The Sleuth Kit: tsk/hashdb/binsrch_index.cpp File Reference

The Sleuth Kit 4.13.0

Functions

binsrch_index.cpp File Reference

Functions common to all text hash databases (i.e. More...

#include "tsk_hashdb_i.h"
#include "tsk_hash_info.h"

Functions

uint8_t hdb_binsrch_accepts_updates ()

void hdb_binsrch_close (TSK_HDB_INFO *hdb_info_base)

const TSK_TCHAR * hdb_binsrch_get_index_path (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)

uint8_t hdb_binsrch_has_index (TSK_HDB_INFO *hdb_info, TSK_HDB_HTYPE_ENUM htype)

uint8_t hdb_binsrch_idx_add_entry_bin (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, unsigned char *hvalue, int hlen, TSK_OFF_T offset)

Add a binary entry to the intermediate index file. More...

uint8_t hdb_binsrch_idx_add_entry_str (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, char *hvalue, TSK_OFF_T offset)

Add a string entry to the intermediate index file. More...

uint8_t hdb_binsrch_idx_finalize (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info)

Finalize index creation process by sorting the index and removing the intermediate temp file. More...

uint8_t hdb_binsrch_idx_init_hash_type_info (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, TSK_HDB_HTYPE_ENUM htype)

uint8_t hdb_binsrch_idx_initialize (TSK_HDB_BINSRCH_INFO *hdb_binsrch_info, TSK_TCHAR *htype)

Initialize the TSK hash DB index file. More...

int8_t hdb_binsrch_lookup_bin (TSK_HDB_INFO *hdb_info, uint8_t *hash, uint8_t len, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)

Search the index for the given hash value given (in binary form). More...

int8_t hdb_binsrch_lookup_str (TSK_HDB_INFO *hdb_info_base, const char *hash, TSK_HDB_FLAG_ENUM flags, TSK_HDB_LOOKUP_FN action, void *ptr)

Search the index for a text/ASCII hash value. More...

int8_t hdb_binsrch_lookup_verbose_str (TSK_HDB_INFO *hdb_info_base, const char *hash, void *lookup_result)

TSK_HDB_BINSRCH_INFO * hdb_binsrch_open (FILE *hDb, const TSK_TCHAR *db_path)

Called by the various text-based databases to setup the TSK_HDB_BINSRCH_INFO struct. More...

uint8_t hdb_binsrch_open_idx (TSK_HDB_INFO *hdb_info_base, TSK_HDB_HTYPE_ENUM htype)

uint8_t hdb_binsrch_uses_external_indexes ()

Detailed Description

Functions common to all text hash databases (i.e.

NSRL, HashKeeper, EnCase, etc.). Examples include index management and index-based lookup.

Function Documentation

uint8_t hdb_binsrch_idx_add_entry_bin ( TSK_HDB_BINSRCH_INFO * hdb_binsrch_info,

unsigned char * hvalue,

int hlen,

TSK_OFF_T offset

)

Add a binary entry to the intermediate index file.

Parameters: hdb_binsrch_info Hash database state info

hvalue Array of integers of hash value to add

hlen Number of bytes in hvalue

offset Byte offset of hash entry in original database.

Returns: 1 on error and 0 on success

References TSK_HDB_BINSRCH_INFO::hIdxTmp.

Referenced by encase_make_index().

uint8_t hdb_binsrch_idx_add_entry_str ( TSK_HDB_BINSRCH_INFO * hdb_binsrch_info,

char * hvalue,

TSK_OFF_T offset

)

Add a string entry to the intermediate index file.

Will not add an all-zero hash since this creates errors in the final index file, but does not return an error in this case.

Parameters: hdb_binsrch_info Hash database state info

hvalue String of hash value to add

offset Byte offset of hash entry in original database.

Returns: 1 on error and 0 on success

References TSK_HDB_BINSRCH_INFO::hIdxTmp.

Referenced by hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().

uint8_t hdb_binsrch_idx_finalize ( TSK_HDB_BINSRCH_INFO * hdb_binsrch_info )

Finalize index creation process by sorting the index and removing the intermediate temp file.

Parameters: hdb_binsrch_info Hash database state info structure.

Returns: 1 on error and 0 on success

References TSK_HDB_BINSRCH_INFO::hIdx, TSK_HDB_BINSRCH_INFO::hIdxTmp, TSK_HDB_BINSRCH_INFO::idx_fname, TSK_HDB_BINSRCH_INFO::idx_lbuf, TSK_HDB_BINSRCH_INFO::idx_llen, TSK_HDB_BINSRCH_INFO::idx_off, TSK_HDB_BINSRCH_INFO::idx_size, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), tsk_error_set_errstr2(), tsk_fprintf(), TSK_HDB_MAXLEN, tsk_verbose, and TSK_HDB_BINSRCH_INFO::uns_fname.

Referenced by encase_make_index(), hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().

uint8_t hdb_binsrch_idx_initialize ( TSK_HDB_BINSRCH_INFO * hdb_binsrch_info,

TSK_TCHAR * htype

)

Initialize the TSK hash DB index file.

This creates the intermediate file, which will have entries added to it. This file must be sorted before the process is finished.

Parameters: hdb_binsrch_info Hash database state structure

htype String of index type to create

Returns: 1 on error and 0 on success

References TSK_HDB_INFO::db_fname, TSK_HDB_INFO::db_name, TSK_HDB_INFO::db_type, TSK_HDB_BINSRCH_INFO::hash_type, TSK_HDB_BINSRCH_INFO::hIdxTmp, PRIcTSK, PRIttocTSK, tsk_error_reset(), tsk_error_set_errno(), tsk_error_set_errstr(), TSK_HDB_DBTYPE_ENCASE_ID, TSK_HDB_DBTYPE_ENCASE_STR, TSK_HDB_DBTYPE_HK_ID, TSK_HDB_DBTYPE_HK_STR, TSK_HDB_DBTYPE_IDXONLY_ID, TSK_HDB_DBTYPE_MD5SUM_ID, TSK_HDB_DBTYPE_MD5SUM_STR, TSK_HDB_DBTYPE_NSRL_ID, TSK_HDB_DBTYPE_NSRL_MD5_STR, TSK_HDB_DBTYPE_NSRL_SHA1_STR, TSK_HDB_DBTYPE_NSRL_STR, TSK_HDB_HTYPE_INVALID_ID, TSK_HDB_HTYPE_MD5_ID, TSK_HDB_HTYPE_SHA1_ID, TSK_HDB_HTYPE_STR, TSK_HDB_IDX_HEAD_TYPE_STR, and TSK_HDB_BINSRCH_INFO::uns_fname.

Referenced by encase_make_index(), hk_makeindex(), md5sum_makeindex(), and nsrl_makeindex().

TSK_HDB_BINSRCH_INFO* hdb_binsrch_open ( FILE * hDb,

const TSK_TCHAR * db_path

)

Called by the various text-based databases to setup the TSK_HDB_BINSRCH_INFO struct.

This will setup the basic function pointers, that will be overwritten by the more specific methods.

References TSK_HDB_INFO::db_type, TSK_HDB_BINSRCH_INFO::hash_len, TSK_HDB_BINSRCH_INFO::hash_type, TSK_HDB_BINSRCH_INFO::hDb, hdb_binsrch_lookup_bin(), hdb_binsrch_lookup_str(), TSK_HDB_DBTYPE_INVALID_ID, and TSK_HDB_HTYPE_INVALID_ID.

Referenced by idxonly_open().