diff --git a/bindings/java/doxygen/Doxyfile b/bindings/java/doxygen/Doxyfile
index 937058441672be8663a0f925d06788fb9aacc368..1dd8a6ec0696cab85b6778aee7945167fab39dad 100644
--- a/bindings/java/doxygen/Doxyfile
+++ b/bindings/java/doxygen/Doxyfile
@@ -552,7 +552,7 @@ SORT_MEMBER_DOCS = YES
# this will also influence the order of the classes in the class list.
# The default value is: NO.
-SORT_BRIEF_DOCS = NO
+SORT_BRIEF_DOCS = YES
# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the
# (brief and detailed) documentation of class members so that constructors and
@@ -564,7 +564,7 @@ SORT_BRIEF_DOCS = NO
# detailed member documentation.
# The default value is: NO.
-SORT_MEMBERS_CTORS_1ST = NO
+SORT_MEMBERS_CTORS_1ST = YES
# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy
# of group names into alphabetical order. If set to NO the group names will
@@ -581,7 +581,7 @@ SORT_GROUP_NAMES = NO
# list.
# The default value is: NO.
-SORT_BY_SCOPE_NAME = NO
+SORT_BY_SCOPE_NAME = YES
# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper
# type resolution of all parameters of a function it will reject a match between
diff --git a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
index a930d650bd61d39be7963c84c21741969bd581d8..5bd11b7c839d57b337c84c76c319c78ab360fc4e 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/SleuthkitCase.java
@@ -3495,8 +3495,9 @@ public long countFilesWhere(String sqlWhereClause) throws TskCoreException {
/**
* Find and return list of all (abstract) files matching the specific Where
- * clause
- *
+ * clause.
+ * You need to know the database schema to use this, which is outlined on the
+ * <a href="http://wiki.sleuthkit.org/index.php?title=SQLite_Database_v3_Schema">wiki</a>. You should use enums from org.sleuthkit.datamodel.TskData to make the queries easier to maintain and understand.
* @param sqlWhereClause a SQL where clause appropriate for the desired
* files (do not begin the WHERE clause with the word WHERE!)
* @return a list of AbstractFile each of which satisfy the given WHERE
@@ -3562,12 +3563,9 @@ public List<Long> findAllFileIdsWhere(String sqlWhereClause) throws TskCoreExcep
* files (do not begin the WHERE clause with the word WHERE!)
* @return a list of FsContent each of which satisfy the given WHERE clause
* @throws TskCoreException
- * @deprecated This method is deprecated. Continuing to use this method
- * risks your module not functioning correctly in the future. Use
- * findAllFilesWhere(String sqlWhereClause) instead. \ref
- * query_database_page
+ * @deprecated use SleuthkitCase.findAllFilesWhere() instead
*/
- @Deprecated // use findAllFilesWhere() instead
+ @Deprecated
public List<FsContent> findFilesWhere(String sqlWhereClause) throws TskCoreException {
CaseDbConnection connection = connections.getConnection();
acquireSharedLock();
@@ -4351,7 +4349,7 @@ private List<FsContent> resultSetToFsContents(ResultSet rs) throws SQLException
* @deprecated Do not use runQuery(), use executeQuery() instead. \ref
* query_database_page
*/
- @Deprecated // Use executeQuery() instead.
+ @Deprecated
public ResultSet runQuery(String query) throws SQLException {
CaseDbConnection connection;
try {
@@ -4378,7 +4376,7 @@ public ResultSet runQuery(String query) throws SQLException {
* @deprecated Do not use runQuery() and closeRunQuery(), use executeQuery()
* instead. \ref query_database_page
*/
- @Deprecated // Use executeQuery() instead.
+ @Deprecated
public void closeRunQuery(ResultSet resultSet) throws SQLException {
final Statement statement = resultSet.getStatement();
resultSet.close();
@@ -4672,6 +4670,7 @@ public interface ErrorObserver {
* Add an observer for SleuthkitCase errors.
*
* @param observer The observer to add.
+ * @deprecated
*/
public static void addErrorObserver(ErrorObserver observer) {
sleuthkitCaseErrorObservers.add(observer);
@@ -4695,6 +4694,7 @@ public static void removeErrorObserver(ErrorObserver observer) {
* @param typeOfError The error type. Different clients may handle different
* types of errors.
* @param errorMessage A description of the error that occurred.
+ * @deprecated
*/
private static void notifyError(Exception ex) {
for (ErrorObserver observer : sleuthkitCaseErrorObservers) {
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TskData.java b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
index d5d15f09fac62066af26734c256c9db5b92ebca1..fa11c6c71582e2642cf713fd5b6fcf1b5ca37dd8 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TskData.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TskData.java
@@ -24,14 +24,17 @@
import java.util.Set;
/**
- * Maps data integer and binary data stored into the database into string or
- * enum form.
+ * Contains enums for the integer values stored in the database and returned by the
+ * various data model objects.
*/
public class TskData {
private static ResourceBundle bundle = ResourceBundle.getBundle("org.sleuthkit.datamodel.Bundle");
- // Enum for Directory Type
+ /**
+ * The type of the file system file, as reported in the name structure of the file system.
+ * This is the dir_type column in the tsk_files table.
+ */
public enum TSK_FS_NAME_TYPE_ENUM {
UNDEF(0, "-"), ///< Unknown type
@@ -89,9 +92,10 @@ static public TSK_FS_NAME_TYPE_ENUM valueOf(short dir_type) {
}
}
- /**
- * Meta Type
- */
+ /**
+ * The type of the file system file, as reported in the metadata structure of the file system.
+ * This is the meta_type column in the tsk_files table.
+ */
public enum TSK_FS_META_TYPE_ENUM {
TSK_FS_META_TYPE_UNDEF(0, "-"),
@@ -139,9 +143,10 @@ public static TSK_FS_META_TYPE_ENUM valueOf(short metaType) {
}
}
- /**
- * FS Flags
- */
+ /**
+ * The allocated status of a file system file, as reported in the name structure of the file system.
+ * This is the dir_flags column in the tsk_files table.
+ */
public enum TSK_FS_NAME_FLAG_ENUM {
ALLOC(1, bundle.getString("TskData.tskFsNameFlagEnum.allocated")), ///< Name is in an allocated state
@@ -186,9 +191,10 @@ public static TSK_FS_NAME_FLAG_ENUM valueOf(int dirFlag) {
}
}
- /**
- * META flags
- */
+ /**
+ * The allocated status of the file system file, as reported in the metadata structure of the file system.
+ * This is the meta_flags column in the tsk_files table.
+ */
public enum TSK_FS_META_FLAG_ENUM {
ALLOC(1, bundle.getString("TskData.tskFsMetaFlagEnum.allocated")), ///< Metadata structure is currently in an allocated state
@@ -255,9 +261,10 @@ public static short toInt(Set<TSK_FS_META_FLAG_ENUM> metaFlags) {
}
- /**
- * These are based on the NTFS type values. Added types for HFS+.
- */
+ /**
+ * Type of data that is stored in the attribute for a file system file.
+ * This is the attr_type column in the tsk_files table.
+ */
public enum TSK_FS_ATTR_TYPE_ENUM {
TSK_FS_ATTR_TYPE_NOT_FOUND(0x00), // 0
@@ -311,7 +318,8 @@ public static TSK_FS_ATTR_TYPE_ENUM valueOf(int val) {
};
/**
- * Volume system flags
+ * Flags for a partition in the disk image.
+ * This is the flags column in the tsk_vs_parts table.
*/
public enum TSK_VS_PART_FLAG_ENUM {
@@ -337,9 +345,10 @@ public long getVsFlag() {
}
- /**
- * Meta mode
- */
+ /**
+ * The permissions of a file system file.
+ * This is the mode column in the tsk_files table.
+ */
public enum TSK_FS_META_MODE_ENUM {
/* The following describe the file permissions */
@@ -408,9 +417,11 @@ public static short toInt(Set<TSK_FS_META_MODE_ENUM> modes) {
}
};
- /**
- * File system type enum
- */
+
+ /**
+ * The type of the file system.
+ * This is the fs_type column in the tsk_fs_info table.
+ */
public enum TSK_FS_TYPE_ENUM {
TSK_FS_TYPE_DETECT(0x00000000), ///< Use autodetection methods
@@ -475,11 +486,11 @@ public static TSK_FS_TYPE_ENUM valueOf(int fsTypeValue) {
};
- /**
- * Image type
- */
- public enum TSK_IMG_TYPE_ENUM {
- /* The following describe the image type */
+ /**
+ * The type of the disk image.
+ * This is the types column in the tsk_images_info table.
+ */
+ public enum TSK_IMG_TYPE_ENUM {
TSK_IMG_TYPE_DETECT(0, bundle.getString("TskData.tskImgTypeEnum.autoDetect")), // Auto Detection
TSK_IMG_TYPE_RAW_SING(1, bundle.getString("TskData.tskImgTypeEnum.rawSingle")), // Single raw file (dd)
@@ -528,10 +539,11 @@ public String getName() {
}
};
- /**
- * Volume System type
- */
- public enum TSK_VS_TYPE_ENUM {
+ /**
+ * The type of the partition in the partition table.
+ * This is the flags column in the tsk_vs_parts table.
+ */
+ public enum TSK_VS_TYPE_ENUM {
TSK_VS_TYPE_DETECT(0x0000, bundle.getString("TskData.tskVSTypeEnum.autoDetect")), ///< Use autodetection methods
TSK_VS_TYPE_DOS(0x0001, "DOS"), ///< DOS Partition table NON-NLS
@@ -579,16 +591,18 @@ public String getName() {
}
};
- /**
- * Object type
- */
+
+ /**
+ * High-level type of an object from the database.
+ * This is the type column in the tsk_objects table.
+ */
public enum ObjectType {
- IMG(0),
- VS(1),
- VOL(2),
- FS(3),
- ABSTRACTFILE(4);
+ IMG(0), ///< Disk Image - see tsk_image_info for more details
+ VS(1), ///< Volume System - see tsk_vs_info for more details
+ VOL(2), ///< Volume - see tsk_vs_parts for more details
+ FS(3), ///< File System - see tsk_fs_info for more details
+ ABSTRACTFILE(4); ///< File - see tsk_files for more details
private short objectType;
@@ -622,9 +636,9 @@ public static ObjectType valueOf(short objectType) {
}
}
- /**
- * DB files type
- */
+ /**
+ * The type of file in a database, such as file system versus local file.
+ * This is the type field in the tsk_files table. */
public enum TSK_DB_FILES_TYPE_ENUM {
FS(0, "File System"), ///< File that can be found in file system tree.
@@ -674,9 +688,10 @@ public String getName() {
}
}
- /**
- * FileKnown status
- */
+ /**
+ * Identifies if a file was in a hash database or not.
+ * This is the known column in the tsk_files table.
+ */
public enum FileKnown {
UNKNOWN(0, bundle.getString("TskData.fileKnown.unknown")), ///< File marked as unknown by hash db
diff --git a/tsk/fs/fs_dir.c b/tsk/fs/fs_dir.c
index ce7a6944cf674fb5832f754d8a69890f2f1ed32f..fdd00ceb6dc5cd513d5117fe9e34906a9af5b0a5 100644
--- a/tsk/fs/fs_dir.c
+++ b/tsk/fs/fs_dir.c
@@ -421,6 +421,36 @@ tsk_fs_dir_get(const TSK_FS_DIR * a_fs_dir, size_t a_idx)
return fs_file;
}
+/** \ingroup fslib
+ * Return only the name for a file or subdirectory from an open directory.
+ * Useful when wanting to find files of a given name and you don't need the
+ * additional metadata.
+ *
+ * @param a_fs_dir Directory to analyze
+ * @param a_idx Index of file in directory to open (0-based)
+ * @returns NULL on error
+ */
+const TSK_FS_NAME *
+tsk_fs_dir_get_name(const TSK_FS_DIR * a_fs_dir, size_t a_idx)
+{
+ if ((a_fs_dir == NULL) || (a_fs_dir->tag != TSK_FS_DIR_TAG)
+ || (a_fs_dir->fs_info == NULL)) {
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr
+ ("tsk_fs_dir_get: called with NULL or unallocated structures");
+ return NULL;
+ }
+ if (a_fs_dir->names_used <= a_idx) {
+ tsk_error_set_errno(TSK_ERR_FS_ARG);
+ tsk_error_set_errstr("tsk_fs_dir_get: Index (%" PRIuSIZE
+ ") too large (%" PRIuSIZE ")", a_idx, a_fs_dir->names_used);
+ return NULL;
+ }
+
+ return &(a_fs_dir->names[a_idx]);
+}
+
+
#define MAX_DEPTH 128
#define DIR_STRSZ 4096
diff --git a/tsk/fs/tsk_fs.h b/tsk/fs/tsk_fs.h
index 1ba4d353292282bbf2a4ed5effa43e99a14ca502..d927272ed9110c7c53c99e3dcfe9845e53a5b01e 100644
--- a/tsk/fs/tsk_fs.h
+++ b/tsk/fs/tsk_fs.h
@@ -652,6 +652,7 @@ extern "C" {
void *a_ptr);
extern size_t tsk_fs_dir_getsize(const TSK_FS_DIR *);
extern TSK_FS_FILE *tsk_fs_dir_get(const TSK_FS_DIR *, size_t);
+ extern const TSK_FS_NAME *tsk_fs_dir_get_name(const TSK_FS_DIR * a_fs_dir, size_t a_idx);
extern void tsk_fs_dir_close(TSK_FS_DIR *);
extern int8_t tsk_fs_path2inum(TSK_FS_INFO * a_fs, const char *a_path,