Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | List of all members
org.sleuthkit.autopsy.coreutils.AppSQLiteDB Class Reference

Classes

class  AppSQLiteDBFileBundle
 

Public Member Functions

AbstractFile attachDatabase (DataSource dataSource, String dbName, String dbPath, String dbAlias) throws SQLException
 
void close ()
 
boolean columnExists (String tableName, String columnName) throws TskCoreException
 
void detachDatabase (String dbAlias) throws SQLException
 
AbstractFile getDBFile ()
 
ResultSet runQuery (String queryStr) throws SQLException
 
boolean tableExists (String tableName) throws TskCoreException
 

Static Public Member Functions

static Collection< AppSQLiteDBfindAppDatabases (DataSource dataSource, String dbFileName, boolean matchExactName, String parentPathSubstr)
 

Private Member Functions

 AppSQLiteDB (AppSQLiteDBFileBundle appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException
 

Static Private Member Functions

static Collection< AppSQLiteDBFileBundlefindAndCopySQLiteDB (DataSource dataSource, String dbName, boolean matchExactName, String dbPath, boolean matchExactPath) throws TskCoreException
 
static void findAndCopySQLiteMetaFile (AbstractFile sqliteFile, String metaFileName) throws NoCurrentCaseException, TskCoreException, IOException
 

Private Attributes

final Connection connection
 
final AbstractFile dbAbstractFile
 
final Logger logger = Logger.getLogger(AppSQLiteDB.class.getName())
 
final Statement statement
 

Detailed Description

An abstraction around an SQLite app DB found in a data source. This class makes a copy of it, along with any meta files (WAL, SHM), opens a SQLite connection to it, and runs queries on it.

Definition at line 48 of file AppSQLiteDB.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB ( AppSQLiteDBFileBundle  appSQLiteDBFileBundle) throws ClassNotFoundException, SQLException
private

Member Function Documentation

AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase ( DataSource  dataSource,
String  dbName,
String  dbPath,
String  dbAlias 
) throws SQLException

Attaches a database to the current connection.

Finds the specified database file in the specified folder. If found, makes copy of the database in the case folder and run ATTACH DATABASE sql.

Parameters
dataSourcedata source in which to look file the db file
dbNamename of db file to look for
dbPathpath in which to look for the db file
dbAliasalias name to attach the database as
Returns
abstract file for the matching db file. null if no match is found.
Exceptions
SQLExceptionin case of an SQL error

Definition at line 150 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().

void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.close ( )

Closes the DB connection.

Definition at line 278 of file AppSQLiteDB.java.

boolean org.sleuthkit.autopsy.coreutils.AppSQLiteDB.columnExists ( String  tableName,
String  columnName 
) throws TskCoreException

Checks if a column exists in a table.

Parameters
tableNamename of the table
columnNamecolumn name to check
Returns
true if the column exists, false otherwise
Exceptions
TskCoreException

Definition at line 298 of file AppSQLiteDB.java.

void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.detachDatabase ( String  dbAlias) throws SQLException

Detaches the specified database from the connection

Parameters
dbAliasalias for database to detach
Exceptions
SQLException

Definition at line 250 of file AppSQLiteDB.java.

static Collection<AppSQLiteDBFileBundle> org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB ( DataSource  dataSource,
String  dbName,
boolean  matchExactName,
String  dbPath,
boolean  matchExactPath 
) throws TskCoreException
staticprivate

Finds database file with the specified name, makes a copy of the file in the case directory, and returns the AbstractFile as well as the file copy.

Parameters
dataSourcedata source to search in
dbNamedb file name to search
matchExactNamewhether to look for exact file name or a pattern match
dbPathpath to match
matchExactPathwhether to look for exact path name or a substring match
Returns
a collection of AppSQLiteDBFileBundle
Exceptions
TskCoreException

Definition at line 186 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.coreutils.Logger.getLogger(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.attachDatabase(), and org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases().

static void org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteMetaFile ( AbstractFile  sqliteFile,
String  metaFileName 
) throws NoCurrentCaseException, TskCoreException, IOException
staticprivate

Searches for a meta file associated with the give SQLite database. If found, it copies this file into the temp directory of the current case.

Parameters
sqliteFilefile being processed
metaFileNamename of meta file to look for
Exceptions
NoCurrentCaseExceptionCase has been closed.
TskCoreExceptionfileManager cannot find AbstractFile files.
IOExceptionIssue during writing to file.

Definition at line 390 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesExactName(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.casemodule.services.Services.getFileManager(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.casemodule.Case.getTempDirectory(), and org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile().

Referenced by org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB().

static Collection<AppSQLiteDB> org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAppDatabases ( DataSource  dataSource,
String  dbFileName,
boolean  matchExactName,
String  parentPathSubstr 
)
static

Looks for application SQLite database files with a given name or name substring and a given parent path or parent path substring. For each database file found, a temporary copy is made and an open connection to the database in the form of an AppSQLiteDB object is created and returned.

Parameters
dataSourceThe data source to be searched for the database files.
dbFileNameThe database file name or file name substring for which to search.
matchExactNameWhether or not the database file name argument is the full database file name or a substring.
parentPathSubstrThe parent path substring, may pass the empty string to match any parent path.
Returns
A list, possibly empty, of AppSQLiteDB objects for the files that were found, copied, and connected to.

Definition at line 108 of file AppSQLiteDB.java.

References org.sleuthkit.autopsy.coreutils.AppSQLiteDB.AppSQLiteDB(), org.sleuthkit.autopsy.coreutils.AppSQLiteDB.findAndCopySQLiteDB(), and org.sleuthkit.autopsy.coreutils.Logger.getLogger().

AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.getDBFile ( )
ResultSet org.sleuthkit.autopsy.coreutils.AppSQLiteDB.runQuery ( String  queryStr) throws SQLException

Runs the given query on the database and returns result set.

Parameters
queryStrSQL string for the query to run
Returns
ResultSet from running the query.
Exceptions
SQLExceptionin case of an error.

Definition at line 265 of file AppSQLiteDB.java.

boolean org.sleuthkit.autopsy.coreutils.AppSQLiteDB.tableExists ( String  tableName) throws TskCoreException

Checks if a table exists in the case database.

Parameters
tableNamename of the table to check
Returns
true if the table exists, false otherwise
Exceptions
TskCoreException

Definition at line 342 of file AppSQLiteDB.java.

Member Data Documentation

final Connection org.sleuthkit.autopsy.coreutils.AppSQLiteDB.connection
private

Definition at line 54 of file AppSQLiteDB.java.

final AbstractFile org.sleuthkit.autopsy.coreutils.AppSQLiteDB.dbAbstractFile
private
final Logger org.sleuthkit.autopsy.coreutils.AppSQLiteDB.logger = Logger.getLogger(AppSQLiteDB.class.getName())
private

Definition at line 50 of file AppSQLiteDB.java.

final Statement org.sleuthkit.autopsy.coreutils.AppSQLiteDB.statement
private

Definition at line 55 of file AppSQLiteDB.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.