The Sleuth Kit  4.11.1
Public Member Functions | List of all members
TskHdbInfo Class Reference
C++ Hash Database Classes

Stores information about an open hash database. More...

#include <tsk_hashdb.h>

Public Member Functions

uint8_t createIndex (TSK_TCHAR *a_type)
 Create an index for an open hash database. More...
 
TSK_HDB_DBTYPE_ENUM getDbType () const
 get type of database More...
 
uint8_t hasIndex (uint8_t a_htype)
 Determine if the open hash database has an index. More...
 
int8_t lookupRaw (uint8_t *a_hash, uint8_t a_len, TSK_HDB_FLAG_ENUM a_flags, TSK_HDB_LOOKUP_FN a_action, void *a_ptr)
 Search the index for the given hash value given (in binary form). More...
 
int8_t lookupStr (const char *a_hash, TSK_HDB_FLAG_ENUM a_flags, TSK_HDB_LOOKUP_FN a_action, void *a_ptr)
 Search the index for a text/ASCII hash value See tsk_hdb_lookup_str() for details. More...
 
uint8_t open (TSK_TCHAR *a_dbFile, TSK_HDB_OPEN_ENUM a_flags)
 Open a hash database. More...
 
 ~TskHdbInfo ()
 Close an open hash database.
 

Detailed Description

Stores information about an open hash database.

To use this object, open() should be called first. Otherwise, the other functions will have undefined return values.

Member Function Documentation

uint8_t TskHdbInfo::createIndex ( TSK_TCHAR a_type)
inline

Create an index for an open hash database.

See tsk_hdb_makeindex() for details.

Parameters
a_typeText of hash database type
Returns
1 on error

References tsk_hdb_make_index().

TSK_HDB_DBTYPE_ENUM TskHdbInfo::getDbType ( ) const
inline

get type of database

Returns
type of database, or TSK_HDB_DBTYPE_INVALID_ID on error.

References TSK_HDB_INFO::db_type, and TSK_HDB_DBTYPE_INVALID_ID.

uint8_t TskHdbInfo::hasIndex ( uint8_t  a_htype)
inline

Determine if the open hash database has an index.

See tsk_hdb_hasindex for details.

Parameters
a_htypeHash type that index should be of
Returns
1 if index exists and 0 if not

References tsk_hdb_has_idx().

int8_t TskHdbInfo::lookupRaw ( uint8_t *  a_hash,
uint8_t  a_len,
TSK_HDB_FLAG_ENUM  a_flags,
TSK_HDB_LOOKUP_FN  a_action,
void *  a_ptr 
)
inline

Search the index for the given hash value given (in binary form).

See tsk_hdb_lookup_raw() for details.

Parameters
a_hashArray with binary hash value to search for
a_lenNumber of bytes in binary hash value
a_flagsFlags to use in lookup
a_actionCallback function to call for each hash db entry (not called if QUICK flag is given)
a_ptrPointer to data to pass to each callback
Returns
-1 on error, 0 if hash value not found, and 1 if value was found.

References tsk_hdb_lookup_raw().

int8_t TskHdbInfo::lookupStr ( const char *  a_hash,
TSK_HDB_FLAG_ENUM  a_flags,
TSK_HDB_LOOKUP_FN  a_action,
void *  a_ptr 
)
inline

Search the index for a text/ASCII hash value See tsk_hdb_lookup_str() for details.

Parameters
a_hashHash value to search for (NULL terminated string)
a_flagsFlags to use in lookup
a_actionCallback function to call for each hash db entry (not called if QUICK flag is given)
a_ptrPointer to data to pass to each callback
Returns
-1 on error, 0 if hash value not found, and 1 if value was found.

References tsk_hdb_lookup_str().

uint8_t TskHdbInfo::open ( TSK_TCHAR a_dbFile,
TSK_HDB_OPEN_ENUM  a_flags 
)
inline

Open a hash database.

See tsk_hdb_open() for details.

Parameters
a_dbFilePath to database.
a_flagsFlags for opening the database.
Returns
1 on error and 0 on success

References tsk_hdb_open().

The documentation for this class was generated from the following file:

Copyright © 2007-2020 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.