Java SleuthkitCase.runQuery Examples

Programming Language: Java

Namespace/Package Name: org.sleuthkit.datamodel

Class/Type: SleuthkitCase

Method/Function: runQuery

Examples at hotexamples.com: 2

Java SleuthkitCase.runQuery - 2 examples found. These are the top rated real world Java examples of org.sleuthkit.datamodel.SleuthkitCase.runQuery extracted from open source projects. You can rate examples to help us improve the quality of examples.

Frequently Used Methods

Show Hide

runQuery(2)

getBlackboardArtifacts(2)

closeRunQuery(2)

getImagePaths(1)

resultSetToFsContents(1)

openCase(1)

newCase(1)

getRootObjects(1)

getImages(1)

addAttrType(1)

getImageById(1)

getBlackboardArtifact(1)

getAttrTypeID(1)

getAbstractFileById(1)

findAllFilesWhere(1)

countFilesWhere(1)

getFileSystems(1)

Example #1

Show file

File: Extract.java Project: jletourneau80/autopsy

  /**
   * Returns a List of FsContent objects from TSK based on sql query.
   *
   * @param image is a Image object that denotes which image to get the files from
   * @param query is a sql string query that is to be run
   * @return FFSqlitedb is a List of FsContent objects
   */
  @SuppressWarnings("deprecation")
  public List<FsContent> extractFiles(Image image, String query) {

    Collection<FileSystem> imageFS = tskCase.getFileSystems(image);
    List<String> fsIds = new LinkedList<String>();
    for (FileSystem img : imageFS) {
      Long tempID = img.getId();
      fsIds.add(tempID.toString());
    }

    String allFS = new String();
    for (int i = 0; i < fsIds.size(); i++) {
      if (i == 0) {
        allFS += " AND (0";
      }
      allFS += " OR fs_obj_id = '" + fsIds.get(i) + "'";
      if (i == fsIds.size() - 1) {
        allFS += ")";
      }
    }
    List<FsContent> FFSqlitedb = null;
    ResultSet rs = null;
    try {
      rs = tskCase.runQuery(query + allFS);
      FFSqlitedb = tskCase.resultSetToFsContents(rs);
    } catch (SQLException ex) {
      logger.log(
          Level.SEVERE, "Error while trying to extract files for:" + this.getClass().getName(), ex);
      this.addErrorMessage(this.getName() + ": Error while trying to extract files to analyze.");
    } finally {
      if (rs != null) {
        try {
          tskCase.closeRunQuery(rs);
        } catch (SQLException ex) {
          logger.log(
              Level.SEVERE,
              "Error while trying to close result set after extract files for:"
                  + this.getClass().getName(),
              ex);
        }
      }
    }
    return FFSqlitedb;
  }

Example #2

Show file

File: Tags.java Project: halbbob/autopsy

  /**
   * Get a list of all the tag names. Uses a custom query for speed when dealing with thousands of
   * Tags.
   *
   * @return a list of all tag names.
   */
  @SuppressWarnings("deprecation")
  public static List<String> getTagNames() {
    Case currentCase = Case.getCurrentCase();
    SleuthkitCase skCase = currentCase.getSleuthkitCase();
    List<String> names = new ArrayList<>();

    ResultSet rs = null;
    try {
      rs =
          skCase.runQuery(
              "SELECT value_text"
                  + " FROM blackboard_attributes"
                  + " WHERE attribute_type_id = "
                  + ATTRIBUTE_TYPE.TSK_TAG_NAME.getTypeID()
                  + " GROUP BY value_text"
                  + " ORDER BY value_text");
      while (rs.next()) {
        names.add(rs.getString("value_text"));
      }
    } catch (SQLException ex) {
      logger.log(Level.SEVERE, "Failed to query the blackboard for tag names.");
    } finally {
      if (rs != null) {
        try {
          skCase.closeRunQuery(rs);
        } catch (SQLException ex) {
          logger.log(Level.SEVERE, "Failed to close the query for blackboard for tag names.");
        }
      }
    }

    // add the 'Bookmark' tag, if it's not already in the list
    if (!names.contains(BOOKMARK_TAG_NAME)) {
      names.add(BOOKMARK_TAG_NAME);
    }

    return names;
  }