Inherits Closeable.

Classes
interface	FileAddProgressUpdater

Public Member Functions
	FileManager (SleuthkitCase tskCase)

synchronized List< AbstractFile >	findFiles (Content dataSource, String fileName) throws TskCoreException

synchronized List< AbstractFile >	findFiles (Content dataSource, String fileName, String dirName) throws TskCoreException

synchronized List< AbstractFile >	findFiles (Content dataSource, String fileName, AbstractFile parentFile) throws TskCoreException

synchronized List< AbstractFile >	openFiles (Content dataSource, String filePath) throws TskCoreException

synchronized DerivedFile	addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException

synchronized LayoutFile	addCarvedFile (String carvedFileName, long carvedFileSize, long systemId, List< TskFileRange > sectors) throws TskCoreException

List< LayoutFile >	addCarvedFiles (List< CarvedFileContainer > filesToAdd) throws TskCoreException

synchronized VirtualDirectory	addLocalFilesDirs (List< String > localAbsPaths, FileAddProgressUpdater addProgressUpdater) throws TskCoreException

synchronized void	close () throws IOException

Private Member Functions
synchronized void	init ()

VirtualDirectory	addLocalFileSetRootDir (CaseDbTransaction trans) throws TskCoreException

AbstractFile	addLocalDirInt (CaseDbTransaction trans, VirtualDirectory parentVd, java.io.File localFile, FileAddProgressUpdater addProgressUpdater) throws TskCoreException

synchronized LocalFile	addLocalFileInt (AbstractFile parentFile, java.io.File localFile, CaseDbTransaction trans) throws TskCoreException

Private Attributes
SleuthkitCase	tskCase

volatile int	curNumFileSets

Static Private Attributes
static final Logger	logger = Logger.getLogger(FileManager.class.getName())

Detailed Description

Abstraction to facilitate access to files and directories.

Definition at line 50 of file FileManager.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager ( SleuthkitCase tskCase )

Definition at line 56 of file FileManager.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.init(), and org.sleuthkit.autopsy.casemodule.services.FileManager.tskCase.

Member Function Documentation

synchronized LayoutFile org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFile	(	String	carvedFileName,
		long	carvedFileSize,
		long	systemId,
		List< TskFileRange >	sectors
	)		throws TskCoreException

Adds a carved file to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId.

Parameters

carvedFileName	the name of the carved file (containing appropriate extension)
carvedFileSize	size of the carved file to add
systemId	the ID of the parent volume or file system
sectors	a list of SectorGroups giving this sectors that make up this carved file.

Exceptions

TskCoreException exception thrown when critical tsk error occurred and carved file could not be added

Definition at line 213 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.addCarvedFile().

List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles ( List< CarvedFileContainer > filesToAdd ) throws TskCoreException

Adds a collection of carved files to the VirtualDirectory '$CarvedFiles' in the volume or image given by systemId. Creates $CarvedFiles if it does not exist already.

Parameters

filesToAdd a list of CarvedFileContainer files to add as carved files

Returns: List<LayoutFile> This is a list of the files added to the database

Exceptions

org.sleuthkit.datamodel.TskCoreException

Definition at line 231 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.addCarvedFiles().

synchronized DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile	(	String	fileName,
		String	localPath,
		long	size,
		long	ctime,
		long	crtime,
		long	atime,
		long	mtime,
		boolean	isFile,
		AbstractFile	parentFile,
		String	rederiveDetails,
		String	toolName,
		String	toolVersion,
		String	otherDetails
	)		throws TskCoreException

Creates a derived file, adds it to the database and returns it.

Parameters

fileName	file name the derived file
localPath	local path of the derived file, including the file name. The path is relative to the case folder.
size	size of the derived file in bytes
ctime
crtime
atime
mtime
isFile	whether a file or directory, true if a file
parentFile	the parent file object this the new file was derived from, either a fs file or parent derived file/dikr\r
rederiveDetails	details needed to re-derive file (will be specific to the derivation method), currently unused
toolName	name of derivation method/tool, currently unused
toolVersion	version of derivation method/tool, currently unused
otherDetails	details of derivation method/tool, currently unused

Returns: newly created derived file object added to the database

Exceptions

TskCoreException exception thrown if the object creation failed due to a critical system error or of the file manager has already been closed

Definition at line 186 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.addDerivedFile().

Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.addDerivedFilesToCaseRec(), and org.sleuthkit.autopsy.externalresults.ExternalResultsImporter.importDerivedFiles().

AbstractFile org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalDirInt	(	CaseDbTransaction	trans,
		VirtualDirectory	parentVd,
		java.io.File	localFile,
		FileAddProgressUpdater	addProgressUpdater
	)		throws TskCoreException

private

Helper (internal) method to recursively add contents of a folder. Node passed in can be a file or directory. Children of directories are added.

Parameters

parentVd	Dir that is the parent of localFile
localFile	File/Dir that we are adding
addProgressUpdater	notifier to receive progress notifications on folders added, or null if not used

Returns: File object of file added or new virtualdirectory for the directory.

Exceptions

TskCoreException

Definition at line 361 of file FileManager.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFileInt(), org::sleuthkit::datamodel::SleuthkitCase.addVirtualDirectory(), and org::sleuthkit::datamodel::AbstractFile.listFiles().

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs().

synchronized LocalFile org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFileInt	(	AbstractFile	parentFile,
		java.io.File	localFile,
		CaseDbTransaction	trans
	)		throws TskCoreException

private

Adds a single local/logical file to the case. Adds it to the database. Does not refresh the views of data. Assumes that the local file exists and can be read. This checking is done by addLocalDirInt().

Parameters

parentFile	parent file object container (such as virtual directory, another local file, or fscontent File),
localFile	File that we are adding

Returns: newly created local file object added to the database

Exceptions

TskCoreException exception thrown if the object creation failed due to a critical system error or of the file manager has already been closed

Definition at line 417 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.addLocalFile().

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalDirInt().

synchronized VirtualDirectory org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs	(	List< String >	localAbsPaths,
		FileAddProgressUpdater	addProgressUpdater
	)		throws TskCoreException

Add a set of local/logical files and dirs.

Parameters

localAbsPaths	list of absolute paths to local files and dirs
addProgressUpdater	notifier to receive progress notifications on folders added, or null if not used

Returns: file set root VirtualDirectory contained containing all AbstractFile objects added

Exceptions

TskCoreException exception thrown if the object creation failed due to a critical system error or of the file manager has already been closed. There is no "revert" logic if one of the additions fails. The addition stops with the first error encountered.

Definition at line 272 of file FileManager.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalDirInt(), org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFileSetRootDir(), org::sleuthkit::datamodel::SleuthkitCase.beginTransaction(), org::sleuthkit::datamodel::SleuthkitCase::CaseDbTransaction.commit(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleContentEvent(), org.sleuthkit.autopsy.ingest.IngestServices.getInstance(), and org::sleuthkit::datamodel::SleuthkitCase::CaseDbTransaction.rollback().

VirtualDirectory org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFileSetRootDir ( CaseDbTransaction trans ) throws TskCoreException

private

Adds a new virtual directory root object with FileSet X name and consecutive sequence number characteristic to every add operation

Returns: the virtual dir root container created

Exceptions

TskCoreException

Definition at line 327 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.addVirtualDirectory(), and org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX.

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs().

synchronized void org.sleuthkit.autopsy.casemodule.services.FileManager.close ( ) throws IOException

Definition at line 442 of file FileManager.java.

synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles	(	Content	dataSource,
		String	fileName
	)		throws TskCoreException

Finds a set of files that meets the name criteria.

Parameters

dataSource	Root data source to limit search results to (Image, VirtualDirectory, etc.).
fileName	Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).

Returns: a list of AbstractFile for files/directories whose name matches the given fileName

Definition at line 93 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.findFiles().

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().

synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles	(	Content	dataSource,
		String	fileName,
		String	dirName
	)		throws TskCoreException

Finds a set of files that meets the name criteria.

Parameters

dataSource	Root data source to limit search results to (Image, VirtualDirectory, etc.).
fileName	Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
dirName	Pattern of the name of the parent directory to use as the root of the search (case insensitive, used in LIKE SQL statement).

Returns: a list of AbstractFile for files/directories whose name matches fileName and whose parent directory contains dirName.

Definition at line 114 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.findFiles().

synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles	(	Content	dataSource,
		String	fileName,
		AbstractFile	parentFile
	)		throws TskCoreException

Finds a set of files that meets the name criteria.

Parameters

dataSource	Root data source to limit search results to (Image, VirtualDirectory, etc.).
fileName	Pattern of the name of the file or directory to match (case insensitive, used in LIKE SQL statement).
parentFile	Object of root/parent directory to restrict search to.

Returns: a list of AbstractFile for files/directories whose name matches fileName and that were inside a directory described by parentFsContent.

Definition at line 134 of file FileManager.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().

synchronized void org.sleuthkit.autopsy.casemodule.services.FileManager.init ( )

private

initialize the file manager for the case

Definition at line 64 of file FileManager.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.curNumFileSets, org::sleuthkit::datamodel::SleuthkitCase.getVirtualDirectoryRoots(), and org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX.

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager().

synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.openFiles	(	Content	dataSource,
		String	filePath
	)		throws TskCoreException

Parameters

dataSource	data source Content (Image, parent-less VirtualDirectory) where to find files
filePath	The full path to the file(s) of interest. This can optionally include the image and volume names.

Returns: a list of AbstractFile that have the given file path.

Definition at line 149 of file FileManager.java.

References org::sleuthkit::datamodel::SleuthkitCase.openFiles().

Member Data Documentation

volatile int org.sleuthkit.autopsy.casemodule.services.FileManager.curNumFileSets

private

Definition at line 54 of file FileManager.java.

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.init().

final Logger org.sleuthkit.autopsy.casemodule.services.FileManager.logger = Logger.getLogger(FileManager.class.getName())

staticprivate

Definition at line 53 of file FileManager.java.

SleuthkitCase org.sleuthkit.autopsy.casemodule.services.FileManager.tskCase

private

Definition at line 52 of file FileManager.java.

Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager().

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/autopsy/Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java

Classes

Public Member Functions

Private Member Functions

Private Attributes

Static Private Attributes

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation

Member Data Documentation