|
Autopsy
4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
| class | UnpackedNode |
Private Member Functions | |
| UnpackedNode | addNode (UnpackedNode parent, List< String > tokenPath, List< byte[]> tokenPathBytes) |
| String | bytesToString (byte[] bytes) |
| void | commitCurrentTransaction () throws TskCoreException |
| void | getAllFileObjectsRec (List< AbstractFile > list, UnpackedNode parent) |
| CaseDbTransaction | getCurrentTransaction () throws TskCoreException |
| void | rollbackCurrentTransaction () |
| void | startTransaction () throws TskCoreException |
| void | updateOrAddFileToCaseRec (UnpackedNode node, FileManager fileManager, HashMap< String, ZipFileStatusWrapper > statusMap, String archiveFilePath, Archive parentAr, AbstractFile archiveFile, ConcurrentHashMap< Long, Archive > depthMap) throws TskCoreException |
Private Attributes | |
| CaseDbTransaction | currentTransaction = null |
| int | nodesProcessed = 0 |
| long | transactionCounter = 0 |
Static Private Attributes | |
| static final long | MAX_TRANSACTION_SIZE = 1000 |
Representation of the files in the archive. Used to track of local tree file hierarchy, archive depth, and files created to easily and reliably get parent AbstractFile for unpacked file. So that we don't have to depend on type of traversal of unpacked files handed to us by 7zip unpacker.
Definition at line 1270 of file SevenZipExtractor.java.
|
private |
recursive method that traverses the path
| parent | |
| tokenPath | |
| tokenPathBytes |
Definition at line 1378 of file SevenZipExtractor.java.
|
private |
Convert byte array to string representation.
| bytes | Byte array |
Definition at line 1361 of file SevenZipExtractor.java.
|
private |
Commit the current transaction.
| TskCoreException |
Definition at line 1587 of file SevenZipExtractor.java.
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction().
|
private |
Definition at line 1431 of file SevenZipExtractor.java.
|
private |
Get the current transaction being used in updateOrAddFileToCaseRec(). If there is no transaction, one will be started. After the transaction has been used MAX_TRANSACTION_SIZE, it will be committed and a new transaction will be opened.
| TskCoreException |
Definition at line 1553 of file SevenZipExtractor.java.
References org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.commitCurrentTransaction(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.currentTransaction, and org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.startTransaction().
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.updateOrAddFileToCaseRec().
|
private |
Rollback the current transaction.
Definition at line 1597 of file SevenZipExtractor.java.
|
private |
Open a transaction.
| TskCoreException |
Definition at line 1573 of file SevenZipExtractor.java.
References org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction().
|
private |
Add derived files to the case if they do not exist, update the derived file data if the new file contains more information than the existing one, and do nothing if the existing information is complete.
| node | - the UnpackedNode for the file which is being added or updated |
| fileManager | - the file manager to perform the adding or updating |
| statusMap | - the map of existing files and their status |
| archiveFilePath | - the archive file path for the unpacked node |
| parentAr | - the parent archive as an Archive object |
| archiveFile | - the parent archive as an AbstractFile |
| depthMap | - the depth map (to prevent zip bombs) |
| TskCoreException |
Definition at line 1466 of file SevenZipExtractor.java.
References org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatus.EXISTS, org.sleuthkit.autopsy.casemodule.Case.getCurrentCaseThrows(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatusWrapper.getFile(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatusWrapper.getStatus(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatusWrapper.setStatus(), org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatus.SKIP, and org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.ZipFileStatus.UPDATE.
|
private |
Definition at line 1280 of file SevenZipExtractor.java.
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.getCurrentTransaction().
|
staticprivate |
Definition at line 1282 of file SevenZipExtractor.java.
|
private |
Definition at line 1273 of file SevenZipExtractor.java.
|
private |
Definition at line 1281 of file SevenZipExtractor.java.
Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.