Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Inherits Closeable.
Classes | |
interface | FileAddProgressUpdater |
Public Member Functions | |
FileManager (SleuthkitCase caseDb) | |
synchronized LayoutFile | addCarvedFile (String fileName, long fileSize, long parentObjId, List< TskFileRange > layout) throws TskCoreException |
synchronized List< LayoutFile > | addCarvedFiles (CarvingResult carvingResult) throws TskCoreException |
synchronized List< LayoutFile > | addCarvedFiles (List< org.sleuthkit.datamodel.CarvedFileContainer > filesToAdd) throws TskCoreException |
synchronized DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, Content parentObj, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
synchronized DerivedFile | addDerivedFile (String fileName, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, AbstractFile parentFile, String rederiveDetails, String toolName, String toolVersion, String otherDetails) throws TskCoreException |
synchronized LocalFilesDataSource | addLocalFilesDataSource (String deviceId, String rootVirtualDirectoryName, String timeZone, List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException, TskDataException |
synchronized VirtualDirectory | addLocalFilesDirs (List< String > localFilePaths, FileAddProgressUpdater progressUpdater) throws TskCoreException |
synchronized void | close () throws IOException |
synchronized List< AbstractFile > | findFiles (String fileName) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (String fileName, String parentSubString) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (String fileName, AbstractFile parent) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (Content dataSource, String fileName) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (Content dataSource, String fileName, String parentSubString) throws TskCoreException |
synchronized List< AbstractFile > | findFiles (Content dataSource, String fileName, AbstractFile parent) throws TskCoreException |
synchronized List< AbstractFile > | findFilesByMimeType (Collection< String > mimeTypes) throws TskCoreException |
synchronized List< AbstractFile > | findFilesByMimeType (Content dataSource, Collection< String > mimeTypes) throws TskCoreException |
synchronized List< AbstractFile > | findFilesByParentPath (long dataSourceObjectID, String parentPath) throws TskCoreException |
synchronized List< AbstractFile > | openFiles (Content dataSource, String filePath) throws TskCoreException |
synchronized DerivedFile | updateDerivedFile (DerivedFile derivedFile, String localPath, long size, long ctime, long crtime, long atime, long mtime, boolean isFile, String mimeType, String rederiveDetails, String toolName, String toolVersion, String otherDetails, TskData.EncodingType encodingType) throws TskCoreException |
Private Member Functions | |
AbstractFile | addLocalFile (CaseDbTransaction trans, SpecialDirectory parentDirectory, java.io.File localFile, TskData.EncodingType encodingType, FileAddProgressUpdater progressUpdater) throws TskCoreException |
AbstractFile | addLocalFile (CaseDbTransaction trans, SpecialDirectory parentDirectory, java.io.File localFile, FileAddProgressUpdater progressUpdater) throws TskCoreException |
List< java.io.File > | getFilesAndDirectories (List< String > localFilePaths) throws TskDataException |
Static Private Member Functions | |
static String | createFileTypeInCondition (Collection< String > mimeTypes) |
static String | createParentPathCondition (long dataSourceObjectID, String parentPath) |
static synchronized String | generateFilesDataSourceName (SleuthkitCase caseDb) throws TskCoreException |
Private Attributes | |
SleuthkitCase | caseDb |
Static Private Attributes | |
static final Logger | LOGGER = Logger.getLogger(FileManager.class.getName()) |
A manager that provides methods for retrieving files from the current case and for adding local files, carved files, and derived files to the current case.
Definition at line 58 of file FileManager.java.
org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager | ( | SleuthkitCase | caseDb | ) |
Constructs a manager that provides methods for retrieving files from the current case and for adding local files, carved files, and derived files to the current case.
caseDb | The case database. |
Definition at line 70 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.caseDb.
synchronized LayoutFile org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFile | ( | String | fileName, |
long | fileSize, | ||
long | parentObjId, | ||
List< TskFileRange > | layout | ||
) | throws TskCoreException |
Adds a carved file to the '$CarvedFiles' virtual directory of a data source, volume or file system.
fileName | The name of the file. |
fileSize | The size of the file. |
parentObjId | The object id of the parent data source, volume or file system. |
layout | A list of the offsets and sizes that gives the layout of the file within its parent. |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 672 of file FileManager.java.
synchronized List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles | ( | CarvingResult | carvingResult | ) | throws TskCoreException |
Adds a carving result to the case database.
carvingResult | The carving result (a set of carved files and their parent) to be added. |
TskCoreException | If there is a problem completing a case database operation. |
Definition at line 418 of file FileManager.java.
synchronized List<LayoutFile> org.sleuthkit.autopsy.casemodule.services.FileManager.addCarvedFiles | ( | List< org.sleuthkit.datamodel.CarvedFileContainer > | filesToAdd | ) | throws TskCoreException |
Adds a collection of carved files to the '$CarvedFiles' virtual directory of a data source, volume or file system.
filesToAdd | A collection of CarvedFileContainer objects, one per carved file, all of which must have the same parent object id. |
TskCoreException | if there is a problem adding the files to the case database. |
Definition at line 699 of file FileManager.java.
synchronized DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
Content | parentObj, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType | ||
) | throws TskCoreException |
Adds a derived file to the case.
fileName | The name of the file. |
localPath | The local path of the file, relative to the case folder and including the file name. |
size | The size of the file in bytes. |
ctime | The change time of the file. |
crtime | The create time of the file |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
isFile | True if a file, false if a directory. |
parentObj | The parent object from which the file was derived. |
rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
toolName | The name of the derivation method or tool, currently unused. |
toolVersion | The version of the derivation method or tool, currently unused. |
otherDetails | Other details of the derivation method or tool, currently unused. |
encodingType | Type of encoding used on the file |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 348 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile(), org.sleuthkit.autopsy.thunderbirdparser.ThunderbirdMboxFileIngestModule.handleAttachments(), and org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.updateOrAddFileToCaseRec().
synchronized DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile | ( | String | fileName, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
AbstractFile | parentFile, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails | ||
) | throws TskCoreException |
Adds a derived file to the case.
fileName | The name of the file. |
localPath | The local path of the file, relative to the case folder and including the file name. |
size | The size of the file in bytes. |
ctime | The change time of the file. |
crtime | The create time of the file |
atime | The accessed time of the file. |
mtime | The modified time of the file. |
isFile | True if a file, false if a directory. |
parentFile | The parent file from which the file was derived. |
rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
toolName | The name of the derivation method or tool, currently unused. |
toolVersion | The version of the derivation method or tool, currently unused. |
otherDetails | Other details of the derivation method or tool, currently unused. |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 737 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addDerivedFile().
|
private |
Adds a file or directory of logical/local files data source to the case database, recursively adding the contents of directories.
trans | A case database transaction. |
parentDirectory | The root virtual directory of the data source or the parent local directory. |
localFile | The local/logical file or directory. |
encodingType | Type of encoding used when storing the file |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If there is a problem completing a database operation. |
Definition at line 586 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile(), and org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
|
private |
Adds a file or directory of logical/local files data source to the case database, recursively adding the contents of directories.
trans | A case database transaction. |
parentDirectory | The root virtual directory of the data source or the parent local directory. |
localFile | The local/logical file or directory. |
progressUpdater | notifier to receive progress notifications on folders added, or null if not used |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If there is a problem completing a database operation. |
Definition at line 769 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile().
synchronized LocalFilesDataSource org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource | ( | String | deviceId, |
String | rootVirtualDirectoryName, | ||
String | timeZone, | ||
List< String > | localFilePaths, | ||
FileAddProgressUpdater | progressUpdater | ||
) | throws TskCoreException, TskDataException |
Adds a set of local/logical files and/or directories to the case database as data source.
deviceId | An ASCII-printable identifier for the device associated with the data source that is intended to be unique across multiple cases (e.g., a UUID). |
rootVirtualDirectoryName | The name to give to the virtual directory that will serve as the root for the local/logical files and/or directories that compose the data source. Pass the empty string to get a default name of the form: LogicalFileSet[N] |
timeZone | The time zone used to process the data source, may be the empty string. |
localFilePaths | A list of local/logical file and/or directory localFilePaths. |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If there is a problem completing a database operation. |
TskDataException | if any of the local file paths is for a file or directory that does not exist or cannot be read. |
Definition at line 467 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFile(), org.sleuthkit.autopsy.ingest.IngestServices.fireModuleContentEvent(), org.sleuthkit.autopsy.casemodule.services.FileManager.generateFilesDataSourceName(), org.sleuthkit.autopsy.casemodule.services.FileManager.getFilesAndDirectories(), and org.sleuthkit.autopsy.ingest.IngestServices.getInstance().
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs().
synchronized VirtualDirectory org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDirs | ( | List< String > | localFilePaths, |
FileAddProgressUpdater | progressUpdater | ||
) | throws TskCoreException |
Adds a set of local/logical files and/or directories to the case database as data source.
localFilePaths | A list of local/logical file and/or directory localFilePaths. |
progressUpdater | Called after each file/directory is added to the case database. |
TskCoreException | If any of the local file paths is for a file or directory that does not exist or cannot be read, or there is a problem completing a database operation. |
Definition at line 642 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
synchronized void org.sleuthkit.autopsy.casemodule.services.FileManager.close | ( | ) | throws IOException |
Closes the file manager.
IOException | If there is a problem closing the file manager. |
Definition at line 619 of file FileManager.java.
|
staticprivate |
Converts a list of MIME types into an SQL "mime_type IN" condition.
mimeTypes | The MIIME types. |
Definition at line 135 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType().
|
staticprivate |
Converts a data source object id and a parent path into SQL data_source_obj_id = ? AND parent_path LIKE ?%
dataSourceObjectID | |
parentPath |
Definition at line 148 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByParentPath().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName | ) | throws TskCoreException |
Finds all files and directories with a given file name. The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
fileName | The full name or a pattern to match on part of the name |
TskCoreException | if there is a problem querying the case database. |
Definition at line 165 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName, |
String | parentSubString | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory name. The name searches are for full or partial matches and are case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
fileName | The full name or a pattern to match on part of the name |
parentSubString | Substring that must exist in parent path. Will be surrounded by % in LIKE query. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 191 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | String | fileName, |
AbstractFile | parent | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory. The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
fileName | The full name or a pattern to match on part of the name |
parent | The parent file or directory. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 217 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
String | fileName | ||
) | throws TskCoreException |
Finds all files and directories with a given file name in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
dataSource | The data source. |
fileName | The full name or a pattern to match on part of the name |
TskCoreException | if there is a problem querying the case database. |
Definition at line 243 of file FileManager.java.
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
String | fileName, | ||
String | parentSubString | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and parent file or directory name in a given data source (image, local/logical files set, etc.). The name searches are for full or partial matches and are case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
dataSource | The data source. |
fileName | The full name or a pattern to match on part of the name |
parentSubString | Substring that must exist in parent path. Will be surrounded by % in LIKE query. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 266 of file FileManager.java.
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles | ( | Content | dataSource, |
String | fileName, | ||
AbstractFile | parent | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and given parent file or directory in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database).
dataSource | The data source. |
fileName | The full name or a pattern to match on part of the name |
parent | The parent file or directory. |
TskCoreException | if there is a problem querying the case database. |
Definition at line 289 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.findFiles().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType | ( | Collection< String > | mimeTypes | ) | throws TskCoreException |
Finds all files with types that match one of a collection of MIME types.
mimeTypes | The MIME types. |
TskCoreException | If there is a problem querying the case database. |
Definition at line 84 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createFileTypeInCondition().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByMimeType | ( | Content | dataSource, |
Collection< String > | mimeTypes | ||
) | throws TskCoreException |
Finds all files in a given data source (image, local/logical files set, etc.) with types that match one of a collection of MIME types.
dataSource | The data source. |
mimeTypes | The MIME types. |
TskCoreException | If there is a problem querying the case database. |
Definition at line 121 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createFileTypeInCondition().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.findFilesByParentPath | ( | long | dataSourceObjectID, |
String | parentPath | ||
) | throws TskCoreException |
Finds all parent_paths that match the specified parentPath and are in the specified data source.
dataSourceObjectID | - the id of the data source to get files from |
parentPath | - the parent path that all files should be like |
TskCoreException | If there is a problem querying the case database. |
Definition at line 102 of file FileManager.java.
References org.sleuthkit.autopsy.casemodule.services.FileManager.createParentPathCondition().
|
staticprivate |
Generates a name for the root virtual directory for the data source.
NOTE: Although this method is guarded by the file manager's monitor, there is currently a minimal chance of default name duplication for multi-user cases with multiple FileManagers running on different nodes.
TskCoreException | If there is a problem querying the case database. |
Definition at line 530 of file FileManager.java.
References org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode.LOGICAL_FILE_SET_PREFIX.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
|
private |
Converts a list of local/logical file and/or directory paths to a list of file objects.
localFilePaths | A list of local/logical file and/or directory paths. |
TskDataException | if any of the paths is for a file or directory that does not exist or cannot be read. |
Definition at line 557 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.addLocalFilesDataSource().
synchronized List<AbstractFile> org.sleuthkit.autopsy.casemodule.services.FileManager.openFiles | ( | Content | dataSource, |
String | filePath | ||
) | throws TskCoreException |
Finds all files and directories with a given file name and path in a given data source (image, local/logical files set, etc.). The name search is for full or partial matches and is case insensitive (a case insensitive SQL LIKE clause is used to query the case database). Any path components at the volume level and above are removed for the search.
dataSource | The data source. |
filePath | The file path (path components volume at the volume level or above will be removed). |
TskCoreException | if there is a problem querying the case database. |
Definition at line 312 of file FileManager.java.
synchronized DerivedFile org.sleuthkit.autopsy.casemodule.services.FileManager.updateDerivedFile | ( | DerivedFile | derivedFile, |
String | localPath, | ||
long | size, | ||
long | ctime, | ||
long | crtime, | ||
long | atime, | ||
long | mtime, | ||
boolean | isFile, | ||
String | mimeType, | ||
String | rederiveDetails, | ||
String | toolName, | ||
String | toolVersion, | ||
String | otherDetails, | ||
TskData.EncodingType | encodingType | ||
) | throws TskCoreException |
Update a derived file which already exists in the the case.
derivedFile | The derived file you wish to update |
localPath | The local path of the file, relative to the case folder and including the file name. |
size | The size of the file in bytes. |
ctime | The change time of the file. |
crtime | The create time of the file |
atime | The accessed time of the file. |
mimeType | The MIME type the updated file should have, null to unset it |
mtime | The modified time of the file. |
isFile | True if a file, false if a directory. |
rederiveDetails | The details needed to re-derive file (will be specific to the derivation method), currently unused. |
toolName | The name of the derivation method or tool, currently unused. |
toolVersion | The version of the derivation method or tool, currently unused. |
otherDetails | Other details of the derivation method or tool, currently unused. |
encodingType | Type of encoding used on the file |
TskCoreException | if there is a problem adding the file to the case database. |
Definition at line 393 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.modules.embeddedfileextractor.SevenZipExtractor.UnpackedTree.updateOrAddFileToCaseRec().
|
private |
Definition at line 61 of file FileManager.java.
Referenced by org.sleuthkit.autopsy.casemodule.services.FileManager.FileManager().
|
staticprivate |
Definition at line 60 of file FileManager.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.