diff --git a/API-CHANGES.txt b/API-CHANGES.txt
index d008b21af5e26ccc39aae385f04993d62a8fe132..8283f9eafe41450027414637bfc271108b7ed083 100644
--- a/API-CHANGES.txt
+++ b/API-CHANGES.txt
@@ -2,3 +2,4 @@ Changes to make once we are ready to do a backwards incompatible change.
- TSK_SERVICE_ACCOUNT to TSK_ACCOUNT
- HashDB to use new TSK_BASE_HASHDB enum instead of its own ENUM
- Java SLeuthkitCase.addArtifactType shoudl return different if artifact already exists or getArtifactId should....
+- Java SleuthkitCase.findFilesWhere should return AbstractFile liek findFiles
diff --git a/NEWS.txt b/NEWS.txt
index 4feb1a76df38250bb3ab0f68118f5e2bc923165c..7b6a493240a879893221bb578af641824d3e7195 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -9,6 +9,9 @@ Core:
easier to access -- should have done this a long time ago!
- fls -m and tsk_gettimes output NTFS FNAME times to output for timelines.
- hfind with EnCase hashsets works when DB is specified (and not only index)
+- TskAuto now goes into UNALLOC partitions by default too.
+- Added support to automatically find all Cellbrite raw dump files given
+ the name of the first image.
---------------- VERSION 4.1.0 --------------
diff --git a/bindings/java/src/org/sleuthkit/datamodel/LibraryUtils.java b/bindings/java/src/org/sleuthkit/datamodel/LibraryUtils.java
index 081738a662037cb870606e53e8dc2fd52dc78beb..4f7d76e872b744abf575223c142509c2462e5dd4 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/LibraryUtils.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/LibraryUtils.java
@@ -1,6 +1,20 @@
/*
- * To change this template, choose Tools | Templates
- * and open the template in the editor.
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2013 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
*/
package org.sleuthkit.datamodel;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index 5fc5b0ce1dd318a0246612680887aeb76485fbd0..70bba59aee39ae730b3fcf21edfe1751850de200 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -2716,8 +2716,8 @@ else if (dataSource instanceof VirtualDirectory) {
/**
* @param dataSource the dataSource (Image, parent-less VirtualDirectory) to search for the given file name
- * @param fileName the name of the file or directory to match (case
- * insensitive)
+ * @param fileName Pattern of the name of the file or directory to match (case
+ * insensitive, used in LIKE SQL statement).
* @return a list of AbstractFile for files/directories whose name matches the
* given fileName
* @throws TskCoreException thrown if check failed
@@ -2780,10 +2780,10 @@ public List<AbstractFile> findFiles(Content dataSource, String fileName) throws
/**
* @param dataSource the dataSource (Image, parent-less VirtualDirectory) to search for the given file name
- * @param fileName the name of the file or directory to match (case
- * insensitive)
- * @param dirName the name of a parent directory of fileName (case
- * insensitive)
+ * @param fileName Pattern of the name of the file or directory to match (case
+ * insensitive, used in LIKE SQL statement).
+ * @param dirName Pattern of the name of a parent directory of fileName (case
+ * insensitive, used in LIKE SQL statement)
* @return a list of AbstractFile for files/directories whose name matches
* fileName and whose parent directory contains dirName.
*/
@@ -3547,9 +3547,9 @@ public LocalFile addLocalFile(String fileName, String localPath,
/**
* Find all files in the data source, by name and parent
* @param dataSource the dataSource (Image, parent-less VirtualDirectory) to search for the given file name
- * @param fileName the name of the file or directory to match (case
- * insensitive)
- * @param parentFile
+ * @param fileName Pattern of the name of the file or directory to match (case
+ * insensitive, used in LIKE SQL statement).
+ * @param parentFile Object for parent file/directory to find children in
* @return a list of AbstractFile for files/directories whose name matches
* fileName and that were inside a directory described by parentFile.
*/
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
index 73efa23fe2d9f590e0b251669ee2c556f765b950..abdfa26d5503e01ef6dfb99ed7aefbd073c3ae3a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitJNI.java
@@ -1,740 +1,742 @@
-/*
- * Sleuth Kit Data Model
- *
- * Copyright 2011 Basis Technology Corp.
- * Contact: carrier <at> sleuthkit <dot> org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.datamodel;
-
-import java.text.DateFormat;
-import java.text.SimpleDateFormat;
-import java.util.GregorianCalendar;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.TimeZone;
-import org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM;
-
-/**
- * Interfaces with the Sleuthkit TSK c/c++ libraries Supports case management,
- * add image process, reading data off content objects Setting up Hash database
- * parameters and updating / reading values
- *
- * Caches image and filesystem handles and reuses them for the duration of the
- * application
- */
-public class SleuthkitJNI {
-
- private static final int MAX_DATABASES = 256;
-
- //Native methods
- private static native String getVersionNat();
-
- private static native void startVerboseLoggingNat(String logPath);
-
- //database
- private static native long newCaseDbNat(String dbPath) throws TskCoreException;
-
- private static native long openCaseDbNat(String path) throws TskCoreException;
-
- private static native void closeCaseDbNat(long db) throws TskCoreException;
-
- private static native int setDbNSRLNat(String hashDbPath) throws TskCoreException;
-
- private static native int addDbKnownBadNat(String hashDbPath) throws TskCoreException;
-
- private static native String getDbName(String hashDbPath) throws TskCoreException;
-
- private static native void closeDbLookupsNat() throws TskCoreException;
-
- private static native int knownBadDbLookup(String hash, int dbHandle) throws TskCoreException;
-
- private static native int nsrlDbLookup(String hash) throws TskCoreException;
-
- private static native int getIndexSizeNat(String hashDbPath) throws TskCoreException;
-
- //load image
- private static native long initAddImgNat(long db, String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) throws TskCoreException;
-
- private static native void runAddImgNat(long process, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException; // if runAddImg finishes without being stopped, revertAddImg or commitAddImg MUST be called
-
- private static native void stopAddImgNat(long process) throws TskCoreException;
-
- private static native void revertAddImgNat(long process) throws TskCoreException;
-
- private static native long commitAddImgNat(long process) throws TskCoreException;
-
- //open functions
- private static native long openImgNat(String[] imgPath, int splits) throws TskCoreException;
-
- private static native long openVsNat(long imgHandle, long vsOffset) throws TskCoreException;
-
- private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;
-
- private static native long openFsNat(long imgHandle, long fsId) throws TskCoreException;
-
- private static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException;
-
- //read functions
- private static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
-
- private static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
-
- private static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
-
- private static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
-
- private static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
-
- //close functions
- private static native void closeImgNat(long imgHandle);
-
- private static native void closeVsNat(long vsHandle);
-
- private static native void closeFsNat(long fsHandle);
-
- private static native void closeFileNat(long fileHandle);
-
- //hash-lookup database functions
- private static native void createLookupIndexNat(String dbPath) throws TskCoreException;
-
- private static native boolean lookupIndexExistsNat(String dbPath) throws TskCoreException;
-
- //util functions
- private static native long findDeviceSizeNat(String devicePath) throws TskCoreException;
-
- private static native String getCurDirNat(long process);
-
- //Linked library loading
- static {
- if (LibraryUtils.isWindows()) {
- try {
- //on windows force loading ms crt dependencies first
- //in case linker can't find them on some systems
- //Note: if shipping with a different CRT version, this will only print a warning
- //and try to use linker mechanism to find the correct versions of libs.
- //We should update this if we officially switch to a new version of CRT/compiler
- for(LibraryUtils.Lib crt : LibraryUtils.getCRTLibs()) {
- LibraryUtils.loadLibrary(crt);
- }
- System.out.println("Loaded CRT libraries");
- } catch (UnsatisfiedLinkError e1) {
- System.out.println(e1.toString());
- try {
- // Try to load from system path
- System.out.println("Can't find CRT libraries, attempting to load from System.loadLibrary");
- System.loadLibrary("msvcr100");
- System.loadLibrary("msvcp100");
- } catch (UnsatisfiedLinkError e2) {
- System.out.println("SleuthkitJNI: error loading CRT libraries, " + e2.toString());
- }
- }
- }
-
- for(LibraryUtils.Lib lib : LibraryUtils.getLibs()) {
- try {
- LibraryUtils.loadLibrary(lib);
- System.out.println("SleuthkitJNI: loaded " + lib);
- } catch (UnsatisfiedLinkError e) {
- System.out.println("SleuthkitJNI: error loading " + lib + " library, " + e.toString());
- }
- }
- }
-
- public SleuthkitJNI() {
- }
-
- /**
- * Handle to TSK Case database
- */
- public static class CaseDbHandle {
-
- private long caseDbPointer;
- //map concat. image paths to cached image handle
- private static final Map<String, Long> imageHandleCache = new HashMap<String, Long>();
- //map image and offsets to cached fs handle
- private static final Map<Long, Map<Long, Long>> fsHandleCache = new HashMap<Long, Map<Long, Long>>();
-
- private CaseDbHandle(long pointer) {
- this.caseDbPointer = pointer;
- }
-
- /**
- * Close the case database
- *
- * @throws TskCoreException exception thrown if critical error occurs
- * within TSK
- */
- void free() throws TskCoreException {
- SleuthkitJNI.closeCaseDbNat(caseDbPointer);
- }
-
- /**
- * Clear currently set lookup databases within TSK
- *
- * @throws TskCoreException exception thrown if critical error occurs
- * within TSK
- */
- void clearLookupDatabases() throws TskCoreException {
- closeDbLookupsNat();
- }
-
- /**
- * Set the NSRL database
- *
- * @param path The path to the database
- * @return a handle for that database
- */
- int setNSRLDatabase(String path) throws TskCoreException {
- return setDbNSRLNat(path);
- }
-
- /**
- * Add the known bad database
- *
- * @param path The path to the database
- * @return a handle for that database
- */
- int addKnownBadDatabase(String path) throws TskCoreException {
- return addDbKnownBadNat(path);
- }
-
- /**
- * Start the process of adding a disk image to the case
- *
- * @param timezone Timezone that image was from
- * @param processUnallocSpace true if to process unallocated space in
- * the image
- * @param noFatFsOrphans true if to skip processing of orphans on FAT
- * filesystems
- *
- * @return Object that can be used to manage the process.
- */
- AddImageProcess initAddImageProcess(String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) {
- return new AddImageProcess(timezone, processUnallocSpace, noFatFsOrphans);
- }
-
- /**
- * Encapsulates a multi-step process to add a disk image. Adding a disk
- * image takes a while and this object has objects to manage that
- * process. Methods within this class are intended to be threadsafe.
- */
- public class AddImageProcess {
-
- private String timezone;
- private boolean processUnallocSpace;
- private boolean noFatFsOrphans;
- private volatile long autoDbPointer;
-
- private AddImageProcess(String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) {
- this.timezone = timezone;
- this.processUnallocSpace = processUnallocSpace;
- this.noFatFsOrphans = noFatFsOrphans;
- autoDbPointer = 0;
- }
-
- /**
- * Start the process of adding an image to the case database. MUST
- * call either commit() or revert() after calling run().
- *
- * @param imgPath Full path(s) to the image file(s).
- * @throws TskCoreException exception thrown if critical error
- * occurs within TSK
- * @throws TskDataException exception thrown if non-critical error
- * occurs within TSK (should be OK to continue)
- */
- public void run(String[] imgPath) throws TskCoreException, TskDataException {
- if (autoDbPointer != 0) {
- throw new TskCoreException("AddImgProcess:run: AutoDB pointer is already set");
- }
-
- synchronized (this) {
- autoDbPointer = initAddImgNat(caseDbPointer, timezoneLongToShort(timezone), processUnallocSpace, noFatFsOrphans);
- }
- if (autoDbPointer == 0) {
- //additional check in case initAddImgNat didn't throw exception
- throw new TskCoreException("AddImgProcess::run: AutoDB pointer is NULL after initAddImgNat");
- }
- runAddImgNat(autoDbPointer, imgPath, imgPath.length, timezone);
- }
-
- /**
- * Call while run() is executing in another thread to prematurely
- * halt the process. Must call revert() in the other thread once the
- * stopped run() returns.
- *
- * @throws TskCoreException exception thrown if critical error
- * occurs within TSK
- */
- public void stop() throws TskCoreException {
- if (autoDbPointer == 0) {
- throw new TskCoreException("AddImgProcess::stop: AutoDB pointer is NULL");
- }
-
- stopAddImgNat(autoDbPointer);
- }
-
- /**
- * Rollback a process that has already been run(), reverting the
- * database. This releases the C++ object and no additional
- * operations can be performed. This method is threadsafe.
- *
- * @throws TskCoreException exception thrown if critical error
- * occurs within TSK
- */
- public synchronized void revert() throws TskCoreException {
- if (autoDbPointer == 0) {
- throw new TskCoreException("AddImgProcess::revert: AutoDB pointer is NULL");
- }
-
- revertAddImgNat(autoDbPointer);
- // the native code deleted the object
- autoDbPointer = 0;
- }
-
- /**
- * Finish off a process that has already been run(), closing the
- * transaction and committing the new image data to the database.
- *
- * @return The id of the image that was added. This releases the C++
- * object and no additional operations can be performed. This method
- * is threadsafe.
- *
- * @throws TskCoreException exception thrown if critical error
- * occurs within TSK
- */
- public synchronized long commit() throws TskCoreException {
- if (autoDbPointer == 0) {
- throw new TskCoreException("AddImgProcess::commit: AutoDB pointer is NULL");
- }
-
- long id = commitAddImgNat(autoDbPointer);
- // the native code deleted the object
- autoDbPointer = 0;
- return id;
- }
-
- /**
- * Gets the directory currently being processed by TSK. This method
- * is threadsafe.
- *
- * @return the currently processing directory
- */
- public synchronized String currentDirectory() {
- return autoDbPointer == 0 ? "NO_INFO" : getCurDirNat(autoDbPointer);
- }
- }
- }
-
- /**
- * Creates a new case database. Must call .free() on CaseDbHandle instance
- * when done.
- *
- * @param path Location to create the database at.
- * @return Handle for a new TskCaseDb instance.
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- static CaseDbHandle newCaseDb(String path) throws TskCoreException {
- return new CaseDbHandle(newCaseDbNat(path));
- }
-
- /**
- * Opens an existing case database. Must call .free() on CaseDbHandle
- * instance when done.
- *
- * @param path Location of the existing database.
- * @return Handle for a new TskCaseDb instance.
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- static CaseDbHandle openCaseDb(String path) throws TskCoreException {
- return new CaseDbHandle(openCaseDbNat(path));
- }
-
- /**
- * get the Sleuth Kit version string
- *
- * @return the version string
- */
- public static String getVersion() {
- return getVersionNat();
- }
-
- /**
- * Enable verbose logging and redirect stderr to the given log file.
- */
- public static void startVerboseLogging(String logPath) {
- startVerboseLoggingNat(logPath);
- }
-
- /**
- * open the image and return the image info pointer
- *
- * @param imageFiles the paths to the images
- * @return the image info pointer
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public synchronized static long openImage(String[] imageFiles) throws TskCoreException {
- long imageHandle = 0;
-
- StringBuilder keyBuilder = new StringBuilder();
- for (int i = 0; i < imageFiles.length; ++i) {
- keyBuilder.append(imageFiles[i]);
- }
- final String imageKey = keyBuilder.toString();
-
- if (CaseDbHandle.imageHandleCache.containsKey(imageKey)) //get from cache
- {
- imageHandle = CaseDbHandle.imageHandleCache.get(imageKey);
- } else {
- //open new handle and cache it
- imageHandle = openImgNat(imageFiles, imageFiles.length);
- CaseDbHandle.fsHandleCache.put(imageHandle, new HashMap<Long, Long>());
- CaseDbHandle.imageHandleCache.put(imageKey, imageHandle);
- }
-
- return imageHandle;
-
- }
-
- /**
- * Get volume system Handle
- *
- * @param imgHandle a handle to previously opened image
- * @param vsOffset byte offset in the image to the volume system (usually 0)
- * @return pointer to a vsHandle structure in the sleuthkit
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static long openVs(long imgHandle, long vsOffset) throws TskCoreException {
- return openVsNat(imgHandle, vsOffset);
- }
-
- //get pointers
- /**
- * Get volume Handle
- *
- * @param vsHandle pointer to the volume system structure in the sleuthkit
- * @param volId id of the volume
- * @return pointer to a volHandle structure in the sleuthkit
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static long openVsPart(long vsHandle, long volId) throws TskCoreException {
- //returned long is ptr to vs Handle object in tsk
- return openVolNat(vsHandle, volId);
- }
-
- /**
- * Get file system Handle Opened handle is cached (transparently) so it does
- * not need be reopened next time for the duration of the application
- *
- * @param imgHandle pointer to imgHandle in sleuthkit
- * @param fsOffset byte offset to the file system
- * @return pointer to a fsHandle structure in the sleuthkit
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public synchronized static long openFs(long imgHandle, long fsOffset) throws TskCoreException {
- long fsHandle = 0;
- final Map<Long, Long> imgOffSetToFsHandle = CaseDbHandle.fsHandleCache.get(imgHandle);
- if (imgOffSetToFsHandle.containsKey(fsOffset)) {
- //return cached
- fsHandle = imgOffSetToFsHandle.get(fsOffset);
- } else {
- fsHandle = openFsNat(imgHandle, fsOffset);
- //cache it
- imgOffSetToFsHandle.put(fsOffset, fsHandle);
- }
- return fsHandle;
- }
-
- /**
- * Get file Handle
- *
- * @param fsHandle fsHandle pointer in the sleuthkit
- * @param fileId id of the file
- * @param attrType file attribute type to open
- * @param attrId file attribute id to open
- * @return pointer to a file structure in the sleuthkit
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException {
- return openFileNat(fsHandle, fileId, attrType.getValue(), attrId);
- }
-
- //do reads
- /**
- * reads data from an image
- *
- * @param imgHandle
- * @param readBuffer buffer to read to
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return the number of characters read, or -1 if the end of the stream has
- * been reached
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static int readImg(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
- //returned byte[] is the data buffer
- return readImgNat(imgHandle, readBuffer, offset, len);
- }
-
- /**
- * reads data from an volume system
- *
- * @param vsHandle pointer to a volume system structure in the sleuthkit
- * @param readBuffer buffer to read to
- * @param offset sector offset in the image to start at
- * @param len amount of data to read
- * @return the number of characters read, or -1 if the end of the stream has
- * been reached
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static int readVs(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
- return readVsNat(vsHandle, readBuffer, offset, len);
- }
-
- /**
- * reads data from an volume
- *
- * @param volHandle pointer to a volume structure in the sleuthkit
- * @param readBuffer buffer to read to
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return the number of characters read, or -1 if the end of the stream has
- * been reached
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
- //returned byte[] is the data buffer
- return readVolNat(volHandle, readBuffer, offset, len);
- }
-
- /**
- * reads data from an file system
- *
- * @param fsHandle pointer to a file system structure in the sleuthkit
- * @param readBuffer buffer to read to
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return the number of characters read, or -1 if the end of the stream has
- * been reached
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static int readFs(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
- //returned byte[] is the data buffer
- return readFsNat(fsHandle, readBuffer, offset, len);
- }
-
- /**
- * reads data from an file
- *
- * @param fileHandle pointer to a file structure in the sleuthkit
- * @param readBuffer pre-allocated buffer to read to
- * @param offset byte offset in the image to start at
- * @param len amount of data to read
- * @return the number of characters read, or -1 if the end of the stream has
- * been reached
- * @throws TskCoreException exception thrown if critical error occurs within
- * TSK
- */
- public static int readFile(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
- return readFileNat(fileHandle, readBuffer, offset, len);
- }
-
- //free pointers
- /**
- * frees the imgHandle pointer currently does not close the image, until the
- * application terminates (image handle is cached)
- *
- * @param imgHandle to close the image
- */
- public static void closeImg(long imgHandle) {
- //@@@ TODO close the image handle when Case is closed instead
- //currently the image handle is not being freed, it's cached for duration of the application
- //closeImgNat(imgHandle);
- }
-
- /**
- * frees the vsHandle pointer
- *
- * @param vsHandle pointer to volume system structure in sleuthkit
- */
- public static void closeVs(long vsHandle) {
- closeVsNat(vsHandle);
- }
-
- /**
- * frees the fsHandle pointer Currently does not do anything - preserves the
- * cached object for the duration of the application
- *
- * @param fsHandle pointer to file system structure in sleuthkit
- */
- public static void closeFs(long fsHandle) {
- //@@@ TODO close the fs handle when Case is closed instead
- //currently the fs handle is not being freed, it's cached for duration of the application
- //closeFsNat(fsHandle);
- }
-
- /**
- * frees the fileHandle pointer
- *
- * @param fileHandle pointer to file structure in sleuthkit
- */
- public static void closeFile(long fileHandle) {
- closeFileNat(fileHandle);
- }
-
- /**
- * Create an index for the given database path.
- *
- * @param dbPath The path to the database
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static void createLookupIndex(String dbPath) throws TskCoreException {
- createLookupIndexNat(dbPath);
- }
-
- /**
- * Check if an index exists for the given database path.
- *
- * @param dbPath
- * @return true if index exists
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static boolean lookupIndexExists(String dbPath) throws TskCoreException {
- return lookupIndexExistsNat(dbPath);
- }
-
- /**
- * Set the NSRL database
- *
- * @param path The path to the database
- * @return a handle for that database
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static int setNSRLDatabase(String path) throws TskCoreException {
- return setDbNSRLNat(path);
- }
-
- /**
- * Add the known bad database
- *
- * @param path The path to the database
- * @return a handle for that database
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static int addKnownBadDatabase(String path) throws TskCoreException {
- return addDbKnownBadNat(path);
- }
-
- /**
- * Get the name of the database
- *
- * @param path The path to the database
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static String getDatabaseName(String path) throws TskCoreException {
- return getDbName(path);
- }
-
- /**
- * Look up the given hash in the NSRL database
- *
- * @param hash
- * @return the status of the hash in the NSRL
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static TskData.FileKnown nsrlHashLookup(String hash) throws TskCoreException {
- return TskData.FileKnown.valueOf((byte) nsrlDbLookup(hash));
- }
-
- /**
- * Look up the given hash in the known bad database
- *
- * @param hash
- * @param dbHandle previously opened hash db handle
- * @return the status of the hash in the known bad database
- * @throws TskCoreException if a critical error occurs within TSK core
- */
- public static TskData.FileKnown knownBadHashLookup(String hash, int dbHandle) throws TskCoreException {
- return TskData.FileKnown.valueOf((byte) knownBadDbLookup(hash, dbHandle));
- }
-
- /**
- * Get the size of the index of the given database
- *
- * @param path the path to the database
- * @return the size of the index or -1 if it doesn't exist
- * @throws TskCoreException
- */
- public static int getIndexSize(String path) throws TskCoreException {
- return getIndexSizeNat(path);
- }
-
- /**
- * Convert this timezone from long to short form
- * Convert timezoneLongForm passed in from long to short form
- *
- * @param timezoneLongForm the long form (e.g., America/New_York)
- * @return the short form (e.g., EST5EDT) string representation, or an empty string if
- * empty long form was passed in
- */
- private static String timezoneLongToShort(String timezoneLongForm) {
- if (timezoneLongForm == null || timezoneLongForm.isEmpty()) {
- return "";
- }
-
- String timezoneShortForm = "";
- TimeZone zone = TimeZone.getTimeZone(timezoneLongForm);
- int offset = zone.getRawOffset() / 1000;
- int hour = offset / 3600;
- int min = (offset % 3600) / 60;
- DateFormat dfm = new SimpleDateFormat("z");
- dfm.setTimeZone(zone);
- boolean hasDaylight = zone.useDaylightTime();
- String first = dfm.format(new GregorianCalendar(2010, 1, 1).getTime()).substring(0, 3); // make it only 3 letters code
- String second = dfm.format(new GregorianCalendar(2011, 6, 6).getTime()).substring(0, 3); // make it only 3 letters code
- int mid = hour * -1;
- timezoneShortForm = first + Integer.toString(mid);
- if (min != 0) {
- timezoneShortForm = timezoneShortForm + ":" + (min < 10 ? "0" : "") + Integer.toString(min);
- }
- if (hasDaylight) {
- timezoneShortForm = timezoneShortForm + second;
- }
- return timezoneShortForm;
- }
-
- /**
- * Get size of a device (physical, logical device, image) pointed to by
- * devPath
- *
- * @param devPath device path pointing to the device
- * @return size of the device in bytes
- * @throws TskCoreException exception thrown if the device size could not be
- * queried
- */
- public static long findDeviceSize(String devPath) throws TskCoreException {
- return findDeviceSizeNat(devPath);
- }
-}
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2011 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.datamodel;
+
+import java.text.DateFormat;
+import java.text.SimpleDateFormat;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.TimeZone;
+import org.sleuthkit.datamodel.TskData.TSK_FS_ATTR_TYPE_ENUM;
+
+/**
+ * Interfaces with the Sleuthkit TSK c/c++ libraries Supports case management,
+ * add image process, reading data off content objects Setting up Hash database
+ * parameters and updating / reading values
+ *
+ * Caches image and filesystem handles and reuses them for the duration of the
+ * application
+ */
+public class SleuthkitJNI {
+
+ private static final int MAX_DATABASES = 256;
+
+ //Native methods
+ private static native String getVersionNat();
+
+ private static native void startVerboseLoggingNat(String logPath);
+
+ //database
+ private static native long newCaseDbNat(String dbPath) throws TskCoreException;
+
+ private static native long openCaseDbNat(String path) throws TskCoreException;
+
+ private static native void closeCaseDbNat(long db) throws TskCoreException;
+
+ private static native int setDbNSRLNat(String hashDbPath) throws TskCoreException;
+
+ private static native int addDbKnownBadNat(String hashDbPath) throws TskCoreException;
+
+ private static native String getDbName(String hashDbPath) throws TskCoreException;
+
+ private static native void closeDbLookupsNat() throws TskCoreException;
+
+ private static native int knownBadDbLookup(String hash, int dbHandle) throws TskCoreException;
+
+ private static native int nsrlDbLookup(String hash) throws TskCoreException;
+
+ private static native int getIndexSizeNat(String hashDbPath) throws TskCoreException;
+
+ //load image
+ private static native long initAddImgNat(long db, String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) throws TskCoreException;
+
+ private static native void runAddImgNat(long process, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException; // if runAddImg finishes without being stopped, revertAddImg or commitAddImg MUST be called
+
+ private static native void stopAddImgNat(long process) throws TskCoreException;
+
+ private static native void revertAddImgNat(long process) throws TskCoreException;
+
+ private static native long commitAddImgNat(long process) throws TskCoreException;
+
+ //open functions
+ private static native long openImgNat(String[] imgPath, int splits) throws TskCoreException;
+
+ private static native long openVsNat(long imgHandle, long vsOffset) throws TskCoreException;
+
+ private static native long openVolNat(long vsHandle, long volId) throws TskCoreException;
+
+ private static native long openFsNat(long imgHandle, long fsId) throws TskCoreException;
+
+ private static native long openFileNat(long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException;
+
+ //read functions
+ private static native int readImgNat(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
+
+ private static native int readVsNat(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
+
+ private static native int readVolNat(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
+
+ private static native int readFsNat(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
+
+ private static native int readFileNat(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException;
+
+ //close functions
+ private static native void closeImgNat(long imgHandle);
+
+ private static native void closeVsNat(long vsHandle);
+
+ private static native void closeFsNat(long fsHandle);
+
+ private static native void closeFileNat(long fileHandle);
+
+ //hash-lookup database functions
+ private static native void createLookupIndexNat(String dbPath) throws TskCoreException;
+
+ private static native boolean lookupIndexExistsNat(String dbPath) throws TskCoreException;
+
+ //util functions
+ private static native long findDeviceSizeNat(String devicePath) throws TskCoreException;
+
+ private static native String getCurDirNat(long process);
+
+ //Linked library loading
+ static {
+ if (LibraryUtils.isWindows()) {
+ try {
+ // on windows force loading ms crt dependencies first
+ // in case linker can't find them on some systems
+ // Note: if shipping with a different CRT version, this will only print a warning
+ // and try to use linker mechanism to find the correct versions of libs.
+ // We should update this if we officially switch to a new version of CRT/compiler
+
+ for(LibraryUtils.Lib crt : LibraryUtils.getCRTLibs()) {
+ LibraryUtils.loadLibrary(crt);
+ }
+ System.out.println("Loaded CRT libraries");
+ } catch (UnsatisfiedLinkError e1) {
+ System.out.println(e1.toString());
+ try {
+ //Try to load from system path.
+ System.out.println("Can't find CRT libraries, attempting to load from System.loadLibrary");
+ System.loadLibrary("msvcr100");
+ System.loadLibrary("msvcp100");
+ } catch (UnsatisfiedLinkError e2) {
+ System.out.println("SleuthkitJNI: error loading CRT libraries, " + e2.toString());
+ }
+ }
+ }
+
+ for (LibraryUtils.Lib lib : LibraryUtils.getLibs()) {
+ try {
+ LibraryUtils.loadLibrary(lib);
+ System.out.println("SleuthkitJNI: loaded " + lib);
+ } catch (UnsatisfiedLinkError e) {
+ System.out.println("SleuthkitJNI: error loading " + lib + "library, " + e.toString());
+ }
+ }
+
+ }
+
+ public SleuthkitJNI() {
+ }
+
+ /**
+ * Handle to TSK Case database
+ */
+ public static class CaseDbHandle {
+
+ private long caseDbPointer;
+ //map concat. image paths to cached image handle
+ private static final Map<String, Long> imageHandleCache = new HashMap<String, Long>();
+ //map image and offsets to cached fs handle
+ private static final Map<Long, Map<Long, Long>> fsHandleCache = new HashMap<Long, Map<Long, Long>>();
+
+ private CaseDbHandle(long pointer) {
+ this.caseDbPointer = pointer;
+ }
+
+ /**
+ * Close the case database
+ *
+ * @throws TskCoreException exception thrown if critical error occurs
+ * within TSK
+ */
+ void free() throws TskCoreException {
+ SleuthkitJNI.closeCaseDbNat(caseDbPointer);
+ }
+
+ /**
+ * Clear currently set lookup databases within TSK
+ *
+ * @throws TskCoreException exception thrown if critical error occurs
+ * within TSK
+ */
+ void clearLookupDatabases() throws TskCoreException {
+ closeDbLookupsNat();
+ }
+
+ /**
+ * Set the NSRL database
+ *
+ * @param path The path to the database
+ * @return a handle for that database
+ */
+ int setNSRLDatabase(String path) throws TskCoreException {
+ return setDbNSRLNat(path);
+ }
+
+ /**
+ * Add the known bad database
+ *
+ * @param path The path to the database
+ * @return a handle for that database
+ */
+ int addKnownBadDatabase(String path) throws TskCoreException {
+ return addDbKnownBadNat(path);
+ }
+
+ /**
+ * Start the process of adding a disk image to the case
+ *
+ * @param timezone Timezone that image was from
+ * @param processUnallocSpace true if to process unallocated space in
+ * the image
+ * @param noFatFsOrphans true if to skip processing of orphans on FAT
+ * filesystems
+ *
+ * @return Object that can be used to manage the process.
+ */
+ AddImageProcess initAddImageProcess(String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) {
+ return new AddImageProcess(timezone, processUnallocSpace, noFatFsOrphans);
+ }
+
+ /**
+ * Encapsulates a multi-step process to add a disk image. Adding a disk
+ * image takes a while and this object has objects to manage that
+ * process. Methods within this class are intended to be threadsafe.
+ */
+ public class AddImageProcess {
+
+ private String timezone;
+ private boolean processUnallocSpace;
+ private boolean noFatFsOrphans;
+ private volatile long autoDbPointer;
+
+ private AddImageProcess(String timezone, boolean processUnallocSpace, boolean noFatFsOrphans) {
+ this.timezone = timezone;
+ this.processUnallocSpace = processUnallocSpace;
+ this.noFatFsOrphans = noFatFsOrphans;
+ autoDbPointer = 0;
+ }
+
+ /**
+ * Start the process of adding an image to the case database. MUST
+ * call either commit() or revert() after calling run().
+ *
+ * @param imgPath Full path(s) to the image file(s).
+ * @throws TskCoreException exception thrown if critical error
+ * occurs within TSK
+ * @throws TskDataException exception thrown if non-critical error
+ * occurs within TSK (should be OK to continue)
+ */
+ public void run(String[] imgPath) throws TskCoreException, TskDataException {
+ if (autoDbPointer != 0) {
+ throw new TskCoreException("AddImgProcess:run: AutoDB pointer is already set");
+ }
+
+ synchronized (this) {
+ autoDbPointer = initAddImgNat(caseDbPointer, timezoneLongToShort(timezone), processUnallocSpace, noFatFsOrphans);
+ }
+ if (autoDbPointer == 0) {
+ //additional check in case initAddImgNat didn't throw exception
+ throw new TskCoreException("AddImgProcess::run: AutoDB pointer is NULL after initAddImgNat");
+ }
+ runAddImgNat(autoDbPointer, imgPath, imgPath.length, timezone);
+ }
+
+ /**
+ * Call while run() is executing in another thread to prematurely
+ * halt the process. Must call revert() in the other thread once the
+ * stopped run() returns.
+ *
+ * @throws TskCoreException exception thrown if critical error
+ * occurs within TSK
+ */
+ public void stop() throws TskCoreException {
+ if (autoDbPointer == 0) {
+ throw new TskCoreException("AddImgProcess::stop: AutoDB pointer is NULL");
+ }
+
+ stopAddImgNat(autoDbPointer);
+ }
+
+ /**
+ * Rollback a process that has already been run(), reverting the
+ * database. This releases the C++ object and no additional
+ * operations can be performed. This method is threadsafe.
+ *
+ * @throws TskCoreException exception thrown if critical error
+ * occurs within TSK
+ */
+ public synchronized void revert() throws TskCoreException {
+ if (autoDbPointer == 0) {
+ throw new TskCoreException("AddImgProcess::revert: AutoDB pointer is NULL");
+ }
+
+ revertAddImgNat(autoDbPointer);
+ // the native code deleted the object
+ autoDbPointer = 0;
+ }
+
+ /**
+ * Finish off a process that has already been run(), closing the
+ * transaction and committing the new image data to the database.
+ *
+ * @return The id of the image that was added. This releases the C++
+ * object and no additional operations can be performed. This method
+ * is threadsafe.
+ *
+ * @throws TskCoreException exception thrown if critical error
+ * occurs within TSK
+ */
+ public synchronized long commit() throws TskCoreException {
+ if (autoDbPointer == 0) {
+ throw new TskCoreException("AddImgProcess::commit: AutoDB pointer is NULL");
+ }
+
+ long id = commitAddImgNat(autoDbPointer);
+ // the native code deleted the object
+ autoDbPointer = 0;
+ return id;
+ }
+
+ /**
+ * Gets the directory currently being processed by TSK. This method
+ * is threadsafe.
+ *
+ * @return the currently processing directory
+ */
+ public synchronized String currentDirectory() {
+ return autoDbPointer == 0 ? "NO_INFO" : getCurDirNat(autoDbPointer);
+ }
+ }
+ }
+
+ /**
+ * Creates a new case database. Must call .free() on CaseDbHandle instance
+ * when done.
+ *
+ * @param path Location to create the database at.
+ * @return Handle for a new TskCaseDb instance.
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ static CaseDbHandle newCaseDb(String path) throws TskCoreException {
+ return new CaseDbHandle(newCaseDbNat(path));
+ }
+
+ /**
+ * Opens an existing case database. Must call .free() on CaseDbHandle
+ * instance when done.
+ *
+ * @param path Location of the existing database.
+ * @return Handle for a new TskCaseDb instance.
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ static CaseDbHandle openCaseDb(String path) throws TskCoreException {
+ return new CaseDbHandle(openCaseDbNat(path));
+ }
+
+ /**
+ * get the Sleuth Kit version string
+ *
+ * @return the version string
+ */
+ public static String getVersion() {
+ return getVersionNat();
+ }
+
+ /**
+ * Enable verbose logging and redirect stderr to the given log file.
+ */
+ public static void startVerboseLogging(String logPath) {
+ startVerboseLoggingNat(logPath);
+ }
+
+ /**
+ * open the image and return the image info pointer
+ *
+ * @param imageFiles the paths to the images
+ * @return the image info pointer
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public synchronized static long openImage(String[] imageFiles) throws TskCoreException {
+ long imageHandle = 0;
+
+ StringBuilder keyBuilder = new StringBuilder();
+ for (int i = 0; i < imageFiles.length; ++i) {
+ keyBuilder.append(imageFiles[i]);
+ }
+ final String imageKey = keyBuilder.toString();
+
+ if (CaseDbHandle.imageHandleCache.containsKey(imageKey)) //get from cache
+ {
+ imageHandle = CaseDbHandle.imageHandleCache.get(imageKey);
+ } else {
+ //open new handle and cache it
+ imageHandle = openImgNat(imageFiles, imageFiles.length);
+ CaseDbHandle.fsHandleCache.put(imageHandle, new HashMap<Long, Long>());
+ CaseDbHandle.imageHandleCache.put(imageKey, imageHandle);
+ }
+
+ return imageHandle;
+
+ }
+
+ /**
+ * Get volume system Handle
+ *
+ * @param imgHandle a handle to previously opened image
+ * @param vsOffset byte offset in the image to the volume system (usually 0)
+ * @return pointer to a vsHandle structure in the sleuthkit
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static long openVs(long imgHandle, long vsOffset) throws TskCoreException {
+ return openVsNat(imgHandle, vsOffset);
+ }
+
+ //get pointers
+ /**
+ * Get volume Handle
+ *
+ * @param vsHandle pointer to the volume system structure in the sleuthkit
+ * @param volId id of the volume
+ * @return pointer to a volHandle structure in the sleuthkit
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static long openVsPart(long vsHandle, long volId) throws TskCoreException {
+ //returned long is ptr to vs Handle object in tsk
+ return openVolNat(vsHandle, volId);
+ }
+
+ /**
+ * Get file system Handle Opened handle is cached (transparently) so it does
+ * not need be reopened next time for the duration of the application
+ *
+ * @param imgHandle pointer to imgHandle in sleuthkit
+ * @param fsOffset byte offset to the file system
+ * @return pointer to a fsHandle structure in the sleuthkit
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public synchronized static long openFs(long imgHandle, long fsOffset) throws TskCoreException {
+ long fsHandle = 0;
+ final Map<Long, Long> imgOffSetToFsHandle = CaseDbHandle.fsHandleCache.get(imgHandle);
+ if (imgOffSetToFsHandle.containsKey(fsOffset)) {
+ //return cached
+ fsHandle = imgOffSetToFsHandle.get(fsOffset);
+ } else {
+ fsHandle = openFsNat(imgHandle, fsOffset);
+ //cache it
+ imgOffSetToFsHandle.put(fsOffset, fsHandle);
+ }
+ return fsHandle;
+ }
+
+ /**
+ * Get file Handle
+ *
+ * @param fsHandle fsHandle pointer in the sleuthkit
+ * @param fileId id of the file
+ * @param attrType file attribute type to open
+ * @param attrId file attribute id to open
+ * @return pointer to a file structure in the sleuthkit
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static long openFile(long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException {
+ return openFileNat(fsHandle, fileId, attrType.getValue(), attrId);
+ }
+
+ //do reads
+ /**
+ * reads data from an image
+ *
+ * @param imgHandle
+ * @param readBuffer buffer to read to
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return the number of characters read, or -1 if the end of the stream has
+ * been reached
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static int readImg(long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
+ //returned byte[] is the data buffer
+ return readImgNat(imgHandle, readBuffer, offset, len);
+ }
+
+ /**
+ * reads data from an volume system
+ *
+ * @param vsHandle pointer to a volume system structure in the sleuthkit
+ * @param readBuffer buffer to read to
+ * @param offset sector offset in the image to start at
+ * @param len amount of data to read
+ * @return the number of characters read, or -1 if the end of the stream has
+ * been reached
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static int readVs(long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
+ return readVsNat(vsHandle, readBuffer, offset, len);
+ }
+
+ /**
+ * reads data from an volume
+ *
+ * @param volHandle pointer to a volume structure in the sleuthkit
+ * @param readBuffer buffer to read to
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return the number of characters read, or -1 if the end of the stream has
+ * been reached
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static int readVsPart(long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
+ //returned byte[] is the data buffer
+ return readVolNat(volHandle, readBuffer, offset, len);
+ }
+
+ /**
+ * reads data from an file system
+ *
+ * @param fsHandle pointer to a file system structure in the sleuthkit
+ * @param readBuffer buffer to read to
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return the number of characters read, or -1 if the end of the stream has
+ * been reached
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static int readFs(long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
+ //returned byte[] is the data buffer
+ return readFsNat(fsHandle, readBuffer, offset, len);
+ }
+
+ /**
+ * reads data from an file
+ *
+ * @param fileHandle pointer to a file structure in the sleuthkit
+ * @param readBuffer pre-allocated buffer to read to
+ * @param offset byte offset in the image to start at
+ * @param len amount of data to read
+ * @return the number of characters read, or -1 if the end of the stream has
+ * been reached
+ * @throws TskCoreException exception thrown if critical error occurs within
+ * TSK
+ */
+ public static int readFile(long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException {
+ return readFileNat(fileHandle, readBuffer, offset, len);
+ }
+
+ //free pointers
+ /**
+ * frees the imgHandle pointer currently does not close the image, until the
+ * application terminates (image handle is cached)
+ *
+ * @param imgHandle to close the image
+ */
+ public static void closeImg(long imgHandle) {
+ //@@@ TODO close the image handle when Case is closed instead
+ //currently the image handle is not being freed, it's cached for duration of the application
+ //closeImgNat(imgHandle);
+ }
+
+ /**
+ * frees the vsHandle pointer
+ *
+ * @param vsHandle pointer to volume system structure in sleuthkit
+ */
+ public static void closeVs(long vsHandle) {
+ closeVsNat(vsHandle);
+ }
+
+ /**
+ * frees the fsHandle pointer Currently does not do anything - preserves the
+ * cached object for the duration of the application
+ *
+ * @param fsHandle pointer to file system structure in sleuthkit
+ */
+ public static void closeFs(long fsHandle) {
+ //@@@ TODO close the fs handle when Case is closed instead
+ //currently the fs handle is not being freed, it's cached for duration of the application
+ //closeFsNat(fsHandle);
+ }
+
+ /**
+ * frees the fileHandle pointer
+ *
+ * @param fileHandle pointer to file structure in sleuthkit
+ */
+ public static void closeFile(long fileHandle) {
+ closeFileNat(fileHandle);
+ }
+
+ /**
+ * Create an index for the given database path.
+ *
+ * @param dbPath The path to the database
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static void createLookupIndex(String dbPath) throws TskCoreException {
+ createLookupIndexNat(dbPath);
+ }
+
+ /**
+ * Check if an index exists for the given database path.
+ *
+ * @param dbPath
+ * @return true if index exists
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static boolean lookupIndexExists(String dbPath) throws TskCoreException {
+ return lookupIndexExistsNat(dbPath);
+ }
+
+ /**
+ * Set the NSRL database
+ *
+ * @param path The path to the database
+ * @return a handle for that database
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static int setNSRLDatabase(String path) throws TskCoreException {
+ return setDbNSRLNat(path);
+ }
+
+ /**
+ * Add the known bad database
+ *
+ * @param path The path to the database
+ * @return a handle for that database
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static int addKnownBadDatabase(String path) throws TskCoreException {
+ return addDbKnownBadNat(path);
+ }
+
+ /**
+ * Get the name of the database
+ *
+ * @param path The path to the database
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static String getDatabaseName(String path) throws TskCoreException {
+ return getDbName(path);
+ }
+
+ /**
+ * Look up the given hash in the NSRL database
+ *
+ * @param hash
+ * @return the status of the hash in the NSRL
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static TskData.FileKnown nsrlHashLookup(String hash) throws TskCoreException {
+ return TskData.FileKnown.valueOf((byte) nsrlDbLookup(hash));
+ }
+
+ /**
+ * Look up the given hash in the known bad database
+ *
+ * @param hash
+ * @param dbHandle previously opened hash db handle
+ * @return the status of the hash in the known bad database
+ * @throws TskCoreException if a critical error occurs within TSK core
+ */
+ public static TskData.FileKnown knownBadHashLookup(String hash, int dbHandle) throws TskCoreException {
+ return TskData.FileKnown.valueOf((byte) knownBadDbLookup(hash, dbHandle));
+ }
+
+ /**
+ * Get the size of the index of the given database
+ *
+ * @param path the path to the database
+ * @return the size of the index or -1 if it doesn't exist
+ * @throws TskCoreException
+ */
+ public static int getIndexSize(String path) throws TskCoreException {
+ return getIndexSizeNat(path);
+ }
+
+ /**
+ * Convert this timezone from long to short form
+ * Convert timezoneLongForm passed in from long to short form
+ *
+ * @param timezoneLongForm the long form (e.g., America/New_York)
+ * @return the short form (e.g., EST5EDT) string representation, or an empty string if
+ * empty long form was passed in
+ */
+ private static String timezoneLongToShort(String timezoneLongForm) {
+ if (timezoneLongForm == null || timezoneLongForm.isEmpty()) {
+ return "";
+ }
+
+ String timezoneShortForm = "";
+ TimeZone zone = TimeZone.getTimeZone(timezoneLongForm);
+ int offset = zone.getRawOffset() / 1000;
+ int hour = offset / 3600;
+ int min = (offset % 3600) / 60;
+ DateFormat dfm = new SimpleDateFormat("z");
+ dfm.setTimeZone(zone);
+ boolean hasDaylight = zone.useDaylightTime();
+ String first = dfm.format(new GregorianCalendar(2010, 1, 1).getTime()).substring(0, 3); // make it only 3 letters code
+ String second = dfm.format(new GregorianCalendar(2011, 6, 6).getTime()).substring(0, 3); // make it only 3 letters code
+ int mid = hour * -1;
+ timezoneShortForm = first + Integer.toString(mid);
+ if (min != 0) {
+ timezoneShortForm = timezoneShortForm + ":" + (min < 10 ? "0" : "") + Integer.toString(min);
+ }
+ if (hasDaylight) {
+ timezoneShortForm = timezoneShortForm + second;
+ }
+ return timezoneShortForm;
+ }
+
+ /**
+ * Get size of a device (physical, logical device, image) pointed to by
+ * devPath
+ *
+ * @param devPath device path pointing to the device
+ * @return size of the device in bytes
+ * @throws TskCoreException exception thrown if the device size could not be
+ * queried
+ */
+ public static long findDeviceSize(String devPath) throws TskCoreException {
+ return findDeviceSizeNat(devPath);
+ }
+}
diff --git a/tsk/auto/auto.cpp b/tsk/auto/auto.cpp
index 6f9f4a1f34067a7d55b38908f3b65b21723e9bbc..2a69e398b3c249fae2c9a326a5ea2fc08e87b510 100644
--- a/tsk/auto/auto.cpp
+++ b/tsk/auto/auto.cpp
@@ -23,7 +23,7 @@ TskAuto::TskAuto()
{
m_img_info = NULL;
m_tag = TSK_AUTO_TAG;
- m_volFilterFlags = TSK_VS_PART_FLAG_ALLOC;
+ m_volFilterFlags = (TSK_VS_PART_FLAG_ENUM)(TSK_VS_PART_FLAG_ALLOC | TSK_VS_PART_FLAG_UNALLOC);
m_fileFilterFlags = TSK_FS_DIR_WALK_FLAG_RECURSE;
m_stopAllProcessing = false;
m_internalOpen = false;
diff --git a/tsk/img/mult_files.c b/tsk/img/mult_files.c
index ac3cdd9de057fcedb098bd041a959fefb321fa9a..1cd41a562ffc6ff297be712e75d57e5550233162 100644
--- a/tsk/img/mult_files.c
+++ b/tsk/img/mult_files.c
@@ -142,6 +142,13 @@ getSegmentName(const TSK_TCHAR * a_startingName, int a_segmentNumber)
return newName;
}
+ // numeric counter, variable width
+ if (endsWith(a_startingName, _TSK_T(".bin"))) {
+ TSNPRINTF(newName + nameLen - 4, 36, _TSK_T("(%d).bin"),
+ a_segmentNumber);
+ return newName;
+ }
+
// unknown name format
free(newName);
return NULL;
diff --git a/win32/blkcalc/blkcalc.vcxproj b/win32/blkcalc/blkcalc.vcxproj
index 0cb05d9b34b834ee591b851d6cbfe88db6182881..e8236c14aa94673f97c4ec2facf38c2644e1bd91 100755
--- a/win32/blkcalc/blkcalc.vcxproj
+++ b/win32/blkcalc/blkcalc.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/blkcat/blkcat.vcxproj b/win32/blkcat/blkcat.vcxproj
index bf47040c667c1e63329e91ffcb291b3cd3153fb9..a8069ca20c8c16d29ec1c816b7c9fed38317a6e2 100755
--- a/win32/blkcat/blkcat.vcxproj
+++ b/win32/blkcat/blkcat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/blkls/blkls.vcxproj b/win32/blkls/blkls.vcxproj
index bb89b3421c194aaae58c1bfdfa575dcdf6937685..6a22ff16182a5bbe1e74612f1a165a4a364c7ac8 100755
--- a/win32/blkls/blkls.vcxproj
+++ b/win32/blkls/blkls.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/blkstat/blkstat.vcxproj b/win32/blkstat/blkstat.vcxproj
index bd1f317f4a83fcf4a81fb0368575e85b35c06270..5a00873ea0169e1197626a55da13343878774c13 100755
--- a/win32/blkstat/blkstat.vcxproj
+++ b/win32/blkstat/blkstat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/callback-cpp-sample/callback-cpp-sample.vcxproj b/win32/callback-cpp-sample/callback-cpp-sample.vcxproj
index e353958eb101e49002170d353f04abca920c22df..3945a2dccecd5671911746d259dd0c80cd08d273 100755
--- a/win32/callback-cpp-sample/callback-cpp-sample.vcxproj
+++ b/win32/callback-cpp-sample/callback-cpp-sample.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/callback-sample/callback-sample.vcxproj b/win32/callback-sample/callback-sample.vcxproj
index 15359fab193aef4db47475558861e9d5c03ac9e3..5b9149e4c6c80788a263c9ba47b531882d56b4e3 100755
--- a/win32/callback-sample/callback-sample.vcxproj
+++ b/win32/callback-sample/callback-sample.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/fcat/fcat.vcxproj b/win32/fcat/fcat.vcxproj
index 515c76448af781c545745a1e20d6269f9af601f2..51621d6347e08516e606a297656c74ea1e6d361a 100755
--- a/win32/fcat/fcat.vcxproj
+++ b/win32/fcat/fcat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/ffind/ffind.vcxproj b/win32/ffind/ffind.vcxproj
index ff82238c8bb9015c50df309d4cc883f65252b084..5d8b2ed8c458df5f300d41e7da7fa22a2175a993 100755
--- a/win32/ffind/ffind.vcxproj
+++ b/win32/ffind/ffind.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/fls/fls.vcxproj b/win32/fls/fls.vcxproj
index fcc4d31976fae997dd65d3345610bc4ce2f4f86f..926a0318ba68374cf79567ca45d94bb23abeb439 100755
--- a/win32/fls/fls.vcxproj
+++ b/win32/fls/fls.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/fsstat/fsstat.vcxproj b/win32/fsstat/fsstat.vcxproj
index 36ad1dfe2b5918c2048494d54ee4f165ec5926b1..eda12514772fb90d0657b0b5c92cc62888325259 100755
--- a/win32/fsstat/fsstat.vcxproj
+++ b/win32/fsstat/fsstat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/hfind/hfind.vcxproj b/win32/hfind/hfind.vcxproj
index ab41509a013ec8baa549dced251c521bdd6f32ee..79128aec166917453eb25018831d1dd404fc46b8 100755
--- a/win32/hfind/hfind.vcxproj
+++ b/win32/hfind/hfind.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/icat/icat.vcxproj b/win32/icat/icat.vcxproj
index ebfc059209d83fea4c3c7f92752068a2c8c199a9..3f124addf067397282ab0259e52517d04a8d7452 100755
--- a/win32/icat/icat.vcxproj
+++ b/win32/icat/icat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/ifind/ifind.vcxproj b/win32/ifind/ifind.vcxproj
index edf1036a5d643485f9300bd1f3b08ccc2e75cba9..4ef9ceff9c10534b85ef7aefea54dd20c9c3935e 100755
--- a/win32/ifind/ifind.vcxproj
+++ b/win32/ifind/ifind.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/ils/ils.vcxproj b/win32/ils/ils.vcxproj
index c36911020d52ff555e1d093c81cc4677105a679b..d14532abc9066081718fbfafb515cc2e032c2077 100755
--- a/win32/ils/ils.vcxproj
+++ b/win32/ils/ils.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/img_cat/img_cat.vcxproj b/win32/img_cat/img_cat.vcxproj
index d37dde54ba9d0c82ed9f0d7f95cb79853f3c4eb4..770501baacd917ce9c5d614a4865a63c9eac3d5a 100755
--- a/win32/img_cat/img_cat.vcxproj
+++ b/win32/img_cat/img_cat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/img_stat/img_stat.vcxproj b/win32/img_stat/img_stat.vcxproj
index 970677e6ffe6c3773daa4775948e578743a829fa..6a9d05bc8c421aca6b4c2d520496bef6fe46571f 100755
--- a/win32/img_stat/img_stat.vcxproj
+++ b/win32/img_stat/img_stat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/istat/istat.vcxproj b/win32/istat/istat.vcxproj
index e6f08129b2f9de64e3216104f07dc7a17ef92189..99b8e54b35ba1ee9296a5a2be316cd877083445e 100755
--- a/win32/istat/istat.vcxproj
+++ b/win32/istat/istat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/jcat/jcat.vcxproj b/win32/jcat/jcat.vcxproj
index 798dddd0ea31ec0de4fe1e82c8f65f542e30762e..bd9204c4fc49d48150e0ad6e42477c7dbc5008ba 100755
--- a/win32/jcat/jcat.vcxproj
+++ b/win32/jcat/jcat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/jls/jls.vcxproj b/win32/jls/jls.vcxproj
index 2c8a6b890a2c83f8e4f026b51d8a3aa1e0cdb4e6..ca33d98b5cf9d834601be8e38a89d5f018fb1ace 100755
--- a/win32/jls/jls.vcxproj
+++ b/win32/jls/jls.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/libtsk/libtsk.vcxproj b/win32/libtsk/libtsk.vcxproj
index 995feff3f8961ae1294b2f679646e7013697a0fb..951d3a4af213d104bd02b77bfc5b79c7a184f90d 100755
--- a/win32/libtsk/libtsk.vcxproj
+++ b/win32/libtsk/libtsk.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>StaticLibrary</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>StaticLibrary</ConfigurationType>
diff --git a/win32/mmcat/mmcat.vcxproj b/win32/mmcat/mmcat.vcxproj
index 96efbca09ea0f8dc6991cdfd7a02681b8ae40787..1e4b6bfcb8cab14ad88b6747a321b9494301fb9c 100755
--- a/win32/mmcat/mmcat.vcxproj
+++ b/win32/mmcat/mmcat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/mmls/mmls.vcxproj b/win32/mmls/mmls.vcxproj
index b374a00a8647787bb239bb751d76e2ccb190215c..181577e6bd30a2ce8c6d1fedb137df69ebcc4341 100755
--- a/win32/mmls/mmls.vcxproj
+++ b/win32/mmls/mmls.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/mmstat/mmstat.vcxproj b/win32/mmstat/mmstat.vcxproj
index 9c7c44a69efc872f25a4eadcdc743ee64e3238e3..6d17630a14101ab8cfe5d532cce12c536145a8f3 100755
--- a/win32/mmstat/mmstat.vcxproj
+++ b/win32/mmstat/mmstat.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/posix-cpp-sample/posix-cpp-sample.vcxproj b/win32/posix-cpp-sample/posix-cpp-sample.vcxproj
index 9be7e86695331003836f8e02df8f6f339b6a1e18..c559d1593afc15e5313f21880af0beb8ca089063 100755
--- a/win32/posix-cpp-sample/posix-cpp-sample.vcxproj
+++ b/win32/posix-cpp-sample/posix-cpp-sample.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/posix-sample/posix-sample.vcxproj b/win32/posix-sample/posix-sample.vcxproj
index f866ccb399559a127bdffe8864db77c0d24da2db..b753f936d2ea83b956aeb2dc38d4c2c1ae7151ee 100755
--- a/win32/posix-sample/posix-sample.vcxproj
+++ b/win32/posix-sample/posix-sample.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/tsk_comparedir/tsk_compare.vcxproj b/win32/tsk_comparedir/tsk_compare.vcxproj
index 05fb2470d98c2f7e506e4c7ff894d7c4a45dfcf0..d50517c0fe5012ca4f2a55ef818f34e6f1debce8 100755
--- a/win32/tsk_comparedir/tsk_compare.vcxproj
+++ b/win32/tsk_comparedir/tsk_compare.vcxproj
@@ -42,7 +42,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/tsk_gettimes/tsk_gettimes.vcxproj b/win32/tsk_gettimes/tsk_gettimes.vcxproj
index cb88b9ef3253d94647e9142ccb0717522984aa72..60d82eb1811425b3d9c8b04424ddc411bcc8cdd5 100755
--- a/win32/tsk_gettimes/tsk_gettimes.vcxproj
+++ b/win32/tsk_gettimes/tsk_gettimes.vcxproj
@@ -47,7 +47,7 @@
<CharacterSet>Unicode</CharacterSet>
<CLRSupport>true</CLRSupport>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/tsk_jni/tsk_jni.vcxproj b/win32/tsk_jni/tsk_jni.vcxproj
index d958670a47566872dd78fbedac734621a88d6228..0786aee0bb6698c986218233b882d85c984e3a9c 100755
--- a/win32/tsk_jni/tsk_jni.vcxproj
+++ b/win32/tsk_jni/tsk_jni.vcxproj
@@ -47,7 +47,7 @@
<UseOfAtl>false</UseOfAtl>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>DynamicLibrary</ConfigurationType>
diff --git a/win32/tsk_loaddb/tsk_loaddb.vcxproj b/win32/tsk_loaddb/tsk_loaddb.vcxproj
index 4563be80c702a918ee3aeef7f756e98b19197d7a..990995291dc74fc56f7b5691404eaeabc47ad3d0 100755
--- a/win32/tsk_loaddb/tsk_loaddb.vcxproj
+++ b/win32/tsk_loaddb/tsk_loaddb.vcxproj
@@ -43,7 +43,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>MultiByte</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>
diff --git a/win32/tsk_recover/tsk_recover.vcxproj b/win32/tsk_recover/tsk_recover.vcxproj
index d28f1949307bcfc2248ac3841bc2b2972ddd1b3d..ff6217e7e23ad236e7989308e4ffb0fe1400a5b0 100755
--- a/win32/tsk_recover/tsk_recover.vcxproj
+++ b/win32/tsk_recover/tsk_recover.vcxproj
@@ -44,7 +44,7 @@
<ConfigurationType>Application</ConfigurationType>
<CharacterSet>Unicode</CharacterSet>
<WholeProgramOptimization>true</WholeProgramOptimization>
- <PlatformToolset>Windows7.1SDK</PlatformToolset>
+ <PlatformToolset>v100</PlatformToolset>
</PropertyGroup>
<PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
<ConfigurationType>Application</ConfigurationType>