Autopsy
4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits Closeable.
Classes | |
class | AppSQLiteDBFileBundle |
Public Member Functions | |
AbstractFile | attachDatabase (DataSource dataSource, String dbName, String dbPath, String dbAlias) throws SQLException |
void | close () throws IOException |
void | detachDatabase (String dbAlias) throws SQLException |
AbstractFile | getDBFile () |
ResultSet | runQuery (String queryStr) throws SQLException |
Static Public Member Functions | |
static Collection< AppSQLiteDB > | findAppDatabases (DataSource dataSource, String dbName, boolean matchExactName, String parentPathSubstr) |
Private Member Functions | |
AppSQLiteDB (AppSQLiteDBFileBundle appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException | |
Static Private Member Functions | |
static Collection< AppSQLiteDBFileBundle > | findAndCopySQLiteDB (DataSource dataSource, String dbName, boolean matchExactName, String dbPath, boolean matchExactPath) throws TskCoreException |
static void | findAndCopySQLiteMetaFile (AbstractFile sqliteFile, String metaFileName) throws NoCurrentCaseException, TskCoreException, IOException |
Private Attributes | |
final Connection | connection |
final AbstractFile | dbAbstractFile |
final Logger | logger = Logger.getLogger(AppSQLiteDB.class.getName()) |
final Statement | statement |
An abstraction around an SQLite app DB found in a data source. This class makes a copy of it, along with any meta files (WAL, SHM), opens a SQLite connection to it, and runs queries on it.
Definition at line 50 of file AppSQLiteDB.java.
|
private |
Definition at line 82 of file AppSQLiteDB.java.
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().
AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase | ( | DataSource | dataSource, |
String | dbName, | ||
String | dbPath, | ||
String | dbAlias | ||
) | throws SQLException |
Attaches a database to the current connection.
Finds the specified database file in the specified folder. If found, makes copy of the database in the case folder and run ATTACH DATABASE sql.
dataSource | data source in which to look file the db file |
dbName | name of db file to look for |
dbPath | path in which to look for the db file |
dbAlias | alias name to attach the database as |
SQLException | in case of an SQL error |
Definition at line 150 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.close | ( | ) | throws IOException |
void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.detachDatabase | ( | String | dbAlias | ) | throws SQLException |
Detaches the specified database from the connection
dbAlias | alias for database to detach |
SQLException |
Definition at line 247 of file AppSQLiteDB.java.
|
staticprivate |
Finds database file with the specified name, makes a copy of the file in the case directory, and returns the AbstractFile as well as the file copy.
dataSource | data source to search in |
dbName | db file name to search |
matchExactName | whether to look for exact file name or a pattern match |
dbPath | path to match |
matchExactName | whether to look for exact path name or a substring match |
TskCoreException |
Definition at line 183 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase(), and org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().
|
staticprivate |
Searches for a meta file associated with the give SQLite database. If found, it copies this file into the temp directory of the current case.
sqliteFile | file being processed |
metaFileName | name of meta file to look for |
NoCurrentCaseException | Case has been closed. |
TskCoreException | fileManager cannot find AbstractFile files. |
IOException | Issue during writing to file. |
Definition at line 303 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.services.Services.getFileManager(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB().
|
static |
Looks for the given SQLIte database filename, with matching path substring. It looks for exact name or a pattern match based on a input parameter. It makes a copy of each matching file, and creates an instance of AppSQLiteDB to help query the DB.
A list of AppSQLiteDB instances is returned, one for each match found.,
dataSource | data source to search in |
dbName | db file name to search |
matchExactName | whether to look for exact file name or a pattern match |
parentPathSubstr | path substring to match |
Definition at line 108 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB(), org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().
AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile | ( | ) |
Definition at line 129 of file AppSQLiteDB.java.
References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.dbAbstractFile.
ResultSet org.sleuthkit.autopsy.coreutils.AppSQLiteDB.runQuery | ( | String | queryStr | ) | throws SQLException |
Runs the given query on the database and returns result set.
queryStr | SQL string for the query to run |
SQLException | in case of an error. |
Definition at line 263 of file AppSQLiteDB.java.
|
private |
Definition at line 55 of file AppSQLiteDB.java.
|
private |
Definition at line 53 of file AppSQLiteDB.java.
Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile().
|
private |
Definition at line 51 of file AppSQLiteDB.java.
|
private |
Definition at line 56 of file AppSQLiteDB.java.
Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.