----- Here all the methods for Meta Flags conversion / mapping -----
+ public static String metaFlagToValue(long metaFlag){
+
+ String result = "";
+
+ for (TskData.TSK_FS_META_FLAG_ENUM flag : TskData.TSK_FS_META_FLAG_ENUM.values()){
+ if(flag.getMetaFlag() == metaFlag){
+ result = flag.toString();
+ }
+ }
+ return result;
+ }
+
+ public static long valueToMetaFlag(String metaFlag){
+
+ long result = 0;
+
+ for (TskData.TSK_FS_META_FLAG_ENUM flag : TskData.TSK_FS_META_FLAG_ENUM.values()){
+ if(flag.toString().equals(metaFlag)){
+ result = flag.getMetaFlag();
+ }
+ }
+ return result;
+ }
+
+ public static String metaFlagToString(long metaFlag){
+
+ String result = "";
+
+ long allocFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_ALLOC.getMetaFlag();
+ long unallocFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_UNALLOC.getMetaFlag();
+
+ // some variables that might be needed in the future
+ long usedFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_USED.getMetaFlag();
+ long unusedFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_UNUSED.getMetaFlag();
+ long compFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_COMP.getMetaFlag();
+ long orphanFlag = TskData.TSK_FS_META_FLAG_ENUM.TSK_FS_META_FLAG_ORPHAN.getMetaFlag();
+
+ if((metaFlag & allocFlag) == allocFlag){
+ result = "Allocated";
+ }
+ if((metaFlag & unallocFlag) == unallocFlag){
+ result = "Unallocated";
+ }
+ // ... add more code here if needed
+
+ return result;
+ }
+
+ // ----- Here is the method to convert Mode to String -----
+ public static String modeToString(long mode, long metaType){
+
+ String result = "";
+
+ long metaTypeMax = TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_STR_MAX.getMetaType();
+
+ long isuid = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISUID.getMode();
+ long isgid = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISGID.getMode();
+ long isvtx = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_ISVTX.getMode();
+
+ long irusr = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRUSR.getMode();
+ long iwusr = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWUSR.getMode();
+ long ixusr = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXUSR.getMode();
+
+ long irgrp = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IRGRP.getMode();
+ long iwgrp = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWGRP.getMode();
+ long ixgrp= TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXGRP.getMode();
+
+ long iroth = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IROTH.getMode();
+ long iwoth = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IWOTH.getMode();
+ long ixoth = TskData.TSK_FS_META_MODE_ENUM.TSK_FS_META_MODE_IXOTH.getMode();
+
+ // first character = the Meta Type
+ if(metaType < metaTypeMax){
+ result += FsContent.metaTypeToString(metaType);
+ }
+ else{result += "-";}
+
+ // second and third characters = user permissions
+ if((mode & irusr) == irusr){
+ result += "r";
+ }
+ else{result += "-";}
+ if((mode & iwusr) == iwusr){
+ result += "w";
+ }
+ else{result += "-";}
+
+ // fourth character = set uid
+ if((mode & isuid) == isuid){
+ if((mode & ixusr) == ixusr){
+ result += "s";
+ }
+ else{
+ result += "S";
+ }
+ }
+ else{
+ if((mode & ixusr) == ixusr){
+ result += "x";
+ }
+ else{
+ result += "-";
+ }
+ }
+
+ // fifth and sixth characters = group permissions
+ if((mode & irgrp) == irgrp){
+ result += "r";
+ }
+ else{result += "-";}
+ if((mode & iwgrp) == iwgrp){
+ result += "w";
+ }
+ else{result += "-";}
+
+ // seventh character = set gid
+ if((mode & isgid) == isgid){
+ if((mode & ixgrp) == ixgrp){
+ result += "s";
+ }
+ else{
+ result += "S";
+ }
+ }
+ else{
+ if((mode & ixgrp) == ixgrp){
+ result += "x";
+ }
+ else{
+ result += "-";
+ }
+ }
+
+ // eighth and ninth character = other permissions
+ if((mode & iroth) == iroth){
+ result += "r";
+ }
+ else{result += "-";}
+ if((mode & iwoth) == iwoth){
+ result += "w";
+ }
+ else{result += "-";}
+
+ // tenth character = sticky bit
+ if((mode & isvtx) == isvtx){
+ if((mode & ixoth) == ixoth){
+ result += "t";
+ }
+ else{
+ result += "T";
+ }
+ }
+ else{
+ if((mode & ixoth) == ixoth){
+ result += "x";
+ }
+ else{
+ result += "-";
+ }
+ }
+
+ // check the result
+ if(result.length() != 10){
+ // throw error here
+ result = "ERROR";
+ }
+ return result;
+ }
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Image.java b/bindings/java/src/org/sleuthkit/datamodel/Image.java
index 9d69073a7778bb1e08929687c0bd7ca71871d59a..187bd1f54cc8dd02ceae66035d62869a820e34c7 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Image.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Image.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
import java.sql.SQLException;
@@ -7,199 +25,199 @@
* @author alawrence
*/
public class Image implements Content {
- //data about image
-
- private long type, ssize;
- private String name;
- private String[] paths;
- private Sleuthkit db;
- private long imageHandle = 0;
-
- /**
- * constructor most inputs are from the database
- * @param db database object
- * @param type
- * @param ssize
- * @param name
- * @param path
- */
- protected Image(Sleuthkit db, long type, long ssize, String name, String[] paths) throws TskException {
- this.db = db;
- this.type = type;
- this.ssize = ssize;
- this.name = name;
- this.paths = paths;
- this.imageHandle = SleuthkitJNI.openImage(paths);
- }
-
- /**
- * sets a new image path (NOT CURRENTLY IMPLEMENTED)
- * @param newPath new image path
- */
- public void setPath(String newPath) {
- //check if path is valid/leads to an image
- }
-
- /**
- * get the volume system at the given byte offset
- * @param offset bytes (should be 0 in most cases)
- * @return volume system object
- */
- public VolumeSystem getVolumeSystem(long offset) throws SQLException {
- VolumeSystem vs = db.getVolumeSystem(offset);
- if (vs != null) {
- vs.setParent(this);
- }
- return vs;
- }
-
- /**
- * get the handle to the sleuthkit image info object
- * @return the object pointer
- */
- public long getImageHandle() {
- return imageHandle;
- }
-
- /**
- * read from the image
- * @param offset in bytes
- * @param len in bytes
- * @return the byte data
- * @throws TskException
- */
- @Override
- public byte[] read(long offset, long len) throws TskException {
- // read from the image
- return SleuthkitJNI.readImg(imageHandle, offset, len);
- }
-
- /**
- * get the image size
- * @return image size
- */
- @Override
- public long getSize() {
- return 0;
- }
-
- //methods get exact data from database. could be manipulated to get more
- //meaningful data.
- /**
- * get the type
- * @return type
- */
- public long getType() {
- return type;
- }
-
- /**
- * get the sector size
- * @return sector size
- */
- public long getSsize() {
- return ssize;
- }
-
- /**
- * get the name
- * @return name
- */
- public String getName() {
- return name;
- }
-
- /**
- * get the path
- * @return path
- */
- public String[] getPaths() {
- return paths;
- }
-
- /**
- * get the sleuthkit database object
- * @return the sleuthkit object
- */
- public Sleuthkit getSleuthkit(){
- return db;
- }
-
- // ----- Here all the methods for Image Type conversion / mapping -----
-
- public static String imageTypeToValue(long imageType){
-
- String result = "";
-
- for (TskData.TSK_IMG_TYPE_ENUM imgType : TskData.TSK_IMG_TYPE_ENUM.values()){
- if(imgType.getImageType() == imageType){
- result = imgType.toString();
- }
- }
- return result;
- }
-
- public static long valueToImageType(String imageType){
-
- long result = 0;
-
- for (TskData.TSK_IMG_TYPE_ENUM imgType : TskData.TSK_IMG_TYPE_ENUM.values()){
- if(imgType.toString().equals(imageType)){
- result = imgType.getImageType();
- }
- }
- return result;
- }
-
- public static String imageTypeToString(long imageType){
-
- String result = "";
-
- long detect = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_DETECT.getImageType();
- long raw = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SING.getImageType();
- long split = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SPLIT.getImageType();
- long aff = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFF.getImageType();
- long afd = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFD.getImageType();
- long afm = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFM.getImageType();
- long afflib = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_ANY.getImageType();
- long ewf = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF.getImageType();
- long unsupported = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_UNSUPP.getImageType();
-
- if(imageType == detect){
- result = "Auto Detection";
- }
- if(imageType == raw){
- result = "Single raw file (dd)";
- }
- if(imageType == split){
- result = "Split raw files";
- }
- if(imageType == aff){
- result = "Advanced Forensic Format";
- }
- if(imageType == afd){
- result = "AFF Multiple File";
- }
- if(imageType == afm){
- result = "AFF with external metadata";
- }
- if(imageType == afflib){
- result = "All AFFLIB image formats (including beta ones)";
- }
- if(imageType == ewf){
- result = "Expert Witness format (encase)";
- }
- if(imageType == unsupported){
- result = "Unsupported Image Type";
- }
-
- return result;
- }
-
- /**
- * Closes the connection to the sleuthkit.
- */
- public void closeConnection(){
- db.closeConnection();
- }
+ //data about image
+
+ private long type, ssize;
+ private String name;
+ private String[] paths;
+ private Sleuthkit db;
+ private long imageHandle = 0;
+
+ /**
+ * constructor most inputs are from the database
+ * @param db database object
+ * @param type
+ * @param ssize
+ * @param name
+ * @param path
+ */
+ protected Image(Sleuthkit db, long type, long ssize, String name, String[] paths) throws TskException {
+ this.db = db;
+ this.type = type;
+ this.ssize = ssize;
+ this.name = name;
+ this.paths = paths;
+ this.imageHandle = SleuthkitJNI.openImage(paths);
+ }
+
+ /**
+ * sets a new image path (NOT CURRENTLY IMPLEMENTED)
+ * @param newPath new image path
+ */
+ public void setPath(String newPath) {
+ //check if path is valid/leads to an image
+ }
+
+ /**
+ * get the volume system at the given byte offset
+ * @param offset bytes (should be 0 in most cases)
+ * @return volume system object
+ */
+ public VolumeSystem getVolumeSystem(long offset) throws SQLException {
+ VolumeSystem vs = db.getVolumeSystem(offset);
+ if (vs != null) {
+ vs.setParent(this);
+ }
+ return vs;
+ }
+
+ /**
+ * get the handle to the sleuthkit image info object
+ * @return the object pointer
+ */
+ public long getImageHandle() {
+ return imageHandle;
+ }
+
+ /**
+ * read from the image
+ * @param offset in bytes
+ * @param len in bytes
+ * @return the byte data
+ * @throws TskException
+ */
+ @Override
+ public byte[] read(long offset, long len) throws TskException {
+ // read from the image
+ return SleuthkitJNI.readImg(imageHandle, offset, len);
+ }
+
+ /**
+ * get the image size
+ * @return image size
+ */
+ @Override
+ public long getSize() {
+ return 0;
+ }
+
+ //methods get exact data from database. could be manipulated to get more
+ //meaningful data.
+ /**
+ * get the type
+ * @return type
+ */
+ public long getType() {
+ return type;
+ }
+
+ /**
+ * get the sector size
+ * @return sector size
+ */
+ public long getSsize() {
+ return ssize;
+ }
+
+ /**
+ * get the name
+ * @return name
+ */
+ public String getName() {
+ return name;
+ }
+
+ /**
+ * get the path
+ * @return path
+ */
+ public String[] getPaths() {
+ return paths;
+ }
+
+ /**
+ * get the sleuthkit database object
+ * @return the sleuthkit object
+ */
+ public Sleuthkit getSleuthkit(){
+ return db;
+ }
+
+ // ----- Here all the methods for Image Type conversion / mapping -----
+
+ public static String imageTypeToValue(long imageType){
+
+ String result = "";
+
+ for (TskData.TSK_IMG_TYPE_ENUM imgType : TskData.TSK_IMG_TYPE_ENUM.values()){
+ if(imgType.getImageType() == imageType){
+ result = imgType.toString();
+ }
+ }
+ return result;
+ }
+
+ public static long valueToImageType(String imageType){
+
+ long result = 0;
+
+ for (TskData.TSK_IMG_TYPE_ENUM imgType : TskData.TSK_IMG_TYPE_ENUM.values()){
+ if(imgType.toString().equals(imageType)){
+ result = imgType.getImageType();
+ }
+ }
+ return result;
+ }
+
+ public static String imageTypeToString(long imageType){
+
+ String result = "";
+
+ long detect = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_DETECT.getImageType();
+ long raw = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SING.getImageType();
+ long split = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_RAW_SPLIT.getImageType();
+ long aff = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFF.getImageType();
+ long afd = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFD.getImageType();
+ long afm = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_AFM.getImageType();
+ long afflib = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_AFF_ANY.getImageType();
+ long ewf = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF.getImageType();
+ long unsupported = TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_UNSUPP.getImageType();
+
+ if(imageType == detect){
+ result = "Auto Detection";
+ }
+ if(imageType == raw){
+ result = "Single raw file (dd)";
+ }
+ if(imageType == split){
+ result = "Split raw files";
+ }
+ if(imageType == aff){
+ result = "Advanced Forensic Format";
+ }
+ if(imageType == afd){
+ result = "AFF Multiple File";
+ }
+ if(imageType == afm){
+ result = "AFF with external metadata";
+ }
+ if(imageType == afflib){
+ result = "All AFFLIB image formats (including beta ones)";
+ }
+ if(imageType == ewf){
+ result = "Expert Witness format (encase)";
+ }
+ if(imageType == unsupported){
+ result = "Unsupported Image Type";
+ }
+
+ return result;
+ }
+
+ /**
+ * Closes the connection to the sleuthkit.
+ */
+ public void closeConnection(){
+ db.closeConnection();
+ }
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Sleuthkit.java b/bindings/java/src/org/sleuthkit/datamodel/Sleuthkit.java
index ccd2cb8989d2d67cdbece2e33f0188f5c5d3467d..ba32fc764e56f98da8bcc3a2df82524a374ad3b8 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Sleuthkit.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Sleuthkit.java
@@ -1,3 +1,22 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.sleuthkit.datamodel;
import java.sql.Connection;
@@ -14,488 +33,537 @@
*/
public class Sleuthkit {
private String dbPath;
- private String imageDirectory;
+ private String imageDirectory;
private Connection con;
- /**
- * constructor
- * @param path path to the database
- * @throws SQLException
- * @throws ClassNotFoundException
- */
- public Sleuthkit(String dbPath) throws SQLException, ClassNotFoundException{
- Class.forName("org.sqlite.JDBC");
+ /**
+ * constructor
+ * @param path path to the database
+ * @throws SQLException
+ * @throws ClassNotFoundException
+ */
+ public Sleuthkit(String dbPath) throws SQLException, ClassNotFoundException{
+ Class.forName("org.sqlite.JDBC");
this.dbPath = dbPath;
- int i = dbPath.length()-1;
- while(dbPath.charAt(i) != '\\' && dbPath.charAt(i) != '/'){
- i--;
- }
- imageDirectory = dbPath.substring(0, i);
+ int i = dbPath.length()-1;
+ while(dbPath.charAt(i) != '\\' && dbPath.charAt(i) != '/'){
+ i--;
+ }
+ imageDirectory = dbPath.substring(0, i);
con = DriverManager.getConnection("jdbc:sqlite:" + dbPath);
- con.setReadOnly(true);
+ con.setReadOnly(true);
}
- public Sleuthkit(String dbPath, String imageDirectory) throws SQLException, ClassNotFoundException{
- Class.forName("org.sqlite.JDBC");
- this.dbPath = dbPath;
- this.imageDirectory = imageDirectory;
- con = DriverManager.getConnection("jdbc:sqlite:" + dbPath);
- }
-
- public static void makeDb(String[] paths, String outDir) throws TskException{
- SleuthkitJNI.makeDb(paths, outDir);
- }
-
- /**
- * fill a new filesystem content object with data from the database. will
- * also check the database field to determine if it is a file or directory
- * @param fs_id file system id
- * @param file_id file id
- * @return a new FsContent object
- */
- public FsContent getFile(long fs_id, long file_id) throws SQLException{
- Statement statement;
- statement = con.createStatement();
+ public Sleuthkit(String dbPath, String imageDirectory) throws SQLException, ClassNotFoundException{
+ Class.forName("org.sqlite.JDBC");
+ this.dbPath = dbPath;
+ this.imageDirectory = imageDirectory;
+ con = DriverManager.getConnection("jdbc:sqlite:" + dbPath);
+ }
- ResultSet rs = statement.executeQuery("select * from tsk_fs_files " +
- "where file_id = " + file_id +" and fs_id = " + fs_id);
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else
- if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
- Directory dir = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
- rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
- rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
- rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
- rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
- rs.close();
- statement.close();
- return dir;
- }
- else{
- File file = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
- rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
- rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
- rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
- rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
- rs.close();
- statement.close();
- return file;
- }
+ public static void makeDb(String[] paths, String outDir) throws TskException{
+ SleuthkitJNI.makeDb(paths, outDir);
}
- /**
- * fill a new filesystem content object with data from the database. will
- * also check the database field to determine if it is a file or directory
- * @param fs_id file system id
- * @param file_id file id
- * @param name file name (used to differentiate between directories by name
- * and . and .. directories
- * @return a new FsContent object
- */
- public FsContent getFile(long fs_id, long file_id, String name) throws SQLException{
- Statement statement;
- statement = con.createStatement();
-
- ResultSet rs = statement.executeQuery("select * from tsk_fs_files " +
- "where file_id = " + file_id +" and fs_id = " + fs_id + " and name = \"" + name + "\"");
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else{
- String tempName = "";
-
- // if name is empty, it's the root metadata so need to change the name to "."
- if(name.equals("")){
- tempName = ".";
- }
- else{
- tempName = rs.getString("name");
- }
-
- if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
- Directory dir = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
- rs.getLong("attr_id"), tempName, rs.getLong("par_file_id"), rs.getLong("dir_type"),
- rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
- rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
- rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
- rs.close();
- statement.close();
- return dir;
- }
- else{
- File file = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
- rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
- rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
- rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
- rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
- rs.close();
- statement.close();
- return file;
- }
- }
+ /**
+ * fill a new filesystem content object with data from the database. will
+ * also check the database field to determine if it is a file or directory
+ * @param fs_id file system id
+ * @param file_id file id
+ * @return a new FsContent object
+ */
+ public FsContent getFile(long fs_id, long file_id) throws SQLException{
+ Statement statement;
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select * from tsk_fs_files " +
+ "where file_id = " + file_id +" and fs_id = " + fs_id);
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else
+ if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
+ Directory dir = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ rs.close();
+ statement.close();
+ return dir;
+ }
+ else{
+ File file = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ rs.close();
+ statement.close();
+ return file;
+ }
}
- /**
- * get the name and parent of the file/directory with the given id
- * @param fs_id filesystem id
- * @param file_id file id
- * @return array of length 2 with the name and parent id
- * @throws SQLException
- */
- public String[] getFsContentNameAndParent(long fs_id, long file_id) throws SQLException{
- Statement statement;
- statement = con.createStatement();
-
- ResultSet rs = statement.executeQuery("select name, par_file_id from tsk_fs_files " +
- "where file_id = " + file_id +" and fs_id = " + fs_id);
- if(!rs.next()){
- String[] result = {"", "0"};
- return result;
- }
- else{
- String[] result = {rs.getString("name"), Long.toString(rs.getLong("par_file_id"))};
- return result;
- }
- }
-
- /**
- * fills a new file system object with data from the database
- * @param vol_id the volume to get the filesystem from
- * @return a new file system object
- */
- public FileSystem getFileSystem(long vol_id) throws SQLException{
+ /**
+ * fill a new filesystem content object with data from the database. will
+ * also check the database field to determine if it is a file or directory
+ * @param fs_id file system id
+ * @param file_id file id
+ * @param name file name (used to differentiate between directories by name
+ * and . and .. directories
+ * @return a new FsContent object
+ */
+ public FsContent getFile(long fs_id, long file_id, String name) throws SQLException{
Statement statement;
- statement = con.createStatement();
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select * from tsk_fs_files " +
+ "where file_id = " + file_id +" and fs_id = " + fs_id + " and name = \"" + name + "\"");
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ String tempName = "";
+
+ // if name is empty, it's the root metadata so need to change the name to "."
+ if(name.equals("")){
+ tempName = ".";
+ }
+ else{
+ tempName = rs.getString("name");
+ }
- ResultSet rs = statement.executeQuery("select * from tsk_fs_info " +
- "where vol_id = " + vol_id);
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
+ if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
+ Directory dir = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), tempName, rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ rs.close();
+ statement.close();
+ return dir;
}
else{
- FileSystem fs = new FileSystem(this, rs.getLong("fs_id"), rs.getLong("img_offset"), rs.getLong("vol_id"),
- rs.getLong("fs_type"), rs.getLong("block_size"), rs.getLong("block_count"),
- rs.getLong("root_inum"), rs.getLong("first_inum"), rs.getLong("last_inum"));
- rs.close();
- statement.close();
- return fs;
- }
+ File file = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ rs.close();
+ statement.close();
+ return file;
+ }
+ }
}
- /**
- * Gets a new file system object with data from the database
- * @param fs_id the FileSystem ID to get the filesystem from
- * @return fs a new file system object
- */
- public FileSystem getFileSystemFromID(long fs_id) throws SQLException{
- Statement statement = con.createStatement();
- ResultSet rs = statement.executeQuery("select * from tsk_fs_info " +
- "where fs_id = " + fs_id);
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else{
- FileSystem fs = new FileSystem(this, rs.getLong("fs_id"), rs.getLong("img_offset"), rs.getLong("vol_id"),
- rs.getLong("fs_type"), rs.getLong("block_size"), rs.getLong("block_count"),
- rs.getLong("root_inum"), rs.getLong("first_inum"), rs.getLong("last_inum"));
- return fs;
- }
+ /**
+ * get the name and parent of the file/directory with the given id
+ * @param fs_id filesystem id
+ * @param file_id file id
+ * @return array of length 2 with the name and parent id
+ * @throws SQLException
+ */
+ public String[] getFsContentNameAndParent(long fs_id, long file_id) throws SQLException{
+ Statement statement;
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select name, par_file_id from tsk_fs_files " +
+ "where file_id = " + file_id +" and fs_id = " + fs_id);
+ if(!rs.next()){
+ String[] result = {"", "0"};
+ return result;
+ }
+ else{
+ String[] result = {rs.getString("name"), Long.toString(rs.getLong("par_file_id"))};
+ return result;
+ }
}
- /**
- * fills a new volume object from the database
- * @param vol_id volume id
- * @return new volume object
- */
- public Volume getVolume(long vol_id) throws SQLException{
- //get volume info from the database
- Statement statement;
- statement = con.createStatement();
-
- ResultSet rs = statement.executeQuery("select * from tsk_vs_parts " +
- "where vol_id = " + vol_id);
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else{
- Volume vol = new Volume(this, rs.getLong("vol_id"), rs.getLong("start"), rs.getLong("length"),
- rs.getLong("flags"), rs.getString("desc"));
- rs.close();
- statement.close();
- return vol;
- }
+ /**
+ * fills a new file system object with data from the database
+ * @param vol_id the volume to get the filesystem from
+ * @return a new file system object
+ */
+ public FileSystem getFileSystem(long vol_id) throws SQLException{
+ Statement statement;
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select * from tsk_fs_info " +
+ "where vol_id = " + vol_id);
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ FileSystem fs = new FileSystem(this, rs.getLong("fs_id"), rs.getLong("img_offset"), rs.getLong("vol_id"),
+ rs.getLong("fs_type"), rs.getLong("block_size"), rs.getLong("block_count"),
+ rs.getLong("root_inum"), rs.getLong("first_inum"), rs.getLong("last_inum"));
+ rs.close();
+ statement.close();
+ return fs;
+ }
}
- /**
- * fills a new volume system object from the database
- * @param offset offset to the volume system
- * @return a new volume system object
- */
- public VolumeSystem getVolumeSystem(long offset) throws SQLException{
- Statement statement;
- ArrayList<Long> vol_ids = new ArrayList<Long>();
- statement = con.createStatement();
-
- ResultSet rs = statement.executeQuery("select * from tsk_vs_info " +
- "where img_offset = " + offset);
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else{
- long type = rs.getLong("vs_type");
- long imgOffset = rs.getLong("img_offset");
- long blockSize = rs.getLong("block_size");
- rs = statement.executeQuery("select vol_id from tsk_vs_parts");
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else{
- do{
- vol_ids.add(new Long(rs.getLong("vol_id")));
- }while(rs.next());
- }
- VolumeSystem vs = new VolumeSystem(this, type, imgOffset, blockSize,
- vol_ids);
- rs.close();
- statement.close();
- return vs;
- }
+ /**
+ * Gets a new file system object with data from the database
+ * @param fs_id the FileSystem ID to get the filesystem from
+ * @return fs a new file system object
+ */
+ public FileSystem getFileSystemFromID(long fs_id) throws SQLException{
+ Statement statement = con.createStatement();
+ ResultSet rs = statement.executeQuery("select * from tsk_fs_info " +
+ "where fs_id = " + fs_id);
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ FileSystem fs = new FileSystem(this, rs.getLong("fs_id"), rs.getLong("img_offset"), rs.getLong("vol_id"),
+ rs.getLong("fs_type"), rs.getLong("block_size"), rs.getLong("block_count"),
+ rs.getLong("root_inum"), rs.getLong("first_inum"), rs.getLong("last_inum"));
+ return fs;
+ }
}
- /**
- * get the name of this volume (based on the volume id)
- * @param fs_id file system
- * @return string with the name
- * @throws SQLException
- */
- public String getVolName(long fs_id) throws SQLException{
- Statement statement;
- ArrayList<Long> vol_ids = new ArrayList<Long>();
- statement = con.createStatement();
-
- ResultSet rs = statement.executeQuery("select vol_id from tsk_fs_info " +
- "where fs_id = " + fs_id);
- if(!rs.next()){
- return null;
- }
- else{
- return "vol" + rs.getLong("vol_id");
- }
- }
-
- /**
- * fills a new image object with data from the database
- * @param imagePath path to the image
- * @return a new image object
- */
- public Image getImage() throws TskException, SQLException{
- //get image info from the database
+ /**
+ * fills a new volume object from the database
+ * @param vol_id volume id
+ * @return new volume object
+ */
+ public Volume getVolume(long vol_id) throws SQLException{
+ //get volume info from the database
Statement statement;
- long type, ssize;
- String name;
- ArrayList<String> names = new ArrayList<String>();
- statement = con.createStatement();
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select * from tsk_vs_parts " +
+ "where vol_id = " + vol_id);
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ Volume vol = new Volume(this, rs.getLong("vol_id"), rs.getLong("start"), rs.getLong("length"),
+ rs.getLong("flags"), rs.getString("desc"));
+ rs.close();
+ statement.close();
+ return vol;
+ }
+ }
- ResultSet rs = statement.executeQuery("select * from tsk_image_info");
+ /**
+ * fills a new volume system object from the database
+ * @param offset offset to the volume system
+ * @return a new volume system object
+ */
+ public VolumeSystem getVolumeSystem(long offset) throws SQLException{
+ Statement statement;
+ ArrayList<Long> vol_ids = new ArrayList<Long>();
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select * from tsk_vs_info " +
+ "where img_offset = " + offset);
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ long type = rs.getLong("vs_type");
+ long imgOffset = rs.getLong("img_offset");
+ long blockSize = rs.getLong("block_size");
+ rs = statement.executeQuery("select vol_id from tsk_vs_parts");
if(!rs.next()){
- rs.close();
- statement.close();
+ rs.close();
+ statement.close();
return null;
}
else{
- type = rs.getLong("type");
- ssize = rs.getLong("ssize");
+ do{
+ vol_ids.add(new Long(rs.getLong("vol_id")));
+ }while(rs.next());
}
- rs = statement.executeQuery("select * from tsk_image_names");
- if(!rs.next()){
- rs.close();
- statement.close();
- return null;
- }
- else{
- name = rs.getString("name");
- do{
+ VolumeSystem vs = new VolumeSystem(this, type, imgOffset, blockSize,
+ vol_ids);
+ rs.close();
+ statement.close();
+ return vs;
+ }
+ }
+
+ /**
+ * get the name of this volume (based on the volume id)
+ * @param fs_id file system
+ * @return string with the name
+ * @throws SQLException
+ */
+ public String getVolName(long fs_id) throws SQLException{
+ Statement statement;
+ ArrayList<Long> vol_ids = new ArrayList<Long>();
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select vol_id from tsk_fs_info " +
+ "where fs_id = " + fs_id);
+ if(!rs.next()){
+ return null;
+ }
+ else{
+ return "vol" + rs.getLong("vol_id");
+ }
+ }
+
+ /**
+ * fills a new image object with data from the database
+ * @param imagePath path to the image
+ * @return a new image object
+ */
+ public Image getImage() throws TskException, SQLException{
+ //get image info from the database
+ Statement statement;
+ long type, ssize;
+ String name;
+ ArrayList<String> names = new ArrayList<String>();
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery("select * from tsk_image_info");
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ type = rs.getLong("type");
+ ssize = rs.getLong("ssize");
+ }
+ rs = statement.executeQuery("select * from tsk_image_names");
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return null;
+ }
+ else{
+ name = rs.getString("name");
+ do{
names.add(imageDirectory + "\\" + rs.getString("name"));
- }while(rs.next());
-
- }
+ }while(rs.next());
- Image img = new Image(this, type, ssize, name, names.toArray(new String[names.size()]));
- rs.close();
- statement.close();
- return img;
+ }
+
+ Image img = new Image(this, type, ssize, name, names.toArray(new String[names.size()]));
+ rs.close();
+ statement.close();
+ return img;
}
- /**
- * searches the database for files whose parent is the given file
- * @param dir_id directory id
- * @param fs_id file system to search
- * @return an arraylist of file ids
- */
- public ArrayList<Long> getChildIds(long dir_id, long fs_id) throws SQLException{
- Statement statement = con.createStatement();
- ArrayList<Long> childIds = new ArrayList<Long>();
- ResultSet rs = statement.executeQuery("SELECT file_id FROM tsk_fs_files " +
+
+ /**
+ * searches the database for files whose parent is the given file
+ * @param dir_id directory id
+ * @param fs_id file system to search
+ * @return an arraylist of fscontent objects
+ */
+ public ArrayList<FsContent> getChildren(long dir_id, long fs_id, FileSystem parent) throws SQLException{
+ Statement statement = con.createStatement();
+ ArrayList<FsContent> children = new ArrayList<FsContent>();
+ ResultSet rs = statement.executeQuery("SELECT * FROM tsk_fs_files " +
"WHERE fs_id = " + fs_id + " AND par_file_id = " + dir_id);
- if(!rs.next()){
- rs.close();
- statement.close();
- return childIds;
- }
- else{
- do{
- childIds.add(rs.getLong("file_id"));
- }while(rs.next());
- }
- rs.close();
- statement.close();
+ if(!rs.next()){
+ rs.close();
+ statement.close();
+ return children;
+ }
+ else{
+ do{
+ String tempName = "";
+
+ tempName = rs.getString("name");
+
+ if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
+ Directory dir = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), tempName, rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ dir.setParent(parent);
+ children.add(dir);
+ }
+ else{
+ File file = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ file.setParent(parent);
+ children.add(file);
+ }
+ }while(rs.next());
+ }
+ rs.close();
+ statement.close();
+ return children;
+ }
+
+
+ /**
+ * searches the database for files whose parent is the given file
+ * @param dir_id directory id
+ * @param fs_id file system to search
+ * @return an arraylist of file ids
+ */
+ public ArrayList<Long> getChildIds(long dir_id, long fs_id) throws SQLException{
+ Statement statement = con.createStatement();
+ ArrayList<Long> childIds = new ArrayList<Long>();
+ ResultSet rs = statement.executeQuery("SELECT file_id FROM tsk_fs_files " +
+ "WHERE fs_id = " + fs_id + " AND par_file_id = " + dir_id);
+ if(!rs.next()){
+ rs.close();
+ statement.close();
return childIds;
+ }
+ else{
+ do{
+ childIds.add(rs.getLong("file_id"));
+ }while(rs.next());
+ }
+ rs.close();
+ statement.close();
+ return childIds;
}
- /**
- * get the names of the child files and directories. important for differentiating
- * between directories and . and .. directories
- * @param dir_id directory id
- * @param fs_id file system to search
- * @return an arraylist of names
- */
- public ArrayList<String> getChildNames(long dir_id, long fs_id) throws SQLException {
- Statement statement = con.createStatement();
- ArrayList<String> childIds = new ArrayList<String>();
- ResultSet rs = statement.executeQuery("SELECT name FROM tsk_fs_files " +
+ /**
+ * get the names of the child files and directories. important for differentiating
+ * between directories and . and .. directories
+ * @param dir_id directory id
+ * @param fs_id file system to search
+ * @return an arraylist of names
+ */
+ public ArrayList<String> getChildNames(long dir_id, long fs_id) throws SQLException {
+ Statement statement = con.createStatement();
+ ArrayList<String> childIds = new ArrayList<String>();
+ ResultSet rs = statement.executeQuery("SELECT name FROM tsk_fs_files " +
"WHERE fs_id = " + fs_id + " AND par_file_id = " + dir_id);
- if(!rs.next()){
- rs.close();
- statement.close();
- return childIds;
- }
- else{
- do{
- childIds.add(rs.getString("name"));
- }while(rs.next());
- }
- rs.close();
- statement.close();
+ if(!rs.next()){
+ rs.close();
+ statement.close();
return childIds;
+ }
+ else{
+ do{
+ childIds.add(rs.getString("name"));
+ }while(rs.next());
+ }
+ rs.close();
+ statement.close();
+ return childIds;
}
-
- /**
- * fill a new filesystem content object with data from the database. will
- * also check the database field to determine if it is a file or directory
- * @param fs_id file system id
- * @param file_id file id
- * @param name file name (used to differentiate between directories by name
- * and . and .. directories
- * @return a new FsContent object
- */
- public ArrayList<FsContent> resultSetToObjects(ResultSet rs, Image img) throws SQLException{
- ArrayList<FsContent> result = new ArrayList<FsContent>();
- FileSystem fs;
-
- if(!rs.next()){
- return result;
- }
- else{
- Hashtable map = new Hashtable();
-
- do{
- Long fsid = rs.getLong("fs_id");
- if(map.containsKey(fsid)){
- fs = (FileSystem)map.get(fsid);
- }
- else{
- // Set all the parents for the FsContent
- fs = this.getFileSystemFromID(fsid);
- Volume vol = this.getVolume(fs.getVol_id());
- VolumeSystem vs = this.getVolumeSystem(0); // usually the offset is 0, change it when needed
- vs.setParent(img);
- vol.setParent(vs);
- fs.setParent(vol);
- map.put(fsid, fs);
- }
-
- if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
- Directory temp = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
- rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
- rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
- rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
- rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
- temp.setParent(fs);
- result.add(temp);
- }
- else{
- File temp = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
- rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
- rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
- rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
- rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
- temp.setParent(fs);
- result.add(temp);
- }
- }
- while(rs.next());
- }
- return result;
+
+ /**
+ * fill a new filesystem content object with data from the database. will
+ * also check the database field to determine if it is a file or directory
+ * @param fs_id file system id
+ * @param file_id file id
+ * @param name file name (used to differentiate between directories by name
+ * and . and .. directories
+ * @return a new FsContent object
+ */
+ public ArrayList<FsContent> resultSetToObjects(ResultSet rs, Image img) throws SQLException{
+ ArrayList<FsContent> result = new ArrayList<FsContent>();
+ FileSystem fs;
+
+ if(!rs.next()){
+ return result;
+ }
+ else{
+ Hashtable<Long,FileSystem> map = new Hashtable<Long,FileSystem>();
+
+ do{
+ Long fsid = rs.getLong("fs_id");
+ if(map.containsKey(fsid)){
+ fs = map.get(fsid);
+ }
+ else{
+ // Set all the parents for the FsContent
+ fs = this.getFileSystemFromID(fsid);
+ Volume vol = this.getVolume(fs.getVol_id());
+ VolumeSystem vs = this.getVolumeSystem(0); // usually the offset is 0, change it when needed
+ vs.setParent(img);
+ vol.setParent(vs);
+ fs.setParent(vol);
+ map.put(fsid, fs);
+ }
+
+ if (rs.getLong("dir_type") == TSK_FS_NAME_TYPE_ENUM.TSK_FS_NAME_TYPE_DIR.getDirType()){
+ Directory temp = new Directory(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ temp.setParent(fs);
+ result.add(temp);
+ }
+ else{
+ File temp = new File(this, rs.getLong("fs_id"), rs.getLong("file_id"), rs.getLong("attr_type"),
+ rs.getLong("attr_id"), rs.getString("name"), rs.getLong("par_file_id"), rs.getLong("dir_type"),
+ rs.getLong("meta_type"), rs.getLong("dir_flags"), rs.getLong("meta_flags"), rs.getLong("size"),
+ rs.getLong("ctime"), rs.getLong("crtime"), rs.getLong("atime"), rs.getLong("mtime"),
+ rs.getLong("mode"), rs.getLong("uid"), rs.getLong("gid"));
+ temp.setParent(fs);
+ result.add(temp);
+ }
+ }
+ while(rs.next());
+ }
+ return result;
}
- /**
- * Returns the ResultSet from the given query.
- *
- * @param query the given string query to run
- * @return rs the resultSet
- * @throws SQLException
- */
- public ResultSet runQuery(String query) throws SQLException{
- Statement statement;
- statement = con.createStatement();
-
- ResultSet rs = statement.executeQuery(query);
- return rs;
+ /**
+ * Returns the ResultSet from the given query.
+ *
+ * @param query the given string query to run
+ * @return rs the resultSet
+ * @throws SQLException
+ */
+ public ResultSet runQuery(String query) throws SQLException{
+ Statement statement;
+ statement = con.createStatement();
+
+ ResultSet rs = statement.executeQuery(query);
+ return rs;
}
public void finalize(){
try
- {
- if(con != null)
- con.close();
- }
- catch(SQLException e)
- {
- // connection close failed.
- System.err.println(e);
- }
+ {
+ if(con != null)
+ con.close();
+ }
+ catch(SQLException e)
+ {
+ // connection close failed.
+ System.err.println(e);
+ }
}
- /**
- * Closes the connection of this class.
- */
- public void closeConnection(){
+ /**
+ * Closes the connection of this class.
+ */
+ public void closeConnection(){
try
- {
- if(con != null)
- con.close();
- }
- catch(SQLException e)
- {
- // connection close failed.
- System.err.println(e);
- }
+ {
+ if(con != null)
+ con.close();
+ }
+ catch(SQLException e)
+ {
+ // connection close failed.
+ System.err.println(e);
+ }
}
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index 08f120323b512db4efbe8109ecd6b60dd89df89e..ee77be0845890f5c88d65f24254fa790135f376e 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -1,3 +1,22 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
package org.sleuthkit.datamodel;
/**
@@ -6,227 +25,220 @@
*/
public class SleuthkitJNI {
//Native methods
- private static native String getVersionNat();
- //loaddb
- private static native long loaddbNat(String[] imgPath, int splits, String outDir) throws TskException;
+ private static native String getVersionNat();
+ //loaddb
+ private static native long loaddbNat(String[] imgPath, int splits, String outDir) throws TskException;
private static native long startloaddbNat(String timezone) throws TskException;
- private static native void runloaddbNat(long process, String[] imgPath, int splits, String outDir) throws TskException;;
- private static native void stoploaddbNat(long process) throws TskException;;
- //open functions
+ private static native void runloaddbNat(long process, String[] imgPath, int splits, String outDir) throws TskException;;
+ private static native void stoploaddbNat(long process) throws TskException;;
+ //open functions
private static native long openImageNat(String[] imgPath, int splits) throws TskException;
private static native long openVsNat(long imgHandle, long vsOffset) throws TskException;
private static native long openVolNat(long vsHandle, long volId) throws TskException;
private static native long openFsNat(long imgHandle, long fsId) throws TskException;
private static native long openFileNat(long fsHandle, long fileId) throws TskException;
-
+
//read functions
private static native byte[] readImgNat(long imgHandle, long offset, long len) throws TskException;
private static native byte[] readVsNat(long vsHandle, long offset, long len) throws TskException;
private static native byte[] readVolNat(long volHandle, long offset, long len) throws TskException;
private static native byte[] readFsNat(long fsHandle, long offset, long len) throws TskException;
private static native byte[] readFileNat(long fileHandle, long offset, long len) throws TskException;
-
+
//close functions
private static native void closeImgNat(long imgHandle);
private static native void closeVsNat(long vsHandle);
- private static native void closeVolNat(long volHandle);
private static native void closeFsNat(long fsHandle);
private static native void closeFileNat(long fileHandle);
-
+
static {
- System.loadLibrary("zlib1");
- System.loadLibrary("libewf");
- System.loadLibrary("tsk_jni");
+ System.loadLibrary("zlib1");
+ System.loadLibrary("libewf");
+ System.loadLibrary("tsk_jni");
}
public SleuthkitJNI(){}
- /**
- * get the sleuthkit version string
- * @return the version string
- */
- public static String getVersion(){
- return getVersionNat();
- }
-
- /**
- * open the image and return the image info pointer
- * @param imageDirs the paths to the images
- * @return the image info pointer
- * @throws TskException
- */
- public static long openImage(String[] imageDirs) throws TskException{
- return openImageNat(imageDirs, imageDirs.length);
- }
-
- /**
- * create the sqlite database for the given image
- * @param imgPaths paths to the image splits
- * @param outDir the directory to write the database to
- * @throws TskException
- */
- public static void makeDb(String[] imgPaths, String outDir) throws TskException{
- loaddbNat(imgPaths, imgPaths.length, outDir);
- }
-
- /**
- * create a process pointer for loaddb (this process can be started and stopped)
- * @param timezone timezone of the image
- * @return a pointer to a process
- * @throws TskException
- */
- public static long makeLoaddbProcess(String timezone) throws TskException{
- return startloaddbNat(timezone);
- }
-
- /**
- * start the given loaddb process
- * @param process pointer to an open process
- * @param imgPaths paths to the image to make the database from
- * @param outDir directory to write the database to
- * @throws TskException
- */
- public static void runLoaddbProcess(long process, String[] imgPaths, String outDir) throws TskException{
- runloaddbNat(process, imgPaths, imgPaths.length, outDir);
- }
-
- /**
- * cancels the given loaddb process
- * @param process pointer to a running process
- * @throws TskException
- */
- public static void stopLoaddbProcess(long process) throws TskException{
- stoploaddbNat(process);
- }
- /**
- * Get volume system Handle
- * @param vsOffset byte offset in the image to the volume system (usually 0)
- * @return pointer to a vsHandle structure in the sleuthkit
- */
- public static long openVs(long imgHandle, long vsOffset) throws TskException{
- return openVsNat(imgHandle, vsOffset);
- }
-
+ /**
+ * get the sleuthkit version string
+ * @return the version string
+ */
+ public static String getVersion(){
+ return getVersionNat();
+ }
+
+ /**
+ * open the image and return the image info pointer
+ * @param imageDirs the paths to the images
+ * @return the image info pointer
+ * @throws TskException
+ */
+ public static long openImage(String[] imageDirs) throws TskException{
+ return openImageNat(imageDirs, imageDirs.length);
+ }
+
+ /**
+ * create the sqlite database for the given image
+ * @param imgPaths paths to the image splits
+ * @param outDir the directory to write the database to
+ * @throws TskException
+ */
+ public static void makeDb(String[] imgPaths, String outDir) throws TskException{
+ loaddbNat(imgPaths, imgPaths.length, outDir);
+ }
+
+ /**
+ * create a process pointer for loaddb (this process can be started and stopped)
+ * @param timezone timezone of the image
+ * @return a pointer to a process
+ * @throws TskException
+ */
+ public static long makeLoaddbProcess(String timezone) throws TskException{
+ return startloaddbNat(timezone);
+ }
+
+ /**
+ * start the given loaddb process
+ * @param process pointer to an open process
+ * @param imgPaths paths to the image to make the database from
+ * @param outDir directory to write the database to
+ * @throws TskException
+ */
+ public static void runLoaddbProcess(long process, String[] imgPaths, String outDir) throws TskException{
+ runloaddbNat(process, imgPaths, imgPaths.length, outDir);
+ }
+
+ /**
+ * cancels the given loaddb process
+ * @param process pointer to a running process
+ * @throws TskException
+ */
+ public static void stopLoaddbProcess(long process) throws TskException{
+ stoploaddbNat(process);
+ }
+ /**
+ * Get volume system Handle
+ * @param vsOffset byte offset in the image to the volume system (usually 0)
+ * @return pointer to a vsHandle structure in the sleuthkit
+ */
+ public static long openVs(long imgHandle, long vsOffset) throws TskException{
+ return openVsNat(imgHandle, vsOffset);
+ }
+
//get pointers
- /**
- * Get volume Handle
- * @param vsHandle pointer to the volume system structure in the sleuthkit
- * @param volId id of the volume
- * @return pointer to a volHandle structure in the sleuthkit
- */
- public static long openVsPart(long vsHandle, long volId) throws TskException{
- //returned long is ptr to vs Handle object in tsk
- return openVolNat(vsHandle, volId);
- }
-
- /**
- * get file system Handle
- * @param fsOffset byte offset to the file system
- * @return pointer to a fsHandle structure in the sleuthkit
- */
- public static long openFs(long imgHandle, long fsOffset) throws TskException{
+ /**
+ * Get volume Handle
+ * @param vsHandle pointer to the volume system structure in the sleuthkit
+ * @param volId id of the volume
+ * @return pointer to a volHandle structure in the sleuthkit
+ */
+ public static long openVsPart(long vsHandle, long volId) throws TskException{
+ //returned long is ptr to vs Handle object in tsk
+ return openVolNat(vsHandle, volId);
+ }
+
+ /**
+ * get file system Handle
+ * @param fsOffset byte offset to the file system
+ * @return pointer to a fsHandle structure in the sleuthkit
+ */
+ public static long openFs(long imgHandle, long fsOffset) throws TskException{
return openFsNat(imgHandle, fsOffset);
}
-
- /**
- * get file Handle
- * @param fsHandle fsHandle pointer in the sleuthkit
- * @param fileId id of the file
- * @return pointer to a file structure in the sleuthkit
- */
- public static long openFile(long fsHandle, long fileId) throws TskException{
+
+ /**
+ * get file Handle
+ * @param fsHandle fsHandle pointer in the sleuthkit
+ * @param fileId id of the file
+ * @return pointer to a file structure in the sleuthkit
+ */
+ public static long openFile(long fsHandle, long fileId) throws TskException{
return openFileNat(fsHandle, fileId);
}
-
+
//do reads
- /**
- * reads data from an image
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return an array of characters (bytes of data)
- */
- public static byte[] readImg(long imgHandle, long offset, long len) throws TskException{
+ /**
+ * reads data from an image
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return an array of characters (bytes of data)
+ */
+ public static byte[] readImg(long imgHandle, long offset, long len) throws TskException{
//returned byte[] is the data buffer
return readImgNat(imgHandle, offset, len);
}
- /**
- * reads data from an volume system
- * @param vsHandle pointer to a volume system structure in the sleuthkit
- * @param offset sector offset in the image to start at
- * @param len amount of data to read
- * @return an array of characters (bytes of data)
- */
- public static byte[] readVs(long vsHandle, long offset, long len) throws TskException{
+ /**
+ * reads data from an volume system
+ * @param vsHandle pointer to a volume system structure in the sleuthkit
+ * @param offset sector offset in the image to start at
+ * @param len amount of data to read
+ * @return an array of characters (bytes of data)
+ */
+ public static byte[] readVs(long vsHandle, long offset, long len) throws TskException{
return readVsNat(vsHandle, offset, len);
}
- /**
- * reads data from an volume
- * @param volHandle pointer to a volume structure in the sleuthkit
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return an array of characters (bytes of data)
- */
- public static byte[] readVsPart(long volHandle, long offset, long len) throws TskException{
+ /**
+ * reads data from an volume
+ * @param volHandle pointer to a volume structure in the sleuthkit
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return an array of characters (bytes of data)
+ */
+ public static byte[] readVsPart(long volHandle, long offset, long len) throws TskException{
//returned byte[] is the data buffer
return readVolNat(volHandle, offset, len);
}
- /**
- * reads data from an file system
- * @param fsHandle pointer to a file system structure in the sleuthkit
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return an array of characters (bytes of data)
- */
- public static byte[] readFs(long fsHandle, long offset, long len) throws TskException{
+ /**
+ * reads data from an file system
+ * @param fsHandle pointer to a file system structure in the sleuthkit
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return an array of characters (bytes of data)
+ */
+ public static byte[] readFs(long fsHandle, long offset, long len) throws TskException{
//returned byte[] is the data buffer
return readFsNat(fsHandle, offset, len);
}
- /**
- * reads data from an file
- * @param fileHandle pointer to a file structure in the sleuthkit
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return an array of characters (bytes of data)
- */
- public static byte[] readFile(long fileHandle, long offset, long len) throws TskException{
+ /**
+ * reads data from an file
+ * @param fileHandle pointer to a file structure in the sleuthkit
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return an array of characters (bytes of data)
+ */
+ public static byte[] readFile(long fileHandle, long offset, long len) throws TskException{
//returned byte[] is the data buffer
return readFileNat(fileHandle, offset, len);
}
-
+
//free pointers
- /**
- * frees the imgHandle pointer
- */
- public static void closeImg(long imgHandle){
+ /**
+ * frees the imgHandle pointer
+ */
+ public static void closeImg(long imgHandle){
closeImgNat(imgHandle);
}
- /**
- * frees the vsHandle pointer
- * @param vsHandle pointer to volume system structure in sleuthkit
- */
- public static void closeVs(long vsHandle){
+ /**
+ * frees the vsHandle pointer
+ * @param vsHandle pointer to volume system structure in sleuthkit
+ */
+ public static void closeVs(long vsHandle){
closeVsNat(vsHandle);
}
- /**
- * frees the volHandle pointer
- * @param volHandle pointer to volume structure in sleuthkit
- */
- public static void closeVsPart(long volHandle){
- closeVolNat(volHandle);
- }
- /**
- * frees the fsHandle pointer
- * @param fsHandle pointer to file system structure in sleuthkit
- */
- public static void closeFs(long fsHandle){
+
+ /**
+ * frees the fsHandle pointer
+ * @param fsHandle pointer to file system structure in sleuthkit
+ */
+ public static void closeFs(long fsHandle){
closeFsNat(fsHandle);
}
- /**
- * frees the fileHandle pointer
- * @param fileHandle pointer to file structure in sleuthkit
- */
- public static void closeFile(long fileHandle){
+ /**
+ * frees the fileHandle pointer
+ * @param fileHandle pointer to file structure in sleuthkit
+ */
+ public static void closeFile(long fileHandle){
closeFileNat(fileHandle);
}
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TskData.java b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
index cc0d05b86c5cd7c5a980488ad25e3cff0e7b0391..e49c52659f74f6a58995e226f1b0ceb0b7d194ef 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TskData.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
@@ -1,6 +1,20 @@
/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package org.sleuthkit.datamodel;
@@ -12,170 +26,170 @@
*/
public class TskData {
- // Enum and Arrya for Directory Type
- public enum TSK_FS_NAME_TYPE_ENUM {
- TSK_FS_NAME_TYPE_UNDEF(0), ///< Unknown type
- TSK_FS_NAME_TYPE_FIFO(1), ///< Named pipe
- TSK_FS_NAME_TYPE_CHR(2), ///< Character device
- TSK_FS_NAME_TYPE_DIR(3), ///< Directory
- TSK_FS_NAME_TYPE_BLK(4), ///< Block device
- TSK_FS_NAME_TYPE_REG(5), ///< Regular file
- TSK_FS_NAME_TYPE_LNK(6), ///< Symbolic link
- TSK_FS_NAME_TYPE_SOCK(7), ///< Socket
- TSK_FS_NAME_TYPE_SHAD(8), ///< Shadow inode (solaris)
- TSK_FS_NAME_TYPE_WHT(9), ///< Whiteout (openbsd)
- TSK_FS_NAME_TYPE_VIRT(10), ///< Special (TSK added "Virtual" files)
- TSK_FS_NAME_TYPE_STR_MAX(11); ///< Number of types that have a short string name
-
- private long dir_type;
-
- private TSK_FS_NAME_TYPE_ENUM(long type){
- dir_type = type;
- }
-
- public long getDirType(){
- return dir_type;
- }
- }
-
- public static String[] tsk_fs_name_type_str = { "-", "p", "c", "d", "b", "r", "l", "s", "h", "w", "v"};
-
-
- // Enum and Array for Meta Type
- public enum TSK_FS_META_TYPE_ENUM {
- TSK_FS_META_TYPE_UNDEF(0),
- TSK_FS_META_TYPE_REG(1), ///< Regular file
- TSK_FS_META_TYPE_DIR(2), ///< Directory file
- TSK_FS_META_TYPE_FIFO(3), ///< Named pipe (fifo)
- TSK_FS_META_TYPE_CHR(4), ///< Character device
- TSK_FS_META_TYPE_BLK(5), ///< Block device
- TSK_FS_META_TYPE_LNK(6), ///< Symbolic link
- TSK_FS_META_TYPE_SHAD(7), ///< SOLARIS ONLY
- TSK_FS_META_TYPE_SOCK(8), ///< UNIX domain socket
- TSK_FS_META_TYPE_WHT(9), ///< Whiteout
- TSK_FS_META_TYPE_VIRT(10), ///< "Virtual File" created by TSK for file system areas
- TSK_FS_META_TYPE_STR_MAX(11); ///< Number of file types in shortname array
-
- private long meta_type;
-
- private TSK_FS_META_TYPE_ENUM(long type){
- meta_type = type;
- }
-
- public long getMetaType(){
- return meta_type;
- }
- }
-
- public static String[] tsk_fs_meta_type_str = { "-", "r", "d", "p", "c", "b", "l", "s", "h", "w", "v"};
-
- // Enum for Directory Flags
- public enum TSK_FS_NAME_FLAG_ENUM {
- TSK_FS_NAME_FLAG_ALLOC(1), ///< Name is in an allocated state
- TSK_FS_NAME_FLAG_UNALLOC(2); ///< Name is in an unallocated state
-
- private long dir_flag;
-
- private TSK_FS_NAME_FLAG_ENUM(long flag){
- dir_flag = flag;
- }
-
- public long getDirFlag(){
- return dir_flag;
- }
- }
-
-
- // Enum for Meta Flags
- public enum TSK_FS_META_FLAG_ENUM {
- TSK_FS_META_FLAG_ALLOC(1), ///< Metadata structure is currently in an allocated state
- TSK_FS_META_FLAG_UNALLOC(2), ///< Metadata structure is currently in an unallocated state
- TSK_FS_META_FLAG_USED(4), ///< Metadata structure has been allocated at least once
- TSK_FS_META_FLAG_UNUSED(8), ///< Metadata structure has never been allocated.
- TSK_FS_META_FLAG_COMP(16), ///< The file contents are compressed.
- TSK_FS_META_FLAG_ORPHAN(32); ///< Return only metadata structures that have no file name pointing to the (inode_walk flag only)
-
- private long meta_flag;
-
- private TSK_FS_META_FLAG_ENUM(long flag){
- meta_flag = flag;
- }
-
- public long getMetaFlag(){
- return meta_flag;
- }
- }
-
- // Enum for Volume System Flags
- public enum TSK_VS_PART_FLAG_ENUM{
- TSK_VS_PART_FLAG_ALLOC(1), ///< Sectors are allocated to a volume in the volume system
- TSK_VS_PART_FLAG_UNALLOC(2), ///< Sectors are not allocated to a volume
- TSK_VS_PART_FLAG_META(4), ///< Sectors contain volume system metadata and could also be ALLOC or UNALLOC
- TSK_VS_PART_FLAG_ALL(7); ///< Show all sectors in the walk.
-
- private long vs_flag;
-
- private TSK_VS_PART_FLAG_ENUM(long flag){
- vs_flag = flag;
- }
-
- public long getVsFlag(){
- return vs_flag;
- }
- }
-
- // Enum for Mode
- public enum TSK_FS_META_MODE_ENUM {
- /* The following describe the file permissions */
- TSK_FS_META_MODE_ISUID(0004000), ///< set user id on execution
- TSK_FS_META_MODE_ISGID(0002000), ///< set group id on execution
- TSK_FS_META_MODE_ISVTX(0001000), ///< sticky bit
-
- TSK_FS_META_MODE_IRUSR(0000400), ///< R for owner
- TSK_FS_META_MODE_IWUSR(0000200), ///< W for owner
- TSK_FS_META_MODE_IXUSR(0000100), ///< X for owner
-
- TSK_FS_META_MODE_IRGRP(0000040), ///< R for group
- TSK_FS_META_MODE_IWGRP(0000020), ///< W for group
- TSK_FS_META_MODE_IXGRP(0000010), ///< X for group
-
- TSK_FS_META_MODE_IROTH(0000004), ///< R for other
- TSK_FS_META_MODE_IWOTH(0000002), ///< W for other
- TSK_FS_META_MODE_IXOTH(0000001); ///< X for other
-
- private long mode;
-
- private TSK_FS_META_MODE_ENUM(long mode){
- this.mode = mode;
- }
-
- public long getMode(){
- return mode;
- }
- };
-
- // Enum for Image Type
- public enum TSK_IMG_TYPE_ENUM {
- /* The following describe the image type */
- TSK_IMG_TYPE_DETECT(0), // Auto Detection
- TSK_IMG_TYPE_RAW_SING(1), // Single raw file (dd)
- TSK_IMG_TYPE_RAW_SPLIT(2), // Split raw files
- TSK_IMG_TYPE_AFF_AFF(4), // Advanced Forensic Format
- TSK_IMG_TYPE_AFF_AFD(8), // AFF Multiple File
- TSK_IMG_TYPE_AFF_AFM(16), // AFF with external metadata
- TSK_IMG_TYPE_AFF_ANY(32), // All AFFLIB image formats (including beta ones)
- TSK_IMG_TYPE_EWF_EWF(64), // Expert Witness format (encase)
- TSK_IMG_TYPE_UNSUPP(65535); // Unsupported Image Type
-
- private long imgType;
-
- private TSK_IMG_TYPE_ENUM (long type){
- this.imgType = type;
- }
-
- public long getImageType(){
- return imgType;
- }
- };
+ // Enum and Arrya for Directory Type
+ public enum TSK_FS_NAME_TYPE_ENUM {
+ TSK_FS_NAME_TYPE_UNDEF(0), ///< Unknown type
+ TSK_FS_NAME_TYPE_FIFO(1), ///< Named pipe
+ TSK_FS_NAME_TYPE_CHR(2), ///< Character device
+ TSK_FS_NAME_TYPE_DIR(3), ///< Directory
+ TSK_FS_NAME_TYPE_BLK(4), ///< Block device
+ TSK_FS_NAME_TYPE_REG(5), ///< Regular file
+ TSK_FS_NAME_TYPE_LNK(6), ///< Symbolic link
+ TSK_FS_NAME_TYPE_SOCK(7), ///< Socket
+ TSK_FS_NAME_TYPE_SHAD(8), ///< Shadow inode (solaris)
+ TSK_FS_NAME_TYPE_WHT(9), ///< Whiteout (openbsd)
+ TSK_FS_NAME_TYPE_VIRT(10), ///< Special (TSK added "Virtual" files)
+ TSK_FS_NAME_TYPE_STR_MAX(11); ///< Number of types that have a short string name
+
+ private long dir_type;
+
+ private TSK_FS_NAME_TYPE_ENUM(long type){
+ dir_type = type;
+ }
+
+ public long getDirType(){
+ return dir_type;
+ }
+ }
+
+ public static String[] tsk_fs_name_type_str = { "-", "p", "c", "d", "b", "r", "l", "s", "h", "w", "v"};
+
+
+ // Enum and Array for Meta Type
+ public enum TSK_FS_META_TYPE_ENUM {
+ TSK_FS_META_TYPE_UNDEF(0),
+ TSK_FS_META_TYPE_REG(1), ///< Regular file
+ TSK_FS_META_TYPE_DIR(2), ///< Directory file
+ TSK_FS_META_TYPE_FIFO(3), ///< Named pipe (fifo)
+ TSK_FS_META_TYPE_CHR(4), ///< Character device
+ TSK_FS_META_TYPE_BLK(5), ///< Block device
+ TSK_FS_META_TYPE_LNK(6), ///< Symbolic link
+ TSK_FS_META_TYPE_SHAD(7), ///< SOLARIS ONLY
+ TSK_FS_META_TYPE_SOCK(8), ///< UNIX domain socket
+ TSK_FS_META_TYPE_WHT(9), ///< Whiteout
+ TSK_FS_META_TYPE_VIRT(10), ///< "Virtual File" created by TSK for file system areas
+ TSK_FS_META_TYPE_STR_MAX(11); ///< Number of file types in shortname array
+
+ private long meta_type;
+
+ private TSK_FS_META_TYPE_ENUM(long type){
+ meta_type = type;
+ }
+
+ public long getMetaType(){
+ return meta_type;
+ }
+ }
+
+ public static String[] tsk_fs_meta_type_str = { "-", "r", "d", "p", "c", "b", "l", "s", "h", "w", "v"};
+
+ // Enum for Directory Flags
+ public enum TSK_FS_NAME_FLAG_ENUM {
+ TSK_FS_NAME_FLAG_ALLOC(1), ///< Name is in an allocated state
+ TSK_FS_NAME_FLAG_UNALLOC(2); ///< Name is in an unallocated state
+
+ private long dir_flag;
+
+ private TSK_FS_NAME_FLAG_ENUM(long flag){
+ dir_flag = flag;
+ }
+
+ public long getDirFlag(){
+ return dir_flag;
+ }
+ }
+
+
+ // Enum for Meta Flags
+ public enum TSK_FS_META_FLAG_ENUM {
+ TSK_FS_META_FLAG_ALLOC(1), ///< Metadata structure is currently in an allocated state
+ TSK_FS_META_FLAG_UNALLOC(2), ///< Metadata structure is currently in an unallocated state
+ TSK_FS_META_FLAG_USED(4), ///< Metadata structure has been allocated at least once
+ TSK_FS_META_FLAG_UNUSED(8), ///< Metadata structure has never been allocated.
+ TSK_FS_META_FLAG_COMP(16), ///< The file contents are compressed.
+ TSK_FS_META_FLAG_ORPHAN(32); ///< Return only metadata structures that have no file name pointing to the (inode_walk flag only)
+
+ private long meta_flag;
+
+ private TSK_FS_META_FLAG_ENUM(long flag){
+ meta_flag = flag;
+ }
+
+ public long getMetaFlag(){
+ return meta_flag;
+ }
+ }
+
+ // Enum for Volume System Flags
+ public enum TSK_VS_PART_FLAG_ENUM{
+ TSK_VS_PART_FLAG_ALLOC(1), ///< Sectors are allocated to a volume in the volume system
+ TSK_VS_PART_FLAG_UNALLOC(2), ///< Sectors are not allocated to a volume
+ TSK_VS_PART_FLAG_META(4), ///< Sectors contain volume system metadata and could also be ALLOC or UNALLOC
+ TSK_VS_PART_FLAG_ALL(7); ///< Show all sectors in the walk.
+
+ private long vs_flag;
+
+ private TSK_VS_PART_FLAG_ENUM(long flag){
+ vs_flag = flag;
+ }
+
+ public long getVsFlag(){
+ return vs_flag;
+ }
+ }
+
+ // Enum for Mode
+ public enum TSK_FS_META_MODE_ENUM {
+ /* The following describe the file permissions */
+ TSK_FS_META_MODE_ISUID(0004000), ///< set user id on execution
+ TSK_FS_META_MODE_ISGID(0002000), ///< set group id on execution
+ TSK_FS_META_MODE_ISVTX(0001000), ///< sticky bit
+
+ TSK_FS_META_MODE_IRUSR(0000400), ///< R for owner
+ TSK_FS_META_MODE_IWUSR(0000200), ///< W for owner
+ TSK_FS_META_MODE_IXUSR(0000100), ///< X for owner
+
+ TSK_FS_META_MODE_IRGRP(0000040), ///< R for group
+ TSK_FS_META_MODE_IWGRP(0000020), ///< W for group
+ TSK_FS_META_MODE_IXGRP(0000010), ///< X for group
+
+ TSK_FS_META_MODE_IROTH(0000004), ///< R for other
+ TSK_FS_META_MODE_IWOTH(0000002), ///< W for other
+ TSK_FS_META_MODE_IXOTH(0000001); ///< X for other
+
+ private long mode;
+
+ private TSK_FS_META_MODE_ENUM(long mode){
+ this.mode = mode;
+ }
+
+ public long getMode(){
+ return mode;
+ }
+ };
+
+ // Enum for Image Type
+ public enum TSK_IMG_TYPE_ENUM {
+ /* The following describe the image type */
+ TSK_IMG_TYPE_DETECT(0), // Auto Detection
+ TSK_IMG_TYPE_RAW_SING(1), // Single raw file (dd)
+ TSK_IMG_TYPE_RAW_SPLIT(2), // Split raw files
+ TSK_IMG_TYPE_AFF_AFF(4), // Advanced Forensic Format
+ TSK_IMG_TYPE_AFF_AFD(8), // AFF Multiple File
+ TSK_IMG_TYPE_AFF_AFM(16), // AFF with external metadata
+ TSK_IMG_TYPE_AFF_ANY(32), // All AFFLIB image formats (including beta ones)
+ TSK_IMG_TYPE_EWF_EWF(64), // Expert Witness format (encase)
+ TSK_IMG_TYPE_UNSUPP(65535); // Unsupported Image Type
+
+ private long imgType;
+
+ private TSK_IMG_TYPE_ENUM (long type){
+ this.imgType = type;
+ }
+
+ public long getImageType(){
+ return imgType;
+ }
+ };
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TskException.java b/bindings/java/src/org/sleuthkit/datamodel/TskException.java
index 4e64e1145508b654485f9661d08bd7c9ca2feace..8149c2427cf3abebd76a93135c75ee5ddf2755e0 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TskException.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskException.java
@@ -1,6 +1,20 @@
/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package org.sleuthkit.datamodel;
@@ -10,9 +24,8 @@
* @author alawrence
*/
public class TskException extends Exception{
- public TskException(String msg){
- super(msg);
- }
-
+ public TskException(String msg){
+ super(msg);
+ }
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Volume.java b/bindings/java/src/org/sleuthkit/datamodel/Volume.java
index 876419ef7067c586c3378c66c122294389ce2660..9e5ba00e783302656cb8c63a1c820159097d1c67 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Volume.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/Volume.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
import java.sql.SQLException;
@@ -7,192 +25,186 @@
* @author alawrence
*/
public class Volume implements Content{
- // @@@ We should mark these as private and comment somewhere what the units are (bytes, sectors, etc.)
- long vol_id, start, length, flags;
- String desc;
- private Sleuthkit db;
- private VolumeSystem parentVs;
- private long volumeHandle = 0;
-
- /**
- * Constructor most inputs are from the database
- * @param db database object
- * @param vol_id
- * @param start
- * @param length
- * @param flags
- * @param desc
- */
- protected Volume(Sleuthkit db, long vol_id, long start, long length, long flags, String descr){
- this.db = db;
- this.vol_id = vol_id;
- this.start = start;
- this.length = length;
- this.flags = flags;
- if(!descr.equals("")){
- this.desc = descr;
- }
- else{
- this.desc = "Unknown";
- }
-
- }
-
- /**
- * set the parent volume system. called by the parent on creation
- * @param parent parent volume system
- */
- protected void setParent(VolumeSystem parent){
- parentVs = parent;
- }
-
- /**
- * get the file system in this volume
- * @return file system
- */
- public FileSystem getFileSystem() throws SQLException{
- //get the file system corresponding to this volume if any
- FileSystem fs = db.getFileSystem(vol_id);
- if (fs != null){
- fs.setParent(this);
- }
- return fs;
- }
-
- /**
- * read from this volume
- * @param offset in bytes
- * @param len in bytes
- * @return the byte data
- * @throws TskException
- */
- @Override
- public byte[] read(long offset, long len) throws TskException {
- // read from the volume
- if(volumeHandle == 0){
- volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), vol_id);
- }
- return SleuthkitJNI.readVsPart(volumeHandle, offset, len);
- }
-
- @Override
- public long getSize() {
- // size of the volume
- return length;
- }
-
- /**
- * get the parent volume system
- * @return parent volume system object
- */
- public VolumeSystem getParent(){
- return parentVs;
- }
-
- /**
- * get the sleuthkit database object
- * @return the sleuthkit object
- */
- public Sleuthkit getSleuthkit(){
- return db;
- }
-
- //methods get exact data from database. could be manipulated to get more
- //meaningful data.
- /**
- * get the volume id
- * @return volume id
- */
- public long getVol_id() {
- return vol_id;
- }
- /**
- * get the starting byte offset
- * @return starting byte offset
- */
- public long getStart() {
- return start;
- }
- /**
- * get the length
- * @return length
- */
- public long getLength() {
- return length;
- }
- /**
- * get the flags
- * @return flags
- */
- public long getFlags() {
- return flags;
- }
- /**
- * get the flags as String
- * @return flags as String
- */
- public String getFlagsAsString() {
- return Volume.vsFlagToString(flags);
- }
-
- /**
- * get the description
- * @return description
- */
- public String getDescription(){
- return desc;
- }
-
- public void finalize(){
- if(volumeHandle != 0){
- SleuthkitJNI.closeVsPart(volumeHandle);
- }
- }
-
- // ----- Here all the methods for vs flags conversion / mapping -----
- public static String vsFlagToValue(long vsFlag){
-
- String result = "";
-
- for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()){
- if(flag.getVsFlag() == vsFlag){
- result = flag.toString();
- }
- }
- return result;
- }
-
- public static long valueToVsFlag(String vsFlag){
-
- long result = 0;
-
- for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()){
- if(flag.toString().equals(vsFlag)){
- result = flag.getVsFlag();
- }
- }
- return result;
- }
-
- public static String vsFlagToString(long vsFlag){
-
- String result = "";
-
- long allocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC.getVsFlag();
- long unallocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.getVsFlag();
-
- // some variables that might be needed in the future
- long metaFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META.getVsFlag();
- long allFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL.getVsFlag();
-
- if((vsFlag & allocFlag) == allocFlag){
- result = "Allocated";
- }
- if((vsFlag & unallocFlag) == unallocFlag){
- result = "Unallocated";
- }
- // ... add more code here if needed
-
- return result;
- }
+ // @@@ We should mark these as private and comment somewhere what the units are (bytes, sectors, etc.)
+ long vol_id, start, length, flags;
+ String desc;
+ private Sleuthkit db;
+ private VolumeSystem parentVs;
+ private long volumeHandle = 0;
+
+ /**
+ * Constructor most inputs are from the database
+ * @param db database object
+ * @param vol_id
+ * @param start
+ * @param length
+ * @param flags
+ * @param desc
+ */
+ protected Volume(Sleuthkit db, long vol_id, long start, long length, long flags, String descr){
+ this.db = db;
+ this.vol_id = vol_id;
+ this.start = start;
+ this.length = length;
+ this.flags = flags;
+ if(!descr.equals("")){
+ this.desc = descr;
+ }
+ else{
+ this.desc = "Unknown";
+ }
+
+ }
+
+ /**
+ * set the parent volume system. called by the parent on creation
+ * @param parent parent volume system
+ */
+ protected void setParent(VolumeSystem parent){
+ parentVs = parent;
+ }
+
+ /**
+ * get the file system in this volume
+ * @return file system
+ */
+ public FileSystem getFileSystem() throws SQLException{
+ //get the file system corresponding to this volume if any
+ FileSystem fs = db.getFileSystem(vol_id);
+ if (fs != null){
+ fs.setParent(this);
+ }
+ return fs;
+ }
+
+ /**
+ * read from this volume
+ * @param offset in bytes
+ * @param len in bytes
+ * @return the byte data
+ * @throws TskException
+ */
+ @Override
+ public byte[] read(long offset, long len) throws TskException {
+ // read from the volume
+ if(volumeHandle == 0){
+ volumeHandle = SleuthkitJNI.openVsPart(parentVs.getVolumeSystemHandle(), vol_id);
+ }
+ return SleuthkitJNI.readVsPart(volumeHandle, offset, len);
+ }
+
+ @Override
+ public long getSize() {
+ // size of the volume
+ return length;
+ }
+
+ /**
+ * get the parent volume system
+ * @return parent volume system object
+ */
+ public VolumeSystem getParent(){
+ return parentVs;
+ }
+
+ /**
+ * get the sleuthkit database object
+ * @return the sleuthkit object
+ */
+ public Sleuthkit getSleuthkit(){
+ return db;
+ }
+
+ //methods get exact data from database. could be manipulated to get more
+ //meaningful data.
+ /**
+ * get the volume id
+ * @return volume id
+ */
+ public long getVol_id() {
+ return vol_id;
+ }
+ /**
+ * get the starting byte offset
+ * @return starting byte offset
+ */
+ public long getStart() {
+ return start;
+ }
+ /**
+ * get the length
+ * @return length
+ */
+ public long getLength() {
+ return length;
+ }
+ /**
+ * get the flags
+ * @return flags
+ */
+ public long getFlags() {
+ return flags;
+ }
+ /**
+ * get the flags as String
+ * @return flags as String
+ */
+ public String getFlagsAsString() {
+ return Volume.vsFlagToString(flags);
+ }
+
+ /**
+ * get the description
+ * @return description
+ */
+ public String getDescription(){
+ return desc;
+ }
+
+ // ----- Here all the methods for vs flags conversion / mapping -----
+ public static String vsFlagToValue(long vsFlag){
+
+ String result = "";
+
+ for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()){
+ if(flag.getVsFlag() == vsFlag){
+ result = flag.toString();
+ }
+ }
+ return result;
+ }
+
+ public static long valueToVsFlag(String vsFlag){
+
+ long result = 0;
+
+ for (TskData.TSK_VS_PART_FLAG_ENUM flag : TskData.TSK_VS_PART_FLAG_ENUM.values()){
+ if(flag.toString().equals(vsFlag)){
+ result = flag.getVsFlag();
+ }
+ }
+ return result;
+ }
+
+ public static String vsFlagToString(long vsFlag){
+
+ String result = "";
+
+ long allocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALLOC.getVsFlag();
+ long unallocFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_UNALLOC.getVsFlag();
+
+ // some variables that might be needed in the future
+ long metaFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_META.getVsFlag();
+ long allFlag = TskData.TSK_VS_PART_FLAG_ENUM.TSK_VS_PART_FLAG_ALL.getVsFlag();
+
+ if((vsFlag & allocFlag) == allocFlag){
+ result = "Allocated";
+ }
+ if((vsFlag & unallocFlag) == unallocFlag){
+ result = "Unallocated";
+ }
+ // ... add more code here if needed
+
+ return result;
+ }
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/VolumeSystem.java b/bindings/java/src/org/sleuthkit/datamodel/VolumeSystem.java
index 3c6895f27372619f6abbe20ffa6ceab6f0a9bc39..e14099203ca3b4e1d3a733223764eab60b2d40c6 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/VolumeSystem.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/VolumeSystem.java
@@ -1,3 +1,21 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
package org.sleuthkit.datamodel;
import java.sql.SQLException;
@@ -13,51 +31,53 @@ public class VolumeSystem implements Content{
private long type, imgOffset, blockSize;
private Image parent;
private ArrayList<Long> vol_ids;
-
- /**
- * Constructor most inputs are from the database
- * @param db database object
- * @param type
- * @param imgOffset
- * @param blockSize
- * @param vol_ids
- */
- protected VolumeSystem(Sleuthkit db, long type, long imgOffset, long blockSize, ArrayList<Long> vol_ids){
+
+ /**
+ * Constructor most inputs are from the database
+ * @param db database object
+ * @param type
+ * @param imgOffset
+ * @param blockSize
+ * @param vol_ids
+ */
+ protected VolumeSystem(Sleuthkit db, long type, long imgOffset, long blockSize, ArrayList<Long> vol_ids){
this.db = db;
this.type = type;
this.imgOffset = imgOffset;
this.blockSize = blockSize;
this.vol_ids = vol_ids;
}
-
- /**
- * set the parent image called by parent on creation
- * @param parent parent image
- */
- protected void setParent(Image parent){
+
+ /**
+ * set the parent image called by parent on creation
+ * @param parent parent image
+ */
+ protected void setParent(Image parent){
this.parent = parent;
}
- //byte offset
+
+ //byte offset
public byte[] read(long offset, long len) throws TskException{
if(volumeSystemHandle == 0){
volumeSystemHandle = SleuthkitJNI.openVs(this.getParent().getImageHandle(), imgOffset);
}
return SleuthkitJNI.readVs(volumeSystemHandle, offset, len);
}
- /**
- * get the sleuthkit database object
- * @return the sleuthkit object
- */
- public Sleuthkit getSleuthkit(){
- return db;
- }
+
+ /**
+ * get the sleuthkit database object
+ * @return the sleuthkit object
+ */
+ public Sleuthkit getSleuthkit(){
+ return db;
+ }
- /**
- * get the volume in the volume system with the given id
- * @param id volume id
- * @return volume
- */
- public Volume getVolume(long id) throws SQLException{
+ /**
+ * get the volume in the volume system with the given id
+ * @param id volume id
+ * @return volume
+ */
+ public Volume getVolume(long id) throws SQLException{
//get given volume.
Volume vol = db.getVolume(id);
if (vol != null){
@@ -65,61 +85,61 @@ public Volume getVolume(long id) throws SQLException{
}
return vol;
}
-
- /**
- * get the parent image
- * @return parent image
- */
- public Image getParent(){
+
+ /**
+ * get the parent image
+ * @return parent image
+ */
+ public Image getParent(){
return parent;
}
- /**
- * get the size of the volume system
- * @return the size of the volume system
- */
+ /**
+ * get the size of the volume system
+ * @return the size of the volume system
+ */
public long getSize() {
return 0;
}
- /**
- * get the type
- * @return type
- */
- public long getType(){
+ /**
+ * get the type
+ * @return type
+ */
+ public long getType(){
return type;
}
- /**
- * get the byte offset
- * @return byte offset
- */
- public long getOffset(){
+ /**
+ * get the byte offset
+ * @return byte offset
+ */
+ public long getOffset(){
return imgOffset;
}
- /**
- * get the block size
- * @return block size
- */
- public long getBlockSize(){
+ /**
+ * get the block size
+ * @return block size
+ */
+ public long getBlockSize(){
return blockSize;
}
- /**
- * get the volume system Handle pointer
- * @return volume system Handle pointer
- */
- protected long getVolumeSystemHandle() throws TskException{
+ /**
+ * get the volume system Handle pointer
+ * @return volume system Handle pointer
+ */
+ protected long getVolumeSystemHandle() throws TskException{
if (volumeSystemHandle == 0){
volumeSystemHandle = SleuthkitJNI.openVs(this.getParent().getImageHandle(), imgOffset);
}
-
+
return volumeSystemHandle;
}
- /**
- * get the child volume ids
- * @return child volume ids
- */
- public ArrayList<Long> getVolIds(){
+ /**
+ * get the child volume ids
+ * @return child volume ids
+ */
+ public ArrayList<Long> getVolIds(){
return vol_ids;
}
-
+
public void finalize(){
SleuthkitJNI.closeVs(volumeSystemHandle);
}
diff --git a/tsk3/auto/auto.cpp b/tsk3/auto/auto.cpp
index 54330e10a8a02b87340a546d6799cc00d3d4ffdd..f5b6ca800483290c94ad663f87fafab3d108db6f 100644
--- a/tsk3/auto/auto.cpp
+++ b/tsk3/auto/auto.cpp
@@ -73,7 +73,7 @@ uint8_t
* @returns 1 on error, 0 on success
*/
uint8_t
- TskAuto::openImageUtf8(int a_numImg, const char *const a_images[],
+ TskAuto::openImageUtf8(int a_numImg, const char * const a_images[],
TSK_IMG_TYPE_ENUM a_imgType, unsigned int a_sSize)
{
if (m_img_info)
diff --git a/tsk3/auto/auto_db.cpp b/tsk3/auto/auto_db.cpp
index 1797bf0a7612751727d1acb1de2cde119004bee5..eaa645724f3c0293dffd6d47bde00883332f5e6c 100644
--- a/tsk3/auto/auto_db.cpp
+++ b/tsk3/auto/auto_db.cpp
@@ -258,7 +258,13 @@ uint8_t
#endif
}
-uint8_t TskAutoDb::initDatabase(char **img_ptrs, int a_num)
+/**
+ * Creates the basic database tables for the created database (m_db) then populates the image tables
+ * @param img_ptrs The paths to the image splits
+ * @return Resturns 1 on error
+ */
+
+uint8_t TskAutoDb::initDatabase(const char * const img_ptrs[], int a_num)
{
char
foo[1024];
@@ -347,7 +353,7 @@ uint8_t TskAutoDb::initDatabase(char **img_ptrs, int a_num)
for (int i = 0; i < a_num; i++) {
int
a;
- char *
+ const char *
img_ptr = NULL;
img_ptr = img_ptrs[i];
// get only the file name (ignore the directory name)
diff --git a/tsk3/auto/tsk_auto.h b/tsk3/auto/tsk_auto.h
index ca531d51b954286e43cd654d5b5275293f6ada7a..5d20ee9f3edcd5503dc704484942bfc44e978822 100644
--- a/tsk3/auto/tsk_auto.h
+++ b/tsk3/auto/tsk_auto.h
@@ -222,7 +222,7 @@ class TskAutoDb:public TskAuto {
bool m_vsFound;
bool m_volFound;
- uint8_t initDatabase(char **, int);
+ uint8_t initDatabase(const char * const images[], int);
TSK_RETVAL_ENUM insertFileData(TSK_FS_FILE * fs_file,
const TSK_FS_ATTR *, const char *path);
virtual TSK_RETVAL_ENUM processAttribute(TSK_FS_FILE *,