Autopsy  4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.coreutils.AppSQLiteDB Class Reference

Inherits Closeable.

Classes

class  AppSQLiteDBFileBundle
 

Public Member Functions

AbstractFile attachDatabase (DataSource dataSource, String dbName, String dbPath, String dbAlias) throws SQLException
 
void close () throws IOException
 
void detachDatabase (String dbAlias) throws SQLException
 
AbstractFile getDBFile ()
 
ResultSet runQuery (String queryStr) throws SQLException
 

Static Public Member Functions

static Collection< AppSQLiteDBfindAppDatabases (DataSource dataSource, String dbName, boolean matchExactName, String parentPathSubstr)
 

Private Member Functions

 AppSQLiteDB (AppSQLiteDBFileBundle appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException
 

Static Private Member Functions

static Collection< AppSQLiteDBFileBundlefindAndCopySQLiteDB (DataSource dataSource, String dbName, boolean matchExactName, String dbPath, boolean matchExactPath) throws TskCoreException
 
static void findAndCopySQLiteMetaFile (AbstractFile sqliteFile, String metaFileName) throws NoCurrentCaseException, TskCoreException, IOException
 

Private Attributes

final Connection connection
 
final AbstractFile dbAbstractFile
 
final Logger logger = Logger.getLogger(AppSQLiteDB.class.getName())
 
final Statement statement
 

Detailed Description

An abstraction around an SQLite app DB found in a data source. This class makes a copy of it, along with any meta files (WAL, SHM), opens a SQLite connection to it, and runs queries on it.

Definition at line 50 of file AppSQLiteDB.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB ( AppSQLiteDBFileBundle  appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException
private

Member Function Documentation

AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase ( DataSource  dataSource,
String  dbName,
String  dbPath,
String  dbAlias 
) throws SQLException

Attaches a database to the current connection.

Finds the specified database file in the specified folder. If found, makes copy of the database in the case folder and run ATTACH DATABASE sql.

Parameters
dataSourcedata source in which to look file the db file
dbNamename of db file to look for
dbPathpath in which to look for the db file
dbAliasalias name to attach the database as
Returns
abstract file for the matching db file. null if no match is found.
Exceptions
SQLExceptionin case of an SQL error

Definition at line 150 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().

void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.close ( ) throws IOException

Closes the DB connection

Exceptions
IOException

Definition at line 278 of file AppSQLiteDB.java.

void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.detachDatabase ( String  dbAlias) throws SQLException

Detaches the specified database from the connection

Parameters
dbAliasalias for database to detach
Exceptions
SQLException

Definition at line 247 of file AppSQLiteDB.java.

static Collection<AppSQLiteDBFileBundle> org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB ( DataSource  dataSource,
String  dbName,
boolean  matchExactName,
String  dbPath,
boolean  matchExactPath 
) throws TskCoreException
staticprivate

Finds database file with the specified name, makes a copy of the file in the case directory, and returns the AbstractFile as well as the file copy.

Parameters
dataSourcedata source to search in
dbNamedb file name to search
matchExactNamewhether to look for exact file name or a pattern match
dbPathpath to match
matchExactNamewhether to look for exact path name or a substring match
Returns
a collection of AppSQLiteDBFileBundle
Exceptions
TskCoreException

Definition at line 183 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase(), and org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().

static void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile ( AbstractFile  sqliteFile,
String  metaFileName 
) throws NoCurrentCaseException, TskCoreException, IOException
staticprivate

Searches for a meta file associated with the give SQLite database. If found, it copies this file into the temp directory of the current case.

Parameters
sqliteFilefile being processed
metaFileNamename of meta file to look for
Exceptions
NoCurrentCaseExceptionCase has been closed.
TskCoreExceptionfileManager cannot find AbstractFile files.
IOExceptionIssue during writing to file.

Definition at line 303 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.services.Services.getFileManager(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB().

static Collection<AppSQLiteDB> org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases ( DataSource  dataSource,
String  dbName,
boolean  matchExactName,
String  parentPathSubstr 
)
static

Looks for the given SQLIte database filename, with matching path substring. It looks for exact name or a pattern match based on a input parameter. It makes a copy of each matching file, and creates an instance of AppSQLiteDB to help query the DB.

A list of AppSQLiteDB instances is returned, one for each match found.,

Parameters
dataSourcedata source to search in
dbNamedb file name to search
matchExactNamewhether to look for exact file name or a pattern match
parentPathSubstrpath substring to match
Returns
A list of abstract files matching the specified name and path. Returns an empty list if no matching database is found.

Definition at line 108 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB(), org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().

AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile ( )
ResultSet org.sleuthkit.autopsy.coreutils.AppSQLiteDB.runQuery ( String  queryStr) throws SQLException

Runs the given query on the database and returns result set.

Parameters
queryStrSQL string for the query to run
Returns
ResultSet from running the query.
Exceptions
SQLExceptionin case of an error.

Definition at line 263 of file AppSQLiteDB.java.

Member Data Documentation

final Connection org.sleuthkit.autopsy.coreutils.AppSQLiteDB.connection
private

Definition at line 55 of file AppSQLiteDB.java.

final AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.dbAbstractFile
private
final Logger org.sleuthkit.autopsy.coreutils.AppSQLiteDB.logger = Logger.getLogger(AppSQLiteDB.class.getName())
private

Definition at line 51 of file AppSQLiteDB.java.

final Statement org.sleuthkit.autopsy.coreutils.AppSQLiteDB.statement
private

Definition at line 56 of file AppSQLiteDB.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.