Examples of org.sleuthkit.datamodel.SleuthkitCase

• org.sleuthkit.datamodel.SleuthkitCase
  Represents the case database with methods that provide abstractions for database operations.

 */
public class Sample {

  public static void run(String imagePath) {
    try {
      SleuthkitCase sk = SleuthkitCase.newCase(imagePath + ".db");

      // initialize the case with an image
      String timezone = "";
      AddImageProcess process = sk.makeAddImageProcess(timezone, true, false);
      ArrayList<String> paths = new ArrayList<String>();
      paths.add(imagePath);
      try {
        process.run(paths.toArray(new String[paths.size()]));
      } catch (TskDataException ex) {
        Logger.getLogger(Sample.class.getName()).log(Level.SEVERE, null, ex);
      }
      process.commit();

      // print out all the images found, and their children
      List<Image> images = sk.getImages();
      for (Image image : images) {
        System.out.println("Found image: " + image.getName());
        System.out.println("There are " + image.getChildren().size() + " children.");
        for (Content content : image.getChildren()) {
          System.out.println('"' + content.getName() + '"' + " is a child of " + image.getName());
          }
        }

      // print out all .txt files found
      List<AbstractFile> files = sk.findAllFilesWhere("name like '%.txt'");
      for (AbstractFile file : files) {
              System.out.println("Found text file: " + file.getName());
            }

    } catch (TskCoreException e) {

    @Deprecated
    private List<Long> getFileIDsWithHashSetName(String hashDbName) {
        List<Long> files = new ArrayList<>();
        try {

            final SleuthkitCase sleuthkitCase = ImageAnalyzerController.getDefault().getSleuthKitCase();
            String query = "SELECT obj_id FROM blackboard_attributes,blackboard_artifacts WHERE "
                    + "attribute_type_id=" + BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()
                    + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id"
                    + " AND blackboard_attributes.value_text='" + hashDbName + "'"
                    + " AND blackboard_artifacts.artifact_type_id=" + BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();

            ResultSet rs = null;
            try {
                rs = sleuthkitCase.runQuery(query);
                while (rs.next()) {
                    long id = rs.getLong("obj_id");
                    try {
                        if (ImageAnalyzerModule.isSupportedAndNotKnown(Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(id))) {
                            files.add(id);

            logger.log(Level.SEVERE, "Error when attempting to carved data from AbstractFile with ID {0}", abstractFile.getId()); //NON-NLS
            return ProcessResult.OK;
        }

        // add a carved file to the DB for each file that scalpel carved
        SleuthkitCase db = Case.getCurrentCase().getSleuthkitCase();
        List<LayoutFile> carvedFiles = new ArrayList<LayoutFile>(output.size());
        for (CarvedFileMeta carvedFileMeta : output) {

            // calculate the byte offset of this carved file
            long byteOffset;
            try {
                byteOffset = abstractFile.convertToImgOffset(carvedFileMeta.getByteStart());
            } catch (TskCoreException ex) {
                logger.log(Level.SEVERE, "Could not calculate the image byte offset of AbstractFile ({0})", abstractFile.getName()); //NON-NLS
                break;
            }

            // get the size of the carved file
            long size = carvedFileMeta.getByteLength();

            // create the list of TskFileRange objects
            List<TskFileRange> data = new ArrayList<TskFileRange>();
            data.add(new TskFileRange(byteOffset, size, 0));

            // add the carved file
            try {
                carvedFiles.add(db.addCarvedFile(carvedFileMeta.getFileName(), size, id, data));
            } catch (TskCoreException ex) {
                logger.log(Level.SEVERE, "There was a problem while trying to add a carved file to the database.", ex); //NON-NLS
            }
        }

     * @param md5Hash   hash value to match files with
     * @return a List of all FsContent with the given hash
     */
    static List<AbstractFile> findFilesByMd5(String md5Hash) {
        final Case currentCase = Case.getCurrentCase();
        final SleuthkitCase skCase = currentCase.getSleuthkitCase();
        return skCase.findFilesByMd5(md5Hash);
    }

     * if there are no Fs files in tsk_files that have and empty md5.
     * @return true if the search feature is ready.
     */
    static boolean allFilesMd5Hashed() {
        final Case currentCase = Case.getCurrentCase();
        final SleuthkitCase skCase = currentCase.getSleuthkitCase();
        return skCase.allFilesMd5Hashed();
    }

     * Counts the number of FsContent in the database that have an MD5
     * @return the number of files with an MD5
     */
    static int countFilesMd5Hashed() {
        final Case currentCase = Case.getCurrentCase();
        final SleuthkitCase skCase = currentCase.getSleuthkitCase();
        return skCase.countFilesMd5Hashed();
    }

    }
    @SuppressWarnings("deprecation")
    private static String getHashSetHitsForFile(AbstractFile content) {
        ResultSet rs = null;
        String strList = "";
        SleuthkitCase skCase = content.getSleuthkitCase();
        long objId = content.getId();

        try {
            int setNameId = BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID();
            int artId = BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT.getTypeID();

            String query = "SELECT value_text,blackboard_attributes.artifact_id,attribute_type_id " //NON-NLS
                    + "FROM blackboard_attributes,blackboard_artifacts WHERE " //NON-NLS
                    + "attribute_type_id=" + setNameId //NON-NLS
                    + " AND blackboard_attributes.artifact_id=blackboard_artifacts.artifact_id" //NON-NLS
                    + " AND blackboard_artifacts.artifact_type_id=" + artId //NON-NLS
                    + " AND blackboard_artifacts.obj_id=" + objId; //NON-NLS
            rs = skCase.runQuery(query);
            int i = 0;
            while (rs.next()) {
                if (i++ > 0) {
                    strList += ", ";
                }
                strList += rs.getString("value_text"); //NON-NLS
            }
        } catch (SQLException ex) {
            logger.log(Level.WARNING, "SQL Exception occurred: ", ex); //NON-NLS
        } finally {
            if (rs != null) {
                try {
                    skCase.closeRunQuery(rs);
                } catch (SQLException ex) {
                   logger.log(Level.WARNING, "Error closing result set after getting hashset hits", ex); //NON-NLS
                }
            }
        }

            }
        }
    }

    private void importArtifacts(ExternalResults results) {
        SleuthkitCase caseDb = Case.getCurrentCase().getSleuthkitCase();
        for (ExternalResults.Artifact artifactData : results.getArtifacts()) {
            try {
                // Add the artifact to the case database.
                int artifactTypeId = caseDb.getArtifactTypeID(artifactData.getType());
                if (artifactTypeId == -1) {
                    artifactTypeId = caseDb.addArtifactType(artifactData.getType(), artifactData.getType());
                }
                Content sourceFile = findFileInCaseDatabase(artifactData.getSourceFilePath());
                if (sourceFile != null) {
                    BlackboardArtifact artifact = sourceFile.newArtifact(artifactTypeId);

                    // Add the artifact's attributes to the case database.
                    Collection<BlackboardAttribute> attributes = new ArrayList<>();
                    for (ExternalResults.ArtifactAttribute attributeData : artifactData.getAttributes()) {
                        int attributeTypeId = caseDb.getAttrTypeID(attributeData.getType());
                        if (attributeTypeId == -1) {
                            attributeTypeId = caseDb.addAttrType(attributeData.getType(), attributeData.getType());
                        }
                        switch (attributeData.getValueType()) {
                            case "text": //NON-NLS
                                attributes.add(new BlackboardAttribute(attributeTypeId, attributeData.getSourceModule(), attributeData.getValue()));
                                break;

            SwingUtilities.invokeLater(() -> {
                if (mainFrame != null) {
                    mainFrame.close();
                }
            });
            final SleuthkitCase sleuthkitCase = Case.getCurrentCase().getSleuthkitCase();
            final long lastObjId = sleuthkitCase.getLastObjectId();
            final long lastArtfID = getCaseLastArtifactID(sleuthkitCase);
            final Boolean injestRunning = IngestManager.getInstance().isIngestRunning();
            //TODO: verify this locking is correct? -jm
            synchronized (eventsRepository) {
                eventsRepository.rebuildRepository(() -> {

                    && eventsRepository.getWasIngestRunning()) {
                if (showLastPopulatedWhileIngestingConfirmation() == JOptionPane.YES_OPTION) {
                    rebuildingRepo = rebuildRepo();
                }
            }
            final SleuthkitCase sleuthkitCase = Case.getCurrentCase().getSleuthkitCase();
            if ((rebuildingRepo == false)
                    && (sleuthkitCase.getLastObjectId() != timeLineLastObjectId
                    || getCaseLastArtifactID(sleuthkitCase) != eventsRepository.getLastArtfactID())) {
                rebuildingRepo = outOfDatePromptAndRebuild();
            }

            if (rebuildingRepo == false) {