Sleuth Kit Java Bindings (JNI)  4.3
Java bindings for using The Sleuth Kit
Sample.java
Go to the documentation of this file.
1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2012-2013 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel.Examples;
20 
21 import java.lang.reflect.Array;
22 import java.util.ArrayList;
23 import java.util.List;
24 import java.util.UUID;
25 import java.util.logging.Level;
26 import java.util.logging.Logger;
34 
38 public class Sample {
39 
40  public static void run(String imagePath) {
41  try {
42  SleuthkitCase sk = SleuthkitCase.newCase(imagePath + ".db");
43 
44  // initialize the case with an image
45  String timezone = "";
46  AddImageProcess process = sk.makeAddImageProcess(timezone, true, false, "");
47  ArrayList<String> paths = new ArrayList<String>();
48  paths.add(imagePath);
49  try {
50  process.run(UUID.randomUUID().toString(), paths.toArray(new String[paths.size()]));
51  } catch (TskDataException ex) {
52  Logger.getLogger(Sample.class.getName()).log(Level.SEVERE, null, ex);
53  }
54  process.commit();
55 
56  // print out all the images found, and their children
57  List<Image> images = sk.getImages();
58  for (Image image : images) {
59  System.out.println("Found image: " + image.getName());
60  System.out.println("There are " + image.getChildren().size() + " children.");
61  for (Content content : image.getChildren()) {
62  System.out.println('"' + content.getName() + '"' + " is a child of " + image.getName());
63  }
64  }
65 
66  // print out all .txt files found
67  List<AbstractFile> files = sk.findAllFilesWhere("LOWER(name) LIKE LOWER('%.txt')");
68  for (AbstractFile file : files) {
69  System.out.println("Found text file: " + file.getName());
70  }
71 
72  } catch (TskCoreException e) {
73  System.out.println("Exception caught: " + e.getMessage());
74  Sample.usage(e.getMessage());
75 
76  }
77  }
78 
79  public static void usage(String error) {
80  System.out.println("Usage: ant -Dimage:{image string} run-sample");
81  if (error.contains("deleted first")) {
82  System.out.println("A database for the image already exists. Delete it to run this sample again.");
83  } else if (error.contains("unable to open database")) {
84  System.out.println("Image must be encapsulated by double quotes. Ex: ant -Dimage=\"C:\\Users\\You\\image.E01\" run-sample");
85  }
86  }
87 
88  public static void main(String[] args) {
89  Sample.run(args[0]);
90  }
91 }
AddImageProcess makeAddImageProcess(String timezone, boolean addUnallocSpace, boolean noFatFsOrphans, String imageWriterPath)
static void run(String imagePath)
Definition: Sample.java:40
void run(String deviceId, String[] imageFilePaths)
static void main(String[] args)
Definition: Sample.java:88
static void usage(String error)
Definition: Sample.java:79
List< Content > getChildren()
List< AbstractFile > findAllFilesWhere(String sqlWhereClause)
static SleuthkitCase newCase(String dbPath)

Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.