|
Sleuth Kit Java Bindings (JNI)
4.3
Java bindings for using The Sleuth Kit
|
|
Sleuth Kit Java Bindings (JNI)
4.3
Java bindings for using The Sleuth Kit
|
Classes | |
| class | CaseDbHandle |
| enum | TSK_FS_FILE_READ_OFFSET_TYPE_ENUM |
Static Public Member Functions | |
| static void | addToHashDatabase (String filename, String md5, String sha1, String sha256, String comment, int dbHandle) throws TskCoreException |
| static void | addToHashDatabase (List< HashEntry > hashes, int dbHandle) throws TskCoreException |
| static void | cancelFinishImage (long imgHandle) |
| static void | closeAllHashDatabases () throws TskCoreException |
| static void | closeFile (long fileHandle) |
| static void | closeFs (long fsHandle) |
| static void | closeHashDatabase (int dbHandle) throws TskCoreException |
| static void | closeImg (long imgHandle) |
| static void | closeVs (long vsHandle) |
| static int | createHashDatabase (String path) throws TskCoreException |
| static void | createLookupIndexForHashDatabase (int dbHandle) throws TskCoreException |
| static long | findDeviceSize (String devPath) throws TskCoreException |
| static int | finishImageWriter (long imgHandle) throws TskCoreException |
| static List< String > | getFileMetaDataText (long fileHandle) throws TskCoreException |
| static int | getFinishImageProgress (long imgHandle) |
| static String | getHashDatabaseDisplayName (int dbHandle) throws TskCoreException |
| static String | getHashDatabaseIndexPath (int dbHandle) throws TskCoreException |
| static String | getHashDatabasePath (int dbHandle) throws TskCoreException |
| static String | getVersion () |
| static boolean | hashDatabaseCanBeReindexed (int dbHandle) throws TskCoreException |
| static boolean | hashDatabaseHasLookupIndex (int dbHandle) throws TskCoreException |
| static boolean | hashDatabaseIsIndexOnly (int dbHandle) throws TskCoreException |
| static boolean | isImageSupported (String imagePath) |
| static boolean | isUpdateableHashDatabase (int dbHandle) throws TskCoreException |
| static boolean | lookupInHashDatabase (String hash, int dbHandle) throws TskCoreException |
| static HashHitInfo | lookupInHashDatabaseVerbose (String hash, int dbHandle) throws TskCoreException |
| static long | openFile (long fsHandle, long fileId, TSK_FS_ATTR_TYPE_ENUM attrType, int attrId) throws TskCoreException |
| static long | openFs (long imgHandle, long fsOffset) throws TskCoreException |
| static int | openHashDatabase (String path) throws TskCoreException |
| static long | openImage (String[] imageFiles) throws TskCoreException |
| static long | openVs (long imgHandle, long vsOffset) throws TskCoreException |
| static long | openVsPart (long vsHandle, long volId) throws TskCoreException |
| static int | readFile (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readFileSlack (long fileHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readFs (long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readImg (long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readVs (long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static int | readVsPart (long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static void | startVerboseLogging (String logPath) |
Private Member Functions | |
| SleuthkitJNI () | |
Static Private Member Functions | |
| static native void | cancelFinishImageNat (long a_img_info) |
| static native void | closeCaseDbNat (long db) throws TskCoreException |
| static native void | closeFileNat (long fileHandle) |
| static native void | closeFsNat (long fsHandle) |
| static native void | closeImgNat (long imgHandle) |
| static native void | closeVsNat (long vsHandle) |
| static native long | commitAddImgNat (long process) throws TskCoreException |
| static int | convertSignedToUnsigned (int val) |
| static native long | findDeviceSizeNat (String devicePath) throws TskCoreException |
| static native int | finishImageWriterNat (long a_img_info) |
| static native String | getCurDirNat (long process) |
| static native int | getFinishImageProgressNat (long a_img_info) |
| static native String | getVersionNat () |
| static native int | hashDbAddEntryNat (String filename, String hashMd5, String hashSha1, String hashSha256, String comment, int dbHandle) throws TskCoreException |
| static native int | hashDbBeginTransactionNat (int dbHandle) throws TskCoreException |
| static native void | hashDbClose (int dbHandle) throws TskCoreException |
| static native void | hashDbCloseAll () throws TskCoreException |
| static native int | hashDbCommitTransactionNat (int dbHandle) throws TskCoreException |
| static native void | hashDbCreateIndexNat (int dbHandle) throws TskCoreException |
| static native String | hashDbGetDisplayName (int dbHandle) throws TskCoreException |
| static native boolean | hashDbIndexExistsNat (int dbHandle) throws TskCoreException |
| static native String | hashDbIndexPathNat (int dbHandle) |
| static native boolean | hashDbIsIdxOnlyNat (int dbHandle) throws TskCoreException |
| static native boolean | hashDbIsReindexableNat (int dbHandle) |
| static native boolean | hashDbIsUpdateableNat (int dbHandle) |
| static native boolean | hashDbLookup (String hash, int dbHandle) throws TskCoreException |
| static native HashHitInfo | hashDbLookupVerbose (String hash, int dbHandle) throws TskCoreException |
| static native int | hashDbNewNat (String hashDbPath) throws TskCoreException |
| static native int | hashDbOpenNat (String hashDbPath) throws TskCoreException |
| static native String | hashDbPathNat (int dbHandle) |
| static native int | hashDbRollbackTransactionNat (int dbHandle) throws TskCoreException |
| static native long | initAddImgNat (long db, String timezone, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException |
| static native long | initializeAddImgNat (long db, String timezone, boolean addFileSystems, boolean addUnallocSpace, boolean skipFatFsOrphans) throws TskCoreException |
| static native boolean | isImageSupportedNat (String imagePath) |
| static native long | newCaseDbMultiNat (String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName) |
| static native long | newCaseDbNat (String dbPath) throws TskCoreException |
| static native long | openCaseDbMultiNat (String hostNameOrIP, String portNumber, String userName, String password, int dbTypeOrdinal, String databaseName) |
| static native long | openCaseDbNat (String path) throws TskCoreException |
| static native long | openFileNat (long fsHandle, long fileId, int attrType, int attrId) throws TskCoreException |
| static native long | openFsNat (long imgHandle, long fsId) throws TskCoreException |
| static long | openImage (String[] imageFiles, boolean useCache) throws TskCoreException |
| static native long | openImgNat (String[] imgPath, int splits) throws TskCoreException |
| static native long | openVolNat (long vsHandle, long volId) throws TskCoreException |
| static native long | openVsNat (long imgHandle, long vsOffset) throws TskCoreException |
| static native int | readFileNat (long fileHandle, byte[] readBuffer, long offset, int offset_type, long len) throws TskCoreException |
| static native int | readFsNat (long fsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static native int | readImgNat (long imgHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static native int | readVolNat (long volHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static native int | readVsNat (long vsHandle, byte[] readBuffer, long offset, long len) throws TskCoreException |
| static native void | revertAddImgNat (long process) throws TskCoreException |
| static native void | runAddImgNat (long process, String deviceId, long a_img_info, String timeZone, String imageWriterPath) throws TskCoreException, TskDataException |
| static native void | runOpenAndAddImgNat (long process, String deviceId, String[] imgPath, int splits, String timezone) throws TskCoreException, TskDataException |
| static native int | saveFileMetaDataTextNat (long fileHandle, String fileName) throws TskCoreException |
| static native void | startVerboseLoggingNat (String logPath) |
| static native void | stopAddImgNat (long process) throws TskCoreException |
| static String | timezoneLongToShort (String timezoneLongForm) |
Static Private Attributes | |
| static final Object | cacheLock = new Object() |
A utility class that provides a interface to the SleuthKit via JNI. Supports case management, add image process, reading data off content objects Setting up Hash database parameters and updating / reading values
Caches image and filesystem handles and reuses them for the duration of the application
Definition at line 43 of file SleuthkitJNI.java.
|
private |
Constructor for the utility class that provides a interface to the SleuthKit via JNI.
Definition at line 62 of file SleuthkitJNI.java.
|
static |
Adds a hash value to a hash database.
| filename | Name of file (can be null) |
| md5 | Text of MD5 hash (can be null) |
| sha1 | Text of SHA1 hash (can be null) |
| sha256 | Text of SHA256 hash (can be null) |
| comment | A comment (can be null) |
| dbHandle | Handle to DB |
| TskCoreException |
Definition at line 945 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbAddEntryNat().
|
static |
Definition at line 949 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbAddEntryNat(), org.sleuthkit.datamodel.SleuthkitJNI.hashDbBeginTransactionNat(), org.sleuthkit.datamodel.SleuthkitJNI.hashDbCommitTransactionNat(), and org.sleuthkit.datamodel.SleuthkitJNI.hashDbRollbackTransactionNat().
|
static |
Cancel the finish image process
| imgHandle |
Definition at line 1038 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImageNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.cancelFinishImage().
|
static |
Close the currently open lookup databases. Resets the handle counting.
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 878 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbCloseAll().
|
staticprivate |
|
static |
frees the fileHandle pointer
| fileHandle | pointer to file structure in sleuthkit |
Definition at line 787 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.closeFileNat().
Referenced by org.sleuthkit.datamodel.FsContent.close().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.closeFile().
|
static |
frees the fsHandle pointer Currently does not do anything - preserves the cached object for the duration of the application
| fsHandle | pointer to file system structure in sleuthkit |
Definition at line 776 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.FileSystem.finalize().
|
staticprivate |
|
static |
Close a particular open lookup database. Existing handles are not affected.
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 889 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbClose().
|
static |
frees the imgHandle pointer currently does not close the image, until the application terminates (image handle is cached)
| imgHandle | to close the image |
Definition at line 755 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.finalize().
|
staticprivate |
|
static |
frees the vsHandle pointer
| vsHandle | pointer to volume system structure in sleuthkit |
Definition at line 766 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.closeVsNat().
Referenced by org.sleuthkit.datamodel.Volume.close(), and org.sleuthkit.datamodel.VolumeSystem.close().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.closeVs().
|
staticprivate |
|
staticprivate |
Converts signed integer to an unsigned integer.
| val | value to be converter |
Definition at line 573 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Creates a hash database. Will be of the default TSK hash database type.
| path | The path to the database |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 868 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbNewNat().
|
static |
Create an index for a hash database.
| dbHandle | A hash database handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 798 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbCreateIndexNat().
|
static |
Get size of a device (physical, logical device, image) pointed to by devPath
| devPath | device path pointing to the device |
| TskCoreException | exception thrown if the device size could not be queried |
Definition at line 1053 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSizeNat().
Referenced by org.sleuthkit.datamodel.Image.getSize().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.findDeviceSize().
|
static |
Fills in any gaps in the image created by image writer.
| imgHandle |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 1018 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriterNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.finishImageWriter().
|
staticprivate |
|
static |
Get human readable (some what) details about a file. This is the same as the 'istat' TSK tool
| fileHandle | pointer to file structure in the sleuthkit |
| TskCoreException | if errors occurred |
Definition at line 722 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.saveFileMetaDataTextNat().
Referenced by org.sleuthkit.datamodel.FsContent.getMetaDataText().
|
static |
Get the current progress of the finish image process (0-100)
| imgHandle |
Definition at line 1029 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.getFinishImageProgressNat().
|
staticprivate |
|
static |
Get the name of the database
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 900 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbGetDisplayName().
|
static |
getHashDatabaseIndexPath
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 851 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbIndexPathNat().
|
static |
getHashDatabasePath
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 838 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbPathNat().
|
static |
get the Sleuth Kit version string
Definition at line 406 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.getVersionNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.getVersion().
|
static |
hashDatabaseCanBeReindexed
| dbHandle | previously opened hash db handle |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 825 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsReindexableNat().
|
static |
Check if an index exists for a hash database.
| dbHandle | A hash database handle. |
| TskCoreException | if a critical error occurs within TSK core |
Definition at line 811 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbIndexExistsNat().
|
static |
Definition at line 971 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsIdxOnlyNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.closeHashDatabase().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.closeAllHashDatabases().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase().
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.lookupInHashDatabase().
|
staticprivate |
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.createHashDatabase().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openHashDatabase().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.getHashDatabasePath().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.addToHashDatabase().
|
staticprivate |
|
staticprivate |
|
static |
Definition at line 1057 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.isImageSupportedNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.isImageSupported().
|
static |
Definition at line 967 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbIsUpdateableNat().
|
static |
Lookup the given hash value and get basic answer
| hash | Hash value to search for |
| dbHandle | Handle of database to lookup in. |
| TskCoreException |
Definition at line 914 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbLookup().
|
static |
Lookup hash value in DB and return details on results (more time consuming than basic lookup)
| hash | Hash value to search for |
| dbHandle | Handle of database to lookup in. |
| TskCoreException |
Definition at line 929 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbLookupVerbose().
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
static |
Get file Handle
| fsHandle | fsHandle pointer in the sleuthkit |
| fileId | id of the file |
| attrType | file attribute type to open |
| attrId | file attribute id to open |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 551 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.convertSignedToUnsigned(), and org.sleuthkit.datamodel.SleuthkitJNI.openFileNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFile().
|
static |
Get file system Handle Opened handle is cached (transparently) so it does not need be reopened next time for the duration of the application
| imgHandle | pointer to imgHandle in sleuthkit |
| fsOffset | byte offset to the file system |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 522 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.cacheLock, org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.fsHandleCache, and org.sleuthkit.datamodel.SleuthkitJNI.openFsNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFs().
|
static |
Definition at line 855 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.hashDbOpenNat().
|
static |
open the image and return the image info pointer
| imageFiles | the paths to the images |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 427 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.Image.getImageHandle(), and org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run().
|
staticprivate |
open the image and return the image info pointer This is a temporary measure to allow ingest of multiple local disks on the same drive letter. We need to clear the cache to make sure cached data from the first drive is not used.
| imageFiles | the paths to the images |
| useCache | true if the image handle cache should be used, false to always go to TSK to open a fresh copy |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 446 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.cacheLock, org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.fsHandleCache, org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.imageHandleCache, and org.sleuthkit.datamodel.SleuthkitJNI.openImgNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openImage().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openVsPart().
|
static |
Get volume system Handle
| imgHandle | a handle to previously opened image |
| vsOffset | byte offset in the image to the volume system (usually 0) |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 489 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openVsNat().
Referenced by org.sleuthkit.datamodel.VolumeSystem.getVolumeSystemHandle().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openVs().
|
static |
Get volume Handle
| vsHandle | pointer to the volume system structure in the sleuthkit |
| volId | id of the volume |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 505 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.openVolNat().
Referenced by org.sleuthkit.datamodel.Volume.read().
|
static |
reads data from an file
| fileHandle | pointer to a file structure in the sleuthkit |
| readBuffer | pre-allocated buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 690 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readFileNat(), and org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_FILE.
Referenced by org.sleuthkit.datamodel.FsContent.readInt().
|
staticprivate |
|
static |
reads data from the slack space of a file
| fileHandle | pointer to a file structure in the sleuthkit |
| readBuffer | pre-allocated buffer to read to |
| offset | byte offset in the slack to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 708 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readFileNat(), and org.sleuthkit.datamodel.SleuthkitJNI.TSK_FS_FILE_READ_OFFSET_TYPE_ENUM.START_OF_SLACK.
Referenced by org.sleuthkit.datamodel.SlackFile.readInt().
|
static |
reads data from an file system
| fsHandle | pointer to a file system structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 652 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readFsNat().
Referenced by org.sleuthkit.datamodel.FileSystem.read().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.readFs().
|
static |
reads data from an image
| imgHandle | |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 596 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readImgNat().
Referenced by org.sleuthkit.datamodel.Image.read(), and org.sleuthkit.datamodel.LayoutFile.readImgToOffset().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.readImg().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.readVsPart().
|
static |
reads data from an volume system
| vsHandle | pointer to a volume system structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | sector offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 615 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readVsNat().
Referenced by org.sleuthkit.datamodel.VolumeSystem.read().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.readVs().
|
static |
reads data from an volume
| volHandle | pointer to a volume structure in the sleuthkit |
| readBuffer | buffer to read to |
| offset | byte offset in the image to start at |
| len | amount of data to read |
| TskCoreException | exception thrown if critical error occurs within TSK |
Definition at line 633 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.readVolNat().
Referenced by org.sleuthkit.datamodel.Volume.read().
|
staticprivate |
|
staticprivate |
|
staticprivate |
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.getFileMetaDataText().
|
static |
Enable verbose logging and redirect stderr to the given log file.
Definition at line 413 of file SleuthkitJNI.java.
References org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLoggingNat().
|
staticprivate |
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.startVerboseLogging().
|
staticprivate |
|
staticprivate |
Convert this timezone from long to short form Convert timezoneLongForm passed in from long to short form
| timezoneLongForm | the long form (e.g., America/New_York) |
Definition at line 984 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess.run().
|
staticprivate |
Definition at line 56 of file SleuthkitJNI.java.
Referenced by org.sleuthkit.datamodel.SleuthkitJNI.openFs(), and org.sleuthkit.datamodel.SleuthkitJNI.openImage().
Copyright © 2011-2015 Brian Carrier. (carrier -at- sleuthkit -dot- org)
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.
