1 /*
2  * Sleuth Kit Data Model
3  *
4  * Copyright 2012-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  *	 http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.datamodel.Examples;
20 
21 import java.util.ArrayList;
22 import java.util.List;
23 import java.util.UUID;
24 import java.util.logging.Level;
25 import java.util.logging.Logger;
26 import org.sleuthkit.datamodel.AbstractFile;
27 import org.sleuthkit.datamodel.Content;
28 import org.sleuthkit.datamodel.Image;
29 import org.sleuthkit.datamodel.SleuthkitCase;
30 import org.sleuthkit.datamodel.SleuthkitJNI.CaseDbHandle.AddImageProcess;
31 import org.sleuthkit.datamodel.TskCoreException;
32 import org.sleuthkit.datamodel.TskDataException;
33 
34 /**
35  *
36  */
37 public class Sample {
38 
run(String imagePath)39 	public static void run(String imagePath) {
40 		try {
41 			SleuthkitCase sk = SleuthkitCase.newCase(imagePath + ".db");
42 
43 			// initialize the case with an image
44 			String timezone = "";
45 			AddImageProcess process = sk.makeAddImageProcess(timezone, true, false, "");
46 			ArrayList<String> paths = new ArrayList<String>();
47 			paths.add(imagePath);
48 			try {
49 				process.run(UUID.randomUUID().toString(), paths.toArray(new String[paths.size()]), 0);
50 			} catch (TskDataException ex) {
51 				Logger.getLogger(Sample.class.getName()).log(Level.SEVERE, null, ex);
52 			}
53 			process.commit();
54 
55 			// print out all the images found, and their children
56 			List<Image> images = sk.getImages();
57 			for (Image image : images) {
58 				System.out.println("Found image: " + image.getName());
59 				System.out.println("There are " + image.getChildren().size() + " children.");
60 				for (Content content : image.getChildren()) {
61 					System.out.println('"' + content.getName() + '"' + " is a child of " + image.getName());
62 				}
63 			}
64 
65 			// print out all .txt files found
66 			List<AbstractFile> files = sk.findAllFilesWhere("LOWER(name) LIKE LOWER('%.txt')");
67 			for (AbstractFile file : files) {
68 				System.out.println("Found text file: " + file.getName());
69 			}
70 
71 		} catch (TskCoreException e) {
72 			System.out.println("Exception caught: " + e.getMessage());
73 			Sample.usage(e.getMessage());
74 
75 		}
76 	}
77 
usage(String error)78 	public static void usage(String error) {
79 		System.out.println("Usage: ant -Dimage:{image string} run-sample");
80 		if (error.contains("deleted first")) {
81 			System.out.println("A database for the image already exists. Delete it to run this sample again.");
82 		} else if (error.contains("unable to open database")) {
83 			System.out.println("Image must be encapsulated by double quotes. Ex: ant -Dimage=\"C:\\Users\\You\\image.E01\" run-sample");
84 		}
85 	}
86 
main(String[] args)87 	public static void main(String[] args) {
88 		Sample.run(args[0]);
89 	}
90 }
91