|
The Sleuth Kit
4.0
|
Functions | |
| void | tsk_hdb_close (TSK_HDB_INFO *hdb_info) |
| Close an open hash database. More... | |
| uint8_t | tsk_hdb_hasindex (TSK_HDB_INFO *hdb_info, uint8_t htype) |
| Determine if the open hash database has an index. More... | |
| int8_t | tsk_hdb_lookup_raw (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for the given hash value given (in binary form). More... | |
| int8_t | tsk_hdb_lookup_str (TSK_HDB_INFO *hdb_info, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr) |
| Search the index for a text/ASCII hash value. More... | |
| uint8_t | tsk_hdb_makeindex (TSK_HDB_INFO *a_hdb_info, TSK_TCHAR *a_type) |
| Create an index for an open hash database. More... | |
| TSK_HDB_INFO * | tsk_hdb_open (TSK_TCHAR *db_file, TSK_HDB_OPEN_ENUM flags) |
| Open a hash database. More... | |
| void tsk_hdb_close | ( | TSK_HDB_INFO * | hdb_info) |
Close an open hash database.
| hdb_info | database to close |
References TSK_HDB_INFO::db_fname, TSK_HDB_INFO::hDb, TSK_HDB_INFO::hIdx, TSK_HDB_INFO::hIdxTmp, TSK_HDB_INFO::idx_fname, TSK_HDB_INFO::idx_lbuf, TSK_HDB_INFO::lock, and TSK_HDB_INFO::uns_fname.
Referenced by TskHdbInfo::~TskHdbInfo().
| uint8_t tsk_hdb_hasindex | ( | TSK_HDB_INFO * | hdb_info, |
| uint8_t | htype | ||
| ) |
Determine if the open hash database has an index.
| hdb_info | Hash database to consider |
| htype | Hash type that index should be of |
Referenced by TskHdbInfo::hasIndex(), and idxonly_name().
| int8_t tsk_hdb_lookup_raw | ( | TSK_HDB_INFO * | hdb_info, |
| uint8_t * | hash, | ||
| uint8_t | len, | ||
| TSK_HDB_FLAG_ENUM | flags, | ||
| TSK_HDB_LOOKUP_FN | action, | ||
| void * | ptr | ||
| ) |
Search the index for the given hash value given (in binary form).
| hdb_info | Open hash database (with index) |
| hash | Array with binary hash value to search for |
| len | Number of bytes in binary hash value |
| flags | Flags to use in lookup |
| action | Callback function to call for each hash db entry (not called if QUICK flag is given) |
| ptr | Pointer to data to pass to each callback |
References tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_HTYPE_SHA1_LEN, and tsk_hdb_lookup_str().
Referenced by TskHdbInfo::lookupRaw().
| int8_t tsk_hdb_lookup_str | ( | TSK_HDB_INFO * | hdb_info, |
| const char * | hash, | ||
| TSK_HDB_FLAG_ENUM | flags, | ||
| TSK_HDB_LOOKUP_FN | action, | ||
| void * | ptr | ||
| ) |
Search the index for a text/ASCII hash value.
| hdb_info | Open hash database (with index) |
| hash | Hash value to search for (NULL terminated string) |
| flags | Flags to use in lookup |
| action | Callback function to call for each hash db entry (not called if QUICK flag is given) |
| ptr | Pointer to data to pass to each callback |
References TSK_HDB_INFO::db_type, TSK_HDB_INFO::hash_len, TSK_HDB_INFO::hIdx, TSK_HDB_INFO::idx_lbuf, TSK_HDB_INFO::idx_llen, TSK_HDB_INFO::idx_off, TSK_HDB_INFO::idx_size, TSK_HDB_INFO::lock, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_FLAG_QUICK, TSK_HDB_HTYPE_MD5_ID, TSK_HDB_HTYPE_MD5_LEN, TSK_HDB_HTYPE_SHA1_ID, and TSK_HDB_HTYPE_SHA1_LEN.
Referenced by TskHdbInfo::lookupStr(), and tsk_hdb_lookup_raw().
| uint8_t tsk_hdb_makeindex | ( | TSK_HDB_INFO * | a_hdb_info, |
| TSK_TCHAR * | a_type | ||
| ) |
Create an index for an open hash database.
| a_hdb_info | Open hash database to index |
| a_type | Text of hash database type |
Referenced by TskHdbInfo::createIndex().
| TSK_HDB_INFO* tsk_hdb_open | ( | TSK_TCHAR * | db_file, |
| TSK_HDB_OPEN_ENUM | flags | ||
| ) |
Open a hash database.
| db_file | Path to database (even if only an index exists). |
| flags | Flags for opening the database. |
References TSK_HDB_INFO::db_fname, TSK_HDB_INFO::db_type, encase_getentry(), encase_makeindex(), encase_name(), encase_test(), TSK_HDB_INFO::hash_len, TSK_HDB_INFO::hash_type, TSK_HDB_INFO::hDb, TSK_HDB_INFO::hIdx, TSK_HDB_INFO::hIdxTmp, hk_getentry(), hk_makeindex(), hk_name(), hk_test(), TSK_HDB_INFO::idx_fname, TSK_HDB_INFO::idx_lbuf, TSK_HDB_INFO::idx_off, TSK_HDB_INFO::idx_size, idxonly_getentry(), idxonly_makeindex(), idxonly_name(), TSK_HDB_INFO::lock, md5sum_getentry(), md5sum_makeindex(), md5sum_name(), md5sum_test(), nsrl_getentry(), nsrl_makeindex(), nsrl_name(), nsrl_test(), tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_DBTYPE_ENCASE_ID, TSK_HDB_DBTYPE_HK_ID, TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_DBTYPE_MD5SUM_ID, TSK_HDB_DBTYPE_NSRL_ID, TSK_HDB_OPEN_IDXONLY, and TSK_HDB_INFO::uns_fname.
Referenced by TskHdbInfo::open().
Copyright © 2007-2013 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.