Package org.sleuthkit.datamodel

Examples of org.sleuthkit.datamodel.SleuthkitCase$CaseDbTransaction


            //TODO: can we do more incremental updates? -jm
            eventDB.dropTable();
            eventDB.initializeDB();

            //grab ids of all files
            SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
            List<Long> files = skCase.findAllFileIdsWhere(FILES_AND_DIRS_WHERE_CLAUSE);

            final int numFiles = files.size();
            process(Arrays.asList(new ProgressWindow.ProgressUpdate(0, numFiles, "populating mac events for files: ", "")));

            //insert file events into db
            int i = 1;
            EventDB.EventTransaction trans = eventDB.beginTransaction();
            for (final Long fID : files) {
                if (isCancelled()) {
                    break;
                } else {
                    try {
                        AbstractFile f = skCase.getAbstractFileById(fID);
                        //TODO: This is broken for logical files? fix -jm
                        //TODO: logical files don't necessarily have valid timestamps, so ... -jm
                        final String uniquePath = f.getUniquePath();
                        final String parentPath = f.getParentPath();
                        String datasourceName = StringUtils.substringBefore(StringUtils.stripStart(uniquePath, "/"), parentPath);
View Full Code Here


                // get the unique set of files with hits
                Set<SolrDocument> uniqueSolrDocumentsWithHits = filterDuplicateSolrDocuments(resultList);
               
                allMatchesFetched = start + MAX_RESULTS >= resultList.getNumFound();
               
                SleuthkitCase sleuthkitCase;
                try {
                    sleuthkitCase = Case.getCurrentCase().getSleuthkitCase();
                } catch (IllegalStateException ex) {
                    //no case open, must be just closed
                    return matches;
View Full Code Here

         * @return
         */
        private List<AbstractFile> getFiles() {
            List<AbstractFile> absFiles;
            try {
                SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
                absFiles = skCase.findAllFilesWhere("NOT meta_type = 2"); //NON-NLS
                return absFiles;
            } catch (TskCoreException ex) {
                // TODO
                return Collections.<AbstractFile>emptyList();
            }
View Full Code Here

    private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName());

    public void findCallLogs() {
        List<AbstractFile> absFiles;
        try {
            SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
            absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //get exact file names
            if (absFiles.isEmpty()) {
                return;
            }
            for (AbstractFile AF : absFiles) {
                try {
View Full Code Here

        } catch (ClassNotFoundException | SQLException e) {
            logger.log(Level.SEVERE, "Error opening database", e);
        }

        Case currentCase = Case.getCurrentCase();
        SleuthkitCase skCase = currentCase.getSleuthkitCase();
        try {
            AbstractFile f = skCase.getAbstractFileById(fId);
            try {
                resultSet = statement.executeQuery(
                        "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;");

                BlackboardArtifact bba;
View Full Code Here

        // There are two tasks to do.
        progressBar.switchToDeterminate(2);

        Case autopsyCase = Case.getCurrentCase();
        SleuthkitCase sleuthkitCase = autopsyCase.getSleuthkitCase();
        Services services = new Services(sleuthkitCase);
        FileManager fileManager = services.getFileManager();
        try {
            // Get count of files with .doc extension.
            long fileCount = 0;
View Full Code Here

                // results to the blackboard. There are many standard blackboard
                // artifact and attribute types and you should use them instead
                // creating new ones to facilitate use of your results by other
                // modules.
                Case autopsyCase = Case.getCurrentCase();
                SleuthkitCase sleuthkitCase = autopsyCase.getSleuthkitCase();
                try {
                    // See if the attribute type has already been defined.
                    attrId = sleuthkitCase.getAttrTypeID("ATTR_SAMPLE");
                    if (attrId == -1) {
                        attrId = sleuthkitCase.addAttrType("ATTR_SAMPLE", "Sample Attribute");
                    }
                } catch (TskCoreException ex) {
                    IngestServices ingestServices = IngestServices.getInstance();
                    Logger logger = ingestServices.getLogger(SampleIngestModuleFactory.getModuleName());
                    logger.log(Level.SEVERE, "Failed to create blackboard attribute", ex);
View Full Code Here

    @Override
    public Long visit(FileSystem fs) {
        //recursion stop here
        //case of a real fs, query all files for it
        SleuthkitCase sc = Case.getCurrentCase().getSleuthkitCase();
        StringBuilder queryB = new StringBuilder();
        queryB.append("( (fs_obj_id = ").append(fs.getId()); //NON-NLS
        //queryB.append(") OR (fs_obj_id = NULL) )");
        queryB.append(") )");
        queryB.append(" AND ( (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()); //NON-NLS
        queryB.append(") OR (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue()); //NON-NLS
        queryB.append(") OR (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue()); //NON-NLS               
        queryB.append(" AND (name != '.') AND (name != '..')"); //NON-NLS
        queryB.append(") )");
        //queryB.append( "AND (type = ");
        //queryB.append(TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType());
        //queryB.append(")");
        try {
            final String query = queryB.toString();
            logger.log(Level.INFO, "Executing count files query: {0}", query); //NON-NLS
            return sc.countFilesWhere(query);
        } catch (TskCoreException ex) {
            logger.log(Level.SEVERE, "Couldn't get count of all files in FileSystem", ex); //NON-NLS
            return 0L;
        }
    }
View Full Code Here

                // try to get the number of matches first
                Case currentCase = Case.getCurrentCase(); // get the most updated case
                long totalMatches = 0;
                List<AbstractFile> contentList = null;
                try {
                    SleuthkitCase tskDb = currentCase.getSleuthkitCase();
                    //ResultSet rs = tempDb.runQuery(this.getQuery("count(*) as TotalMatches"));
                    contentList = tskDb.findAllFilesWhere(this.getQuery());

                } catch (TskCoreException ex) {
                    Logger logger = Logger.getLogger(this.getClass().getName());
                    logger.log(Level.WARNING, "Error while trying to get the number of matches.", ex); //NON-NLS
                }
View Full Code Here

                    //this.close();
                    ((BeanTreeView) this.jScrollPane1).setRootVisible(false); // hide the root
                } else {
                    // if there's at least one image, load the image and open the top component
                    List<Object> items = new ArrayList<>();
                    final SleuthkitCase tskCase = currentCase.getSleuthkitCase();
                    items.add(new DataSources());
                    items.add(new Views(tskCase));
                    items.add(new Results(tskCase));
                    items.add(new Reports());
                    contentChildren = new RootContentChildren(items);
View Full Code Here

TOP

Related Classes of org.sleuthkit.datamodel.SleuthkitCase$CaseDbTransaction

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.