pax_global_header00006660000000000000000000000064131421057470014516gustar00rootroot0000000000000052 comment=0eeeb48fbe207bc62441bf5777fb2bcbdcf7d2a0 sleuthkit-sleuthkit-4.4.2/000077500000000000000000000000001314210574700155535ustar00rootroot00000000000000sleuthkit-sleuthkit-4.4.2/.gitattributes000066400000000000000000000014701314210574700204500ustar00rootroot00000000000000*.h text diff=cpp *.c text diff=cpp *.cpp text diff=cpp *.java text diff=java *.txt text *.xml text *.html text diff=html *.dox text *.am text *.ac text *.m4 text *.pro text *.in text *.1 text Makefile text Doxyfile text *.py text diff=python *.pl text diff=perl *.pm text diff=perl *.base text diff=perl *.vcproj text eol=crlf *.vcxproj* text eol=crlf *.sln text eol=crlf *.bat text eol=crlf .gitignore text sleuthkit-sleuthkit-4.4.2/.gitignore000066400000000000000000000070051314210574700175450ustar00rootroot00000000000000# NetBeans user-specific settings /bindings/java/nbproject/private/ # Bindings dependecies and build folders /bindings/java/lib/ /bindings/java/build/ /bindings/java/dist /bindings/java/doxygen/tskjni_doxygen.tag /bindings/java/test/output/results /bindings/java/test/output/gold/dummy /bindings/java/test/output/gold/*_BU.txt /bindings/java/test/output/gold/*_CPP.txt /bindings/java/test/output/gold/*_CPP_SRT.txt /bindings/java/test/input /bindings/java/nbproject/genfiles.properties /bindings/java/nbproject/nbjdk.properties /bindings/java/nbproject/jdk.xml /bindings/java/nbproject/nbjdk.xml /bindings/java/libts* *~ *.class /bindings/java/build/ /bindings/java/dist/ /bindings/java/nbproject/* !/bindings/java/nbproject/project.xml !/bindings/java/nbproject/project.properties # Windows build folders /win32/Debug_NoLibs/ /win32/*/Debug_NoLibs/ /win32/Debug/ /win32/Debug_PostgreSQL/ /win32/*/Debug/ /win32/*/Debug_PostgreSQL/ /win32/Release/ /win32/Release_PostgreSQL/ /win32/*/Release/ /win32/*/Release_PostgreSQL/ /win32/Release_NoLibs/ /win32/*/Release_NoLibs/ /win32/*/x64/ /win32/x64/ /win32/*/*.user win32/ipch win32/BuildErrors.txt win32/BuildErrors-64bit.txt win32/.vs win32/tsk-win.VC.VC.opendb win32/tsk-win.VC.db framework/msvcpp/framework/Debug/ framework/msvcpp/framework/Release/ framework/msvcpp/*/*.user framework/msvcpp/*/Debug/ framework/msvcpp/*/Release/ framework/msvcpp/BuildLog.txt framework/msvcpp/*/ipch framework/runtime/ framework/SampleConfig/to_install/ framework/modules/*/win32/Debug/ framework/modules/*/win32/Release/ framework/modules/*/win32/*.user framework/modules/c_InterestingFilesModule/tsk framework/config.h framework/tools/tsk_analyzeimg/tsk_analyzeimg framework/tools/tsk_validatepipeline/tsk_validatepipeline rejistry++/msvcpp/*/Debug rejistry++/msvcpp/*/Release rejistry++/msvcpp/*/Release_NoLibs rejistry++/msvcpp/*/x64 rejistry++/msvcpp/*/*.user rejistry++/msvcpp/rejistry++/ipch # Release files release/sleuthkit-* # IntelliSense data /win32/*.ncb /win32/*.sdf framework/msvcpp/framework/*.ncb framework/msvcpp/framework/*sdf rejistry++/msvcpp/rejistry++/*.ncb rejistry++/msvcpp/rejistry++/*sdf # Visual Studio user options /win32/tsk-win.suo framework/msvcpp/framework/*.suo rejistry++/msvcpp/rejistry++/*suo *.sln.cache win32/tsk-win.opensdf # Make crud *.o *.lo *.la *.jar Makefile .deps .libs *.swp #javadoc generated /bindings/java/javadoc # Files generated by running configure *.in stamp-h1 tsk/tsk_config.h tsk/tsk_incs.h aclocal.m4 autom4te.cache config.log config.status configure libtool m4/libtool.m4 m4/lt*.m4 config/* # Executables samples/callback_cpp_style samples/callback_style samples/posix_cpp_style samples/posix_style samples/*.exe tests/fs_attrlist_apis tests/fs_fname_apis tests/fs_thread_test tests/read_apis tests/*.exe tools/autotools/tsk_comparedir tools/autotools/tsk_gettimes tools/autotools/tsk_loaddb tools/autotools/tsk_recover tools/fiwalk/plugins/jpeg_extract tools/fiwalk/src/fiwalk tools/fiwalk/src/test_arff tools/fstools/blkcat tools/fstools/blkcalc tools/fstools/blkls tools/fstools/blkstat tools/fstools/fcat tools/fstools/ffind tools/fstools/fls tools/fstools/fsstat tools/fstools/icat tools/fstools/ifind tools/fstools/ils tools/fstools/istat tools/fstools/jcat tools/fstools/jls tools/hashtools/hfind tools/imgtools/img_cat tools/imgtools/img_stat tools/sorter/sorter tools/srchtools/sigfind tools/srchtools/srch_strings tools/timeline/mactime tools/vstools/mmcat tools/vstools/mmls tools/vstools/mmstat tools/*/*.exe tools/*/*/*.exe # EMACS backup files *~ # Mac Junk .DS_Store sleuthkit-sleuthkit-4.4.2/.travis.yml000066400000000000000000000000711314210574700176620ustar00rootroot00000000000000language: cpp script: ./bootstrap && ./configure && make sleuthkit-sleuthkit-4.4.2/API-CHANGES.txt000066400000000000000000000011551314210574700177750ustar00rootroot00000000000000Changes to make once we are ready to do a backwards incompatible change. - TSK_SERVICE_ACCOUNT to TSK_ACCOUNT - HashDB to use new TSK_BASE_HASHDB enum instead of its own ENUM - Java SleuthkitCase.addArtifactType should return different if artifact already exists or getArtifactId should.... - Java SleuthkitCase.findFilesWhere should return AbstractFile like findFiles - getUniquePath() should not throw exception. - findFilesInImage should return an enum like TskDB methods differentiating if any data was found or not. - remove addImageInfo in db_Sqlite that does not take MD5, and/or make it take IMG_INFO as argumentsleuthkit-sleuthkit-4.4.2/ChangeLog.txt000066400000000000000000000006011314210574700201400ustar00rootroot00000000000000This program does not distribute an official ChangeLog file. You can generate one from the subversion repository though using the following command: svn log http://svn.sleuthkit.org/repos/sleuthkit/ For a specific release, try something like: svn log http://svn.sleuthkit.org/repos/sleuthkit/tags/sleuthkit-3.0.0 and replace 3.0.0 with the version you are interested in. sleuthkit-sleuthkit-4.4.2/INSTALL.txt000066400000000000000000000076341314210574700174340ustar00rootroot00000000000000 The Sleuth Kit http://www.sleuthkit.org/sleuthkit Installation Instructions Last Modified: Oct 2012 REQUIREMENTS ============================================================================= Tested Platform: - FreeBSD 2-6.* - Linux 2.* - OpenBSD 2-3.* - Mac OS X - SunOS 4-5.* - Windows Build System (to compile from a source distribution): - C/C++ compiler - GNU Make - Java compiler / JDK (if you want the java bindings) Development System (to extend TSK or compile from the repository): - GNU autoconf, automake, and libtool - Plus the build system requirements Optional Programs: - Autopsy: Provides a graphical HTML-based interface to The Sleuth Kit (which makes it much easier to use). Install this AFTER installing The Sleuth Kit. Available at: http://www.sleuthkit.org/autopsy Optional Libraries: There are optional features that TSK can use if you have installed them before you build and install TSK. - AFFLIB: Allows you to process disk images that are stored in the AFF format. Version 3.3.6 has been tested to compile and work with this release. Available at: http://www.afflib.org - LibEWF: Allows you to process disk images that are stored in the Expert Witness format (EnCase Format). Version 20130128 has been tested to compile and work with this release. Available at: http://sourceforge.net/projects/libewf/ INSTALLATION ============================================================================= Refer to the README_win32.txt file for details on Windows. The Sleuth Kit uses the GNU autotools for building and installation. There are a few steps to this process. First, run the 'configure' script in the root TSK directory. See the CONFIGURE OPTIONS section for useful arguments that can be given to 'configure. $ ./configure If there were no errors, then run 'make'. If you do not have a 'configure' script, then it is probably because you cloned the source code repository. If so, you will need to have automake, autoconf, and libtool installed and you can create the configure script using the 'bootstrap' script in the root directory. $ make The 'make' process will take a while and will build the TSK tools. When this process is complete, the libraries and executables will be located in the TSK sub-directories. To install them, type 'make install'. $ make install By default, this will copy everything in to the /usr/local/ structure. So, the executables will be in '/usr/local/bin'. This directory will need to be in your PATH if you want to run the TSK commands without specifying '/usr/local/bin' everytime. If you get an error like: libtool: Version mismatch error. This is libtool 2.2.10, but the libtool: definition of this LT_INIT comes from libtool 2.2.4. libtool: You should recreate aclocal.m4 with macros from libtool 2.2.10 libtool: and run autoconf again. Run: ./bootstrap and then go back to running configure and make. To run 'bootstrap', you'll need to have the autotools installed (see the list at the top of this page). CONFIGURE OPTIONS ----------------------------------------------------------------------------- There are some arguments to 'configure' that you can supply to customize the setup. Currently, they focus on the optional disk image format libraries. --without-afflib: Supply this if you want TSK to ignore AFFLIB even if it is installed. --with-afflib=dir: Supply this if you want TSK to look in 'dir' for the AFFLIB installation (the directory should have 'lib' and 'include' directories in it). --without-ewf: Supply this if you want TSK to ignore libewf even if it is installed. --with-libewf=dir: Supply this if you want TSK to look in 'dir' for the libewf installation (the directory should have 'lib' and 'include' directories in it). ----------------------------------------------------------------------------- Brian Carrier carrier sleuthkit org sleuthkit-sleuthkit-4.4.2/Makefile.am000066400000000000000000000065201314210574700176120ustar00rootroot00000000000000# File that we want to include in the dist EXTRA_DIST = README_win32.txt README.md INSTALL.txt ChangeLog.txt NEWS.txt API-CHANGES.txt \ licenses/GNU-COPYING licenses/IBM-LICENSE licenses/cpl1.0.txt \ m4/*.m4 \ docs/README.txt \ packages/sleuthkit.spec \ win32/BUILDING.txt \ win32/NOTES.txt \ win32/*/*.vcxproj \ win32/tsk-win.sln \ win32/docs/* \ bindings/java/README.txt \ bindings/java/*.xml \ bindings/java/doxygen/Doxyfile \ bindings/java/doxygen/*.dox \ bindings/java/doxygen/*.html \ bindings/java/nbproject/project.xml \ bindings/java/src/org/sleuthkit/datamodel/*.java \ bindings/java/src/org/sleuthkit/datamodel/*.html \ bindings/java/src/org/sleuthkit/datamodel/*.properties \ bindings/java/src/org/sleuthkit/datamodel/Examples/*.java \ bindings/java/src/*.html \ framework/*.txt \ framework/Makefile.am \ framework/bootstrap \ framework/config/* \ framework/config.h.in \ framework/configure.ac \ framework/m4/* \ framework/tsk/framework/*.h \ framework/tsk/framework/Makefile.am \ framework/tsk/framework/extraction/Makefile.am \ framework/tsk/framework/extraction/*.cpp \ framework/tsk/framework/extraction/*.h \ framework/tsk/framework/file/Makefile.am \ framework/tsk/framework/file/*.cpp \ framework/tsk/framework/file/*.h \ framework/tsk/framework/pipeline/Makefile.am \ framework/tsk/framework/pipeline/*.cpp \ framework/tsk/framework/pipeline/*.h \ framework/tsk/framework/services/Makefile.am \ framework/tsk/framework/services/*.cpp \ framework/tsk/framework/services/*.h \ framework/tsk/framework/utilities/Makefile.am \ framework/tsk/framework/utilities/*.cpp \ framework/tsk/framework/utilities/*.h \ framework/modules/* \ framework/SampleConfig/*.xml \ framework/docs/* \ framework/man/* \ framework/tools/tsk_analyzeimg/Makefile.am \ framework/tools/tsk_analyzeimg/*.cpp \ framework/tools/tsk_validatepipeline/Makefile.am \ framework/tools/tsk_validatepipeline/*.cpp \ framework/tools/Makefile.am \ framework/msvcpp/*/*.vcxproj \ framework/msvcpp/*/*.sln \ framework/msvcpp/Makefile ACLOCAL_AMFLAGS = -I m4 # directories to compile if CPPUNIT UNIT_TESTS=unit_tests endif # Compile java bindings if all of the dependencies existed if X_JNI JAVA_BINDINGS=bindings/java else JAVA_BINDINGS= endif SUBDIRS = tsk tools tests samples man $(UNIT_TESTS) $(JAVA_BINDINGS) nobase_include_HEADERS = tsk/libtsk.h tsk/tsk_incs.h \ tsk/base/tsk_base.h tsk/base/tsk_os.h \ tsk/img/tsk_img.h tsk/vs/tsk_vs.h \ tsk/vs/tsk_bsd.h tsk/vs/tsk_dos.h tsk/vs/tsk_gpt.h \ tsk/vs/tsk_mac.h tsk/vs/tsk_sun.h \ tsk/fs/tsk_fs.h tsk/fs/tsk_ffs.h tsk/fs/tsk_ext2fs.h tsk/fs/tsk_fatfs.h \ tsk/fs/tsk_ntfs.h tsk/fs/tsk_iso9660.h tsk/fs/tsk_hfs.h tsk/fs/tsk_yaffs.h \ tsk/fs/tsk_exfatfs.h tsk/fs/tsk_fatxxfs.h \ tsk/hashdb/tsk_hashdb.h tsk/auto/tsk_auto.h \ tsk/auto/tsk_is_image_supported.h nobase_dist_data_DATA = tsk/sorter/default.sort tsk/sorter/freebsd.sort \ tsk/sorter/images.sort tsk/sorter/linux.sort tsk/sorter/openbsd.sort \ tsk/sorter/solaris.sort tsk/sorter/windows.sort api-docs: doxygen tsk/docs/Doxyfile # doxygen framework/docs/Doxyfile cd bindings/java/doxygen; doxygen Doxyfile man-html: cd man;build-html sleuthkit-sleuthkit-4.4.2/NEWS.txt000066400000000000000000002361401314210574700170760ustar00rootroot00000000000000Numbers refer to SourceForge.net tracker IDs: http://sourceforge.net/tracker/?group_id=55685 ---------------- VERSION 4.4.2 -------------- New Features: - usnjls tool for NTFS USN log (from noxdafox) - Added index to mime type column in DB - Use local SQLite3 if it exists (from uckelman-sf) - Blackboard Artifacts have a shortDescription metho Bug Fixes: - Fix for highest HFS+ inum lookup (from uckelman-sf) - Fix ISO9660 crash - various performance fixes and added thread safety checks ---------------- VERSION 4.4.1 -------------- - New Features: -- Can create a sparse VHD file when reading a local drive with new IMAGE_WRITER structure. Currently being used by Autopsy, but no TSK command line tools. - Bug fixes: -- Lots of cleanup and fixes. Including: -- memory leaks -- UTF8 and UTF16 cleanup -- Missing NTFS files (in fairly rare cases) -- Really long folder structures and database inserts ---------------- VERSION 4.4.0 -------------- - Compiling in Windows now uses Visual Studio 2015 - tsk_loaddb now adds new files for slack space and JNI was upgraded accordingly. ---------------- VERSION 4.3.1 -------------- - NTFS works on 4k sectors - Added support in Java to store local files in encoded form (XORed) - Added Java Account object into datamodel - Added notion of a review status to blackboard artifacts - Upgraded version of PostgreSQL - Various minor bug fixes ---------------- VERSION 4.3.0 -------------- - PostgreSQL support (Windows only) - New Release_ NoLibs Visual Studio target - Support for virtual machine formats via libvmdk and libvhdi (Windows only) - Schema updates (data sources table, mime type, attributes store type) - tsk_img_open can take externally created TSK_IMG_INFO - Various minor bug fixes ---------------- VERSION 4.2.0 -------------- - ExFAT support added - New database schema - New Sqlite hash database - Various bug fixes - NTFS pays more attention to sequence and loads metadata only if it matches. - Added secondary hash database index ---------------- VERSION 4.1.3 -------------- - fixed bug that could crash UFS/ExtX in inode_lookup. - More bounds checking in ISO9660 code - Image layer bounds checking - Update version of SQLITE-JDBC - changed how java loads navite libraries - Config file for YAFFS2 spare area - New method in image layer to return names - Yaffs2 cleanup. - Escape all strings in SQLite database - SQlite code uses NTTFS sequence number to match parent IDs ---------------- VERSION 4.1.2 -------------- Core: - Fixed more visual studio projects to work on 64-bit - TskAutoDB considers not finding a VS/FS a critical error. Java: - added method to Image to perform sanity check on image sizes. fiwalk: - Fixed compile error on Linux etc. ---------------- VERSION 4.1.1 -------------- Core: - Added FILE_SHARE_WRITE to all windows open calls. - removed unused methods in CRC code that caused compile errors. - Added NTFS FNAME times to time2 struct in TSK_FS_META to make them easier to access -- should have done this a long time ago! - fls -m and tsk_gettimes output NTFS FNAME times to output for timelines. - hfind with EnCase hashsets works when DB is specified (and not only index) - TskAuto now goes into UNALLOC partitions by default too. - Added support to automatically find all Cellebrite raw dump files given the name of the first image. - Added 64-bit windows targets to VisualStudio files. - Added NTFS sequence to parent address in directory and directory itself. - Updated SQLite code to use sequence when finding parent object ID. Java: - Java bindings JAR files now have native libraries in them. - Logical files are added with a transaction ---------------- VERSION 4.1.0 -------------- Core: - Added YAFFS2 support (patch from viaForensics). - Added Ext4 support (patch from kfairbanks) - changed all include paths to be 'tsk' instead of 'tsk3' -- IMPORTANT FOR ALL DEVELOPERS! Framework: - Added Linux and MAC support. - Added L01 support. - Added APIs to find files by name, path and extension. - Removed deprecated TskFile::getAttributes methods. - moved code around for AutoBuild tool support. Java Bindings: - added DerivedFile datamodel support - added a public method to Content to add ability to close() its tsk handle before the object is gc'd - added faster skip() and random seek support to ReadContentInputStream - refactored datamodel by pushing common methods up to AbstractFile - fixed minor memory leaks - improved regression testing framework for java bindings datamodel ---------------- VERSION 4.0.2 -------------- Core: New Features: - Added fiwalk tool from Simson. Not supported in Visual Studio yet. Bug Fixes: - Fixed fcat to work on NTFS files (still doesn't support ADS though). - Fixed HFS+ support in tsk_loaddb / SQLite -- root directory was not added. - NTFS code now looks at all MFT entries when listing directory contents. It used to only look at unallocated entries for orphan files. This fixes an image that had allocated files missing from the directory b-tree. - NTFS code uses sequence number when searching MFT entries for all files. - Libewf detection code change to support v2 API more reliably (ID: 3596212). - NTFS $SII code could crash in rare cases if $SDS was multiple of block size. Framework: - Added new API to TskImgDB that returns the base name of an image. - Numerous performance improvements to framework. - Removed requirement in framework to specify module extension in pipeline configuration file. - Added blackboard artifacts to represent both operating system and network service user accounts. Java Bindings: - added more APIs to find files by name, path and where clause - added API to get currently processed dir when image is being added, - added API to return specific types of children of image, volume system, volume, file system. - moved more common methods up to Content interface - deprecated context of blackboard attributes, - deprecated SleuthkitCase.runQuery() and SleuthkitCase.closeRunQuery() - fixed ReadContentInputStream bugs (ignoring offset into a buffer, implementing available() ) - methods that are lazy loading are now thread safe - Hash class is now thread-safe - use more PreparedStatements to improve performance - changed source level from java 1.6 to 1.7 - Throw exceptions from C++ side better ---------------- VERSION 4.0.1 -------------- New Features: - Can open raw Windows devices with write mode sharing. - More DOS partition types are displayed. - Added fcat tool that takes in file name and exports content (equivalent to using ifind and icat together). - Added new API to TskImgDB that returns hash value associated with carved files. - performance improvements with FAT code (maps and dir_add) - performance improvements with NTFS code (maps) - added AONLY flag to block_walk - Updated blkls and blkcalc to use AONLY flag -- MUCH faster. Bug Fixes: - Fixed mactime issue where it could choose the wrong timezone that did not follow daylight savings times. - Fixed file size of alternate data streams in framework. - Incorporated memory leak fixes and raw device fixes from ADF Solutions. ---------------- VERSION 4.0.0 -------------- New Features: - Added multithreaded support - Added C++ wrapper classes - Added JNI bindings / Java data model classes - 3314047: Added utf8-specific versions of 'toid' methods for img,vs,fs types - 3184429: More consistent printing of unset times (all zerso instead of 1970) - New database design that allows for multiple images in the same database - GPT volume system tries other sector sizes if first attempt fails. - Added hash calculation and lookup to AutoDB and JNI. - Upgraded SQLite to 3.7.9. - Added Framework in (windows-only) - EnCase hash support - Libewf v2 support (it is now non-beta) - First file in a raw split or E01 can be specified and the rest of the files are found. - mactime displays times as 0 if the time is not set (isntead of 1970) - Changed behavior of 'mactime -y' to use ISO8601 format. - Updated HFS+ code from ATC-NY. - FAT orphan file improvements to reduce false positives. - TskAuto better reports errors. - Upgrade build projects from Visual Studio 2008 to 2010. Bug Fixes: - Relaxed checking when conflict exists between DOS and GPT partitions. Had a Mac image that was failing to resolve which partition table to use. ---------------- VERSION 3.2.3 -------------- New Features: - new TskAuto method (handleNotification()) that gets verbose messages that allow for debugging when the class makes decisions. - DOS partitions are loaded even if an extended partition fails to load - new TskAuto::findFilesInFs(TSK_FS_INFO *) method - Need to only specify first E01 file and the rest are found - Changed docs license to non-commercial - Unicode conversion routines fix invalid UTF-16 text during conversion - Added '-d' to tsk_recover to specify directory to recover Bug Fixes: - Added check to fatfs_open to compare first sectors of FAT if we used backup boot sector and verify it is FAT32. - More checks to make sure that FAT short names are valid ASCII - 3406523: Mactime size sanity check - 3393960: hfind reading of Windows input file - 3316603: Error reading last blocks of RAW CD images - Fixed bugs in how directories and files were detected in TskAuto ---------------- VERSION 3.2.2 -------------- Bug Fixes - 3213886: ISO9660 directory hole not advancing - 3173095 contd: Updated checks so that tougher FAT checks are applied to deleted directories. - 3303678: Image type in Sqlite DB is now not always 0 - 3303679: Deleted FAT files have more name cleanup in short names New Features: - 3213888: RAW CD format - Auto class accepts TSK_IMG_INFO as argument - Copies of split image file names are stored in TSK so that the caller can free them before TSK_IMG_INFO is freed. ---------------- VERSION 3.2.1 -------------- Bug Fixes - 3108272: fls arguments for -d and -u - 3105539: compile error issues because of SQlite and pthreads - 3173095: missing FAT files because of invalid dates. - 3184419: mingew compile errors. - 3191391: surround file name in quotes in mactime -d csv output New Features: - A single dummy entry is added to the SQlite DB if no volume exists so that all programs can assume that there will be at least one volume in the table. - 3184455: allow srcdir != builddir ---------------- VERSION 3.2.0 -------------- Bug Fixes - 3043092: Minor logic errors with ifind code. - FAT performance fix when looking for parent directories in $OrphanFiles. - 3052302: Crash on NTFS/UFS detection test because of corrupt data -- tsk_malloc error. - 3088447: Error adding attribute because of run collision. Solved by assigning unique IDs. New Features: - 3012324: Name mangling moved out of library into outer tools so that they can see control characters if they want to. Patch by Anthony Lawrence. - 2993806: ENUM values have a specified NONE value if you don't want to specify any special flags. Patch by Anthony Lawrence. - 3026989: Add -e and -s flags to img_cat. patch by Simson Garfinkel. - 2941805: Add case sensitive flag to fsstat in HFS. Patch by Rob Joyce. - 3017764: Changed how default NTFS $DATA attribute was named. Now it has no name, while it previously had a fake name of "$Data". - New TskAuto class. - New tsk_loaddb, tsk_recover, tsk_comparedir, and tsk_gettimes tools. ---------------- VERSION 3.1.3 -------------- Bug Fixes - 3006733: FAT directory listings were slow because the inner code was not stopping when it found the parent directory. - Adjusted sanity / testing code on FAT directory entries to allow non-ascii in extensions and reject entries with lots of 0s. - 3023606: Ext2 / ffs corrupted file names. - Applied NTFS SID fixes from Mandiant. - ntfs_load_secure() memory leak patch from Michael Cohen ---------------- VERSION 3.1.2 -------------- Bug Fixes - 2982426: FAT directory listings were slow because the entire image was being scanned for parent directory information. - 2982965: fs_attr length bug fix. - 2988619: mmls -B display error. - 2988330: ntfs SII cluster size increment bug - 2991487: Zeroed content in NTFS files that were not fully initialized. - 2993767: Slow FAT listings of OrphanFiles because hunt for parent directory resulted in many searches for OrphanFiles. Added cache of OrphanFiles. - 2999567: ifind was not stopping after first hit. - 2993804: read past end of file did not always return -1. ---------------- VERSION 3.1.1 -------------- Bug Fixes - 2954703: ISO9660 missing files because duplicate files had same starting block. - 2954707: ISO9660 missing some files with zero length and duplicate starting block. Also changed behavior of how multiple volume descriptors are processed. - 2955898: Orphan files not found if no deleted file names exist. - 2955899: NTFS internal setting of USED flag. - 2972721: Sorter fails with hash lookup if '-l' is given. - 2941813: Reverse HFS case sensitive flags (internal fix only) - 2954448: Debian package typo fixes, etc. - 2975245: sorter ignores realloc entries to reduce misleading mismatch entries and duplicate entries. ---------------- VERSION 3.1.0 -------------- New Features and Changes - 2206285: HFS+ can now be read. Lots of tracker items about this. Thanks to Rob Joyce and ATC-NY for many of the patches and reports. - 2677069: DOS Safety Partitions in GPT Volume Systems are better detected instead of reporting multiple VSs. - Windows executables can be build in Visual Studio w/out needing other image format libraries. - 2367426: Uninitialized file space is shown if slack space is requested. - 2677107 All image formats supported by AFFLIB can be accessed by specifying the "afflib" type. - 2206265: sigfind can now process non-raw files. - 2206331: Indirect block addresses are now available in the library and command line tools. They are stored in a different attribute. - Removed 'docs' files and moved them to the wiki. - Removed disk_stat and disk_sreset because they were out of date and hdparm now has the same functionality. - 2874854: Image layer tools now support non-512 byte device sector sizes. Users can specify sector size using the -b argument to the command line tools. This has several consequences: -- 'mmls -b' is now 'mmls -B'. Similarly with istat -b. -- Changed command line format for '-o' so that sector size is specified only via -b and not using '-o 62@4096'. - 2874852: Sanity checking on partition table entires is relaxed and only first couple of partitions are checked to make sure that they can fit into the image. - 2895607: NTFS SID data is available in the library and 'istat'. - 2206341: AFF encrypted images now give more proper error message if password is not given. - 2351426: mactime is now distributed with Windows execs. Developer-level Changes - Abstracted name comparison to file system-specific function. - Added support in mactime to read body files with comment lines. - 2596153: Changed img_open arguments, similar to getopt(). - 2797169: tsk_fs_make_ls is now supported as an external library function. Now named tsk_fs_meta_make_ls. - 2908510: Nanosecond resolution of timestamps is now available. - 2914255: Version info is now available in .h files in both string and integer form. Bug Fixes: - 2568528: incorrect adjustment of attribute FILLER offset. - 2596397: Incorrect date sorting in mactime. - 2708195: Errors when doing long reads in fragmented attributes. - Fixed typo bugs in sorter (reported via e-mail by Drew Hunt). - 2734458: added orphan cache map to prevent slow NTFS listing times. - 2655831: Sorter now knows about the ext2 and ext3 types. - 2725799: ifind not converting UTF16 names properly on Windows because it was using endian ordering of file system and not local system. - 2662168: warning messages on macs when reading the raw character device. - 2778170: incorrect read size on resident attributes. - 2777633: missing second resolution on FAT creation times. - Added the READ_SHARE option to the CreateFile command for split image files. Patch by Christopher Siwy. - 2786963: NTFS compression infinite loop fix. - 2645156: FAT / blkls error getting slack because allocsize was being set too small (and other values were not being reset). - 2367426: Zeros are set for VDL slack on NTFS files. - 2796945: Inifite loop in fs_attr. - 2821031: Missing fls -m fields. - 2840345: Extended DOS partitions in extended partitions are now marked as Meta. - 2848162: Reading attributes at offsets that are on boundary of run fragment. - 2824457: Fixed issue reading last block of file system with blkcat. - 2891285: Fixed issue that prevented reads from the last block of a file system when using the POSIX-style API. - 2825690: Fixed issue that prevented blkls -A from working. - 2901365: Allow FAT files to have a 0 wdate. - 2900761: Added FAT directory sanity checks to prevent infinite loops. - 2895607: Fixed various memory leaks. - 2907248: Fixed image layer cache crash. - 2905750: all file system read() functions now return -1 when offset given is past end of file. ---------------- VERSION 3.0.1 -------------- 11/11/08: Bug Fix: Fixed crashing bug in ifind on FAT file system. Bug: 2265927 11/11/08: Bug Fix: Fixed crashing bug in istat on ExtX $OrphanFiles dir. Bug: 2266104 11/26/08: Update: Updated fls man page. 11/30/08: Update: Removed TODO file and using tracker for bugs and feature requests. 12/29/08: Bug Fix: Fixed incorrectly setting block status in file_walk for compressed files (Bug: 2475246) 12/29/08: Bug Fix: removed fs_info field from FS_META because it was not being set and should have been removed in 3.0. Reported by Rob Joyce and Judson Powers. 12/29/08: Bug Fix: orphan files and NTFS files found via parent directory have an unknown file name type (instead of being equal to meta type). (Bug: 2389901). Reported by Barry Grundy. 1/12/09: Bug Fix: Fixed ISO9660 bug where large directory contents were not displayed. (Bug: 2503552). Reported by Tom Black. 1/24/09: Bug Fix: Fixed bug 2534449 where extra NTFS files were shown if the MFT address was changed to 0 because fs_dir_add was checking the address and name. Reported by Andy Bontoft. 1/29/09: Update: Fixed fix for bug 2534449. The fix is in ifind instead of fs_dir_add(). 2/2/09: Update: Added RPM spec file from Morgan Weetmam. ---------------- VERSION 3.0.0 -------------- 0/00/00: Update: Many, many, many API changes. 2/14/08: Update: Added mmcat tool. 2/26/08: Update: Added flags to mmls to specify partition types. 3/1/08: Update: Major update of man pages. 4/14/08: Bug Fix: Fixed the calculation of "actual" last block. Off by 1 error. Reported by steve. 5/23/08: Bug Fix: Incorrect malloc return check in srch_strings. reported by Petri Latvala. 5/29/08: Bug Fix: Fixed endian ordering bug in ISO9660 code. Reported by Eduardo Aguiar de Oliveira. 6/17/08: Update: 'sorter' now uses the ifind method for finding deleted NTFS files (like Autopsy) does instead of relying on fls. Reported by John Lehr. 6/17/08: Update: 'ifind -p' reports data on ADS. 7/10/08: Update: FAT looks for a backup boot sector in FAT32 if magic is 0 7/21/08: Bug Fix: Changed define of strcasecmp to _stricmp instead of _strnicmp in Windows. (reported by Darren Bilby). 7/21/08: Bug Fix: Fall back to open "\\.\" image files on Windows with SHARE_WRITE access so that drive devices can be opened. (reported by Darren Bilby). 8/20/08: Bug Fix: Look for Windows objects when opening files in Cygwin, not just Win32. Reported by Par Osterberg Medina. 8/21/08: Update: Renamed library and install header files to have a '3' in them to allow parallel installations of v2 and v3. Suggested by Simson Garfinkel. 8/22/08: Update: Added -b option to sorter to specify minimum file size to process. Suggested by Jeff Kell. 8/22/08: Update: Added libewf as a requirement to build win32 so that E01 files are supported. 8/29/08: Update: Added initial mingw patches for cross compiling and Windows. Patches by Michael Cohen. 9/X/08: Update: Added ability to access attibutes 9/6/08: Update: Added image layer cache. 9/12/08: Bug Fix: Fixed crash from incorrectly cleared value in FS_DIR structure. Reported and patched by Jason Miller. 9/13/08: Update: Changed d* tool names to blk*. 9/17/08: Update: Finished mingw support so that both tools and library work with Unicode file name support. 9/22/08: Update: Added new HFS+ code from Judson Powers and Rob Joyce (ATC-NY) 9/24/08: Bug Fix: Fixed some cygwin compile errors about types on Cygwin. Reported by Phil Peacock. 9/25/08: Bug Fix: Added O_BINARY to open() in raw and split because Cygwin was having problems. Reported by Mark Stam. 10/1/08: Update: Added ifndef to TSK_USE_HFS define to allow people to define it on the command line. Patch by RB. ---------------- VERSION 2.52 -------------- 2/12/08: Bug Fix: Fixed warning messages in mactime about non-Numeric data. Reported by Pope. 2/19/08: Bug Fix: Added #define to tsk_base_i.h to define LARGEFILE64_SOURCE based on LARGEFILE_SOURCE for older Linux systems. 2/20/08: Bug Fix: Updated afflib references and code. 3/13/08: Update: Added more fixes to auto* so that AFF will compile on more systems. I have confirmed that AFFLIB 3.1.3 will run with OS X 10.4.11. 3/14/08: Bug Fix: Added checks to FAT code that calcs size of directories. If starting cluster of deleted dir points into a cluster chain, then problems can occur. Reported by John Ward. 3/19/08: Update: I have verified that this compiles with libewf-20070512. 3/21/08: Bug Fix: Deleted Ext/FFS directories were not being recursed into. This case was rare (because typically the metadata are wiped), but possible. Reported by JWalker. 3/24/08: Update: I have verified that this compiles with libewf-20080322. Updates from Joachim Metz. 3/26/08: Update: Changed some of the header file design for the tools so that the define settings in tsk_config.h can be used (for large files). 3/28/08: Update: Added config.h reference to srch_strings to get the LARGEFILE support. 4/5/08: Update: Improved inode argument number parsing function. ---------------- VERSION 2.51 -------------- 1/30/08: Bug Fix: Fixed potential infinite loop in fls_lib.c. Patch by Nathaniel Pierce. 2/7/08: Bug Fix: Defined some of the new constants that are used in disktools because older Linux distros did not define them. Reported by Russell Reynolds. 2/7/08: Bug Fix: Modified autoconf to check for large file build requirements and look for new 48-bit structures needed by disktools. Both of these were causing problems on older Linux distros. 2/7/08: Update: hfind will normalize hash values in database so that they are case insensitive. ---------------- VERSION 2.50 -------------- 12/19/07: Update: Finished upgrade to autotools building design. No longer include file, afflib, libewf. Resulted in many source code layout changes and sorter now searches for md5, sha1, etc. ---------------- VERSION 2.10 -------------- 7/12/07: Update: 0s are returned for AFF pages that were not imaged. 7/31/07: Bug Fix: ifind -p could crash if a deleted file name was found that did not point to a valid meta data stucture. (Reported by Andy Bontoft) 8/5/07: Update: Added NSRL support back into sorter. 8/15/07: Update: Errors are given if supplied sector offset is larger than disk image. Reported by Simson Garfinkel. 8/16/07: Update: Renamed MD5 and SHA1 functions to TSK_MD5_.. and TSK_SHA_.... 8/16/07: Update: tsk_error_get() does not reset the error messages. 9/26/07: Bug Fix: Changed FATFS check for valid dentries to consider second values of 30. Reported by Alessandro Camillo. 10/18/07: Update: inode_walk for NTFS and FAT will not abort if data corruption is found in one entry -- instead they will just skip it. 10/18/07: Update: tsk_os.h uses standard gcc system names instead of TSK specific ones. 10/18/07: Update: Updated raw.c to use ioctl commands on OS X to get size of raw device because it does not work with SEEK_END. Patch by Rob Joyce. 10/31/07: Update: Finished upgrade to fatfs_file_walk_off so that walking can start at a specific offset. Also finished upgrade that caches FAT run list to make the fatfs_file_walk_off more efficient. 11/14/07: Update: Fixed few places where off_t was being used instead of OFF_T. Reported by GiHan Kim. 11/14/07: Update: Fixed a memory leak in aff.c to free AFF_INFO. Reported by GiHan Kim. 11/24/07: Update: Finished review and update of ISO9660 code. 11/26/07: Bug Fix: Fixed 64-bit calculation in HFS+ code. Submitted by Rob Joyce. 11/29/07: Update: removed linking of srch_strings.c and libtsk. Reported by kwizart. 11/30/07: Upate: Made a #define TSK_USE_HFS compile flag for incorporating the HFS support (flag is in src/fstools/fs_tools_i.h) 11/30/07: Update: restricted the FAT dentry sanity checks to verify space padding in the name and latin-only extensions. 12/5/07: Bug Fix: fs_read_file_int had a bug that ignored the type passed for NTFS files. Reported by Dave Collett. 12/12/07: Update: Changed teh FAT dentry sanity checks to allow spaces in volume labels and do more checking on the attribute flag. ---------------- VERSION 2.09 -------------- 4/6/07: Bug Fix: Inifite loop in ext2 and ffs istat code because of using unsigned size_t variable. Reported by Makoto Shiotsuki. 4/16/07: Bug Fix: Changed use of fseek() to fseeko() in hashtools. Patch by Andy Bontoft. 4/16/07: Bug Fix: Changed Win32 SetFilePointer to use LARGE_INTEGER. Reported by Kim GiHan. 4/19/07: Bug Fix: Not all FAT orphan files were being found because of and offset error. 4/26/07: Bug Fix: ils -O was not working (link value not being checked). Reported by Christian Perst. 4/27/07: Bug Fix: ils -r was showing UNUSED inodes. Reported by Christian Perst. 5/10/07: Update: Redefined the USED and UNUSED flags for NTFS so that UNUSED is set when no attributes exist. 5/16/07: Bug Fix: Fixed several bounds checking bugs that may cause a crash if the disk image is corrupt. Reported by Tim Newsham (iSec Partners) 5/17/07: Update: Updated AFFLIB to 2.2.11 5/17/07: Update: Updated libewf to libewf-20070512 5/17/07: Update: Updated file to 4.20 5/29/07: Update: Removed NTFS SID/SDS contributed code because it causes crashes on some systems and its output is not entirely clear. (most recent bug reported by Andy Scott) 6/11/07: Update: Updated AFFLIB to 2.2.12. 6/12/07: Bug Fix: ifind -p was not reporting back info on the allocated name when one existed (because strtok was overwritting the name when the search continued). Reported by Andy Bontoft. 6/13/07: Update: Updated file to 4.21 ---------------- VERSION 2.08 -------------- 12/19/06: Bug Fix: ifind_path was not setting *result when root inode was searched for. patch by David Collett. 12/29/06: Update: Removed 'strncpy' in ntfs.c to manual assignment of text for '$Data' and 'N/A' for performance reasons. 1/11/07: Update: Added duname to FS_INFO that contains a string of name for a file system's data unit -- Cluster for example. 1/19/07: Bug Fix: ifind_path was returning an error even after some files were found. Errors are now ignored if a file was found. Reported by Michael Cohen. 1/26/07: Bug Fix: Fixed calcuation of inode numbers in fatfs.c (reported by Simson Garfinkel). 2/1/07: Update: Changed aff-install to support symlinked directory. 2/1/07: Update: img_open modified so that it does not report errors for s3:// and http:// files that do not exist. 2/5/07: Update: updated *_read() return values to look for "<0" instead of simply "== -1". (suggested by Simson Garfinkel). 2/8/07: Update: removed typedef for uintptr in WIN32 code. 2/13/07: Update: Applied patch from Kim Kulak to update HFS+ code to internal design changes. 2/16/07: Update: Renamed many of the external data structures and flags so that they start with TSK_ or tsk_ to prevent name collisions. 2/16/07: Update: Moved MD5 and SHA1 routines and binaries to auxtools instead of hashtools so that they are more easy to access. 2/16/07: Update: started redesign and port of hashtools. 2/21/07: Update: Changed inode_walk callback API to remove the flags variable -- this was redundant since flags are also in TSK_FS_INODE. Same for TSK_FS_DENT. 3/7/07: Bug Fix: fs_read_file failed for NTFS resident files. Reported by Michael Cohen. 3/8/07: Bug Fix: FATFS assumed a 512-byte sector in a couple of locations. 3/13/07: Update: Finished hashtools update. 3/13/07: Update: dcat reads block by block instead of all at once. 3/23/07: Update: Change ntfs_load_secure to allocate all of its needed memory at once instead of doing reallocs. 3/23/07: Update: Updated AFFLIB to 2.2.0 3/24/07: Bug Fix: Fixed many locations where return value from strtoull was not being properly checked and therefore invalid numbers were not being detected. 3/24/07: Bug Fix: A couple of error messages in ntfs_file_walk should have been converted to _RECOVER when the _RECOVERY flag was given. 3/24/07: Update: Changed behavior of ntfs_file_walk. If no type is given, then a default type is chosen for files and dirs. Now, no error is generated if that type does not exist -- similar to how no error is generated if a FAT file has 0 file size. 3/26/07: Update: cleaned up and documented fs_data code more. 3/29/07: Update: Updated AFF to 2.2.2. 3/29/07: Update: Updated install scripts for afflib, libewf, and file to touch files so that the auto* files are in the correct time stamp order. 4/5/07: Bug Fix: Added sanity checks to offsets and addresses in ExtX and UFS group descriptors. Reported by Simson Garfinkel. ---------------- VERSION 2.07 -------------- 9/6/06: Update: Changed TCHAR and _T to TSK_TCHAR and _TSK_T to avoid conflicts with other libraries. 9/18/06: Update: Added tsk_list_* functions and structures. 9/18/06: Update: Added checks for recursive FAT directories. 9/20/06: Update: Changed FS_META_* flags for LINK and UNLINK and moved them to ILS_? flags. 9/20/06: Update: added flags to ils to find only orphan inodes. 9/20/06: Update: Added Orphan support for FAT, NTFS, UFS, Ext2, ISO. 9/20/06: Update: File walk actions now have a flag to identify if a block is SPARSE or not (used to identify if the address being passed is valid or made up). 9/21/06: Update: Added file size sanity check to fatfs_is_dentry and fixed assignment of fatfs->clustcnt. 9/21/06: Update: block_, inode, and dent_walk functions now do more flag checking and make sure that some things are set instead of making the calling code do it. 9/21/06: Update: Added checks for recursive (infinite loop) NTFS, UFS, ExtX, and ISO9660 directories. 9/21/06: Update Added checks to make sure that walking the FAT for files and directories would result in an infinite loop (if FAT is corrupt). 9/21/06: Update: Added -a and -A to dls to specify allocated and unallocated blocks to display. 9/21/06: Update: Updated AFFLIB to 1.6.31. 9/22/06: Update: added a fs_read_file() function that allows you to read random parts of a file. 10/10/06: Update: Improved performance of fs_read_file() and added new FS_FLAG_META_COMP and FS_FLAG_DATA_COMP flags to show if a file and data are using file system-level compression (NTFS only). 10/18/06: Bug fix: in fs_data_put_run, added a check to see if the head was null before looking up. An extra error message was being created for nothing. 10/18/06: Bug Fix: Added a check to the compression buffer to see if it is null in _done(). 10/25/06: Bug Fix: Added some more bounds checks to NTFS uncompression code. 11/3/06: Bug Fix: added check to dcat_lib in case the number of blocks requested is too large. 11/07/06: Update: Added fs_read_file_noid wrapper around fs_read_file interface. 11/09/06: Update: Updated AFF to 1.7.1 11/17/06: Update: Updated libewf to 20061008-1 11/17/06: Bug Fix: Fixed attribute lookup bug in fs_data_lookup. Patch by David Collett. 11/21/06: Bug Fix: Fixed fs_data loops that were stopping when they hit an unused attribute. Patch by David Collett. 11/21/06: Bug Fix: sorter no longer clears the path when it starts. THis was causing errors on Cygwin because OpenSSL libraries could not be found. 11/22/06: Update: Added a tskGetVersion() function to return the string of the current version. 11/29/06: Update: Added more tsk_error_resets to more places to prevent extra error messages from being displayed. 11/30/06: Update: Added Caching to the getFAT function and to fs_read. 12/1/06: Update: Changed TSK_LIST to a reverse sorted list of buckets. 12/5/06: Bug Fix: Fixed FS_DATA_INUSE infinite loop bug. 12/5/06: Bug Fix: Fixed infinite loop bug with NTFS decompression code. 12/5/06: Update: Added NULL check to fs_inode_free (from Michael Cohen). 12/5/06: Update: Updated ifind_path so that an allocated name will be shown if one exists -- do not exit if we find simply an unallocated entry with an address of 0. Suggested by David Collett. 12/6/06: Update: Updated file to version 4.18. 12/6/06: Update: Updated libaff to 2.0a10 and changed build process accordingly. 12/7/06: Update: Added a tsk_error_get() function that returns a string with the error messages -- can be used instead of tsk_error_print. 12/7/06: Update: fixed some memory leaks in FAT and NTFS code. 12/11/06: Bug Fix: fatfs_open error message code referenced a value that was in freed memory -- reordered statements. 12/15/06: Update: Include VCProj files in build. ---------------- VERSION 2.06 -------------- 8/11/06: Bug Fix: Added back in ASCII/UTF-8 checks to remove control characters in file names. 8/11/06: Bug Fix: Added support for fast sym links in UFS1 8/11/06: Update: Redesigned the endian support so that getuX takes only the endian flag so that the Unicode design could be changed as well. 8/11/06: Update: Redesigned the Unicode support so that there is a tsk_UTF... routine instead of fs_UTF... 8/11/06: Update: Updated GPT to fully convert UTF16 to UTF8. 8/11/06: Update: There is now only one aux_tools header file to include instead of libauxtools and/or aux_lib, which were nearly identical. 8/16/06: Bug Fix: ntfs_dent_walk could segfault if two consecutive unallocated entries were found that had an MFT entry address of 0. Reported by Robert-Jan Mora. 8/16/06: Update: Changed a lot of the header files and reduced them so that it is easier to use the library and only one header file needs to be included. 8/21/06: Update: mmtools had char * instead of void * for walk callback 8/22/06: Update: Added fs_load_file function that returns a buffer full with the contents of a file. 8/23/06: Update: Upgraded AFFLIB to 1.6.31 and libewf to 20060820-1. 8/25/06: Update: Created printf wrappers so that output is UTF-16 on Windows and UTF-8 on Unix. 8/25/06: Update: Continued port to Windows by starting to use more TCHARS and defining needed macros for the Unix side. 8/25/06: Bug Fix: Fixed crash that could occur because of SDS code in NTFS. (reported by Simson Garfinkel) (BUG: 1546925). 8/25/06: Bug Fix: Fixed crash that could occur because path stack became corrupt with deep directories or corrupt images. (reported by Simson Garfinkel) (BUG: 1546926). 8/25/06: Bug Fix: Fixed infinite loop that could occur when trying to determine size of FAT directory when the FAT has a loop in it. (BUG: 1546929) 8/25/06: Update: Improved FAT checking code to look for '.' and '..' entries when inode value is replaced during dent_walk. 8/29/06: Update: Finished Win32 port and changes to handle UTF-16 vs UTF-8 inputs. 8/29/06: Update: Created a parse_inum function to handle parsing inode addresses from command line. 8/30/06: Update: Made progname a local variable instead of global. 8/31/06: Bug Fix: Fixed a sizeof() error with the memset in fatfs_inode_walk for the sect_alloc buffer. 8/31/06: Update: if mktime in dos2unixtime returns any negative value, then the return value is set to 0. Windows and glibc seem to have different return values. ---------------- VERSION 2.05 -------------- 5/15/06: Bug Fix: Fixed a bug in img_cat that could cause it to go into an infinite loop. (BUG: 1489284) 5/16/06: Update: Fixed printf statements in tsk_error.c that caused warning messages for some compilers. Reported by Jason DePriest. 5/17/06: Update: created a union of file system-specific file times in FS_INFO (Patch by Wyatt Banks) 5/22/06: Bug Fix: Updated libewf to 20060520 to fix bug with reported image size. (BUG: 1489287) 5/22/06: Bug Fix: Updated AFFLIB to 1.6.24 so that TSK could compile in CYGWIN. (BUG: 1493013) 5/22/06: Update: Fixed some more printf statements that were causing compile warnings. 5/23/06: Update: Added a file existence check to img_open to make error message more accurate. 5/23/06: Update: Usage messages had extra "Supported image types message". 5/25/06: Update: Added block / page range to fsstat for raw and swapfs. 6/5/06: Update: fixed some typos in the output messages of sigfind (reported by Jelle Smet) 6/9/06: Update: Added HFS+ template to sigfind (Patch by Wyatt Banks) 6/9/06: Update: Added ntfs and HFS template to sigfind. 6/19/06: Update: Begin Windows Visual Studio port 6/22/06: Update: Updated a myflags check in ntfs.c (reported by Wyatt Banks) 6/28/06: Update: Incorporated NTFS compression patch from I.D.E.A.L. 6/28/06: Update: Incorporated NTFS SID patch from I.D.E.A.L. 6/28/06: Bug Fix: A segfault could occur with NTFS if no inode was loaded in the dent_walk code. (Reported by Pope). 7/5/06: Update: Added tsk_error_reset function and updated code to use it. 7/5/06: Update: Added more sanity checks to the DOS partitions code. 7/10/06: Update: Upgraded libewf to version 20060708. 7/10/06: Update: Upgraded AFFLIB to version 1.6.28 7/10/06: Update: added 'list' option to usage message so that file system, image, volume system types are listed only if '-x list' is given. Suggested by kenshin. 7/10/06: Update: Compressed NTFS files use the compression unit size specified in the header. 7/10/06: Update: Added -R flag to icat to suppress recovery warnings and use this flag in sorter to prevent FAT recovery messages from filling up screen. 7/10/06: Update: file_walk functions now return FS_ERR_RECOVERY error codes for most cases if the RECOVERY flag is set -- this allows the errors to be more easily suppressed. 7/12/06: Update: Removed individual libraries and now make a single static libtsk.a library. 7/12/06: Update: Cleaned up top-level Makefile. Use '-C' flag (suggested by kenshin). 7/14/06: Update: Fixed and redesigned some of the new NTFS compression code. Changed variable names. 7/20/06: Update: Fixed an NTFS compression bug if a sub-block was not compressed. 7/21/06: Update: Made NTFS compression code thread friendly. ---------------- VERSION 2.04 -------------- 12/1/05: Bug Fix: Fixed a bug in the verbose output of img_open that would crash if no type or offset was given. Reported and patched by Wyatt Banks. 12/20/05: Bug Fix: An NTFS directory index sanity check used 356 instead of 365 when calculating an upper bound on the times. Reported by Wyatt Banks. 12/23/05: Bug Fix: Two printf statements in istat for NTFS printed to stdout instead of a specific file handle. Reported by Wyatt Banks. 1/22/06: Bug Fix: fsstat, imgstat and dcalc were using a char instead of int for the return value of getopt, which caused some systems to not execute the programs. (internal fix and later reported by Bernhard Reiter) 2/23/06: Update: added support for FreeBSD 6. 2/27/06: Bug Fix: Indirect blocks would nto be found by ifind with UFS and Ext2. Reported by Nelson G. Mejias-Diaz. (BUG: 1440075) 3/9/06: Update: Added AFF image file support. 3/14/06: Bug Fix: If the first directory entry of a UFS or ExtX block was unallocated, then later entries may not be shown. Reported by John Langezaal. (BUG: 1449655) 4/3/06: Update: Finished the improved error handling. Many internal changes, not many external changes. error() function no longer used and instead tsk_err variables and function are used. This makes the library more powerful. 4/5/06: Update: The byte offset for a volume is now passed to the mm_ and fs_ functions instead of img_open. This allows img_info to be used for multiple volumes at the same time. This required some mm_ changes. 4/5/06: Update: All TSK libraries are written to the lib directory. 4/6/06: Update: Added FS_FLAG_DATA_RES flag to identify data that are resident in ntfs_data_walk (suggested by Michael Cohen). 4/6/06: Update: The partition code (media Management) now checks that a partition starts before the end of the image file. There are currently no checks about the end of the partition though. 4/6/06: Update: The media management code now shows unpartitioned space as such from the end of the last partition to the end of the image file (using the image file size). (Suggested by Wyatt Banks). 4/7/06: Update: New version of ISO9660 code from Wyatt Banks and Crucial Security added and other code updated to allow CDs to be analyzed. 4/7/06: There was a conflict with guessuXX with mmtools and fstools. Renamed to mm_guessXX and fs_guessXX. 4/10/06: Upgraded AFFLIB to 1.5.6 4/12/06: Added version of libewf and support for it in imgtools 4/13/06: Added new img_cat tool to extract raw data from an image format. 4/24/06: Upgraded AFFLIB to 1.5.12 4/24/06: split and raw check if the image is a directory 4/24/06: Updated libewf to 20060423-1 4/26/06: Updated makedefs to work with SunOS 5.10 5/3/06: Added iso9660 patch from Wyatt Banks so that version number is not printed with file name. 5/4/06: Updated error checking in icat, istat, fatfs_dent, and ntfs_dent 5/8/06: Updated libewf to 20060505-1 to fix some gcc 2 compile errors. 5/9/06: Updated AFFLIB to 1.6.18 5/11/06: Cleaned up error handling (removed %m and unused legacy code) 5/11/06: Updated AFFLIB to 1.6.23 ---------------- VERSION 2.03 -------------- 7/26/05: Update: Removed incorrect print_version() statement from fs_tools.h (reported by Jaime Chang) 7/26/05: Update: Renamed libraries to start with "lib" 7/26/05: Update: Removed the logfp variable for verbose statements and instead use only stderr. 8/12/05: Update: If time is 0, then it is put as 00:00:00 instead of the default 1970 or 1980 time. 8/13/05: Update: Added Unicode support for FAT and NTFS (Supported by I.D.E.A.L. Technology Corp). 9/2/05: Update: Added Unicode support for UFS and ExtX. Non-printable ASCII characters are no longer replaced with '^.'. 9/2/05: Update: Improved the directory entry sanity checks for UFS and ExtX. 9/2/05: Update: Upgraded file to version 4.15. 9/2/05: Update: The dent_walk code of all file systems does not abort if a sub-directory is encountered with an error. If it is the top directory explicitly called, then it still gives an error. 9/2/05: Bug Fix: MD5 and SHA-1 values were incorrect under AMD64 systems because the incorrect variable sizes were being used. (reported by: Regis Friend Cassidy. BUG: 1280966) 9/2/05: Update: Changed all licenses in TSK to Common Public License (except those that were already IBM Public License). 9/15/05: Bug Fix: The Unicode names would not be displayed if the FAT short name entry was using code pages. The ASCII name check was removed, which may lead to more false positives during inode_walk. 10/05/05: Update: improved the sector size check when the FAT boot sector is read (check for specific values besides just mod 512). 10/12/05: Update: The ASCII name check was added back into FAT, but the check no longer looks for values over 0x80. 10/12/05: Update: The inode_walk function in FAT skips clusters that are allocated to files. This makes it much faster, but it will now not find unallocated directory entries in the slack space of allocated files. 10/13/05: Update: sorter updated to handle unicode in HTML output. ---------------- VERSION 2.02 -------------- 4/27/05: Bug Fix: the sizes of 'id' were not consistent in the front-end and library functions for icat and ffind. Reported by John Ward. 5/16/05: Bug Fix: fls could segfault in FAT if short name did not exist. There was also a bug where the long file name variable (fatfs->lfn_len) was not reset after processing a directory and the next entry could incorrectly get the long name. Reported by Jaime Chang. BUG: 1203673. 5/18/05: Update: Updated makedefs to support Darwin 8 (OS X Tiger) 5/23/05: Bug Fix: ntfs_dent_walk would not always stop when WALK_STOP was returned. This caused some issues with previous versions of ifind. This was fixed. 5/24/05: Bug Fix: Would not compile under Suse because it had header file conflicts for the size of int64_t. Reported by: Andrea Ghirardini. BUG: 1203676 5/25/05: Update: Fixed some memory leaks in fstools (reported by Jaime Chang). 6/13/05: Update: Compiled with g++ to get better warning messages. Fixed many signed versus unsigned comparisons, -1 assignments to unsigned vars, and some other minor internal issues. 6/13/05: Bug Fix: if UFS or FFS found a valid dentry in unallocated space, it could have a documented length that is larger than the remaining unallocated space. This would cause an allocated name to be skipped. BUG: 1210204 Reported by Christopher Betz. 6/13/05: Update: Improved design of all dent code so that there are no more global variables. 6/13/05: Update: Improved design of FAT dent code so that FATFS_INFO does not keep track of long file name information. 6/13/05: Bug Fix: If a cluster in a directory started with a strange dentry, then FAT inode_walk would skip it. The fixis to make sure that all directory sectors are processed. (BUG: 1203669). Reported by Jaime Chang. 6/14/05: Update: Changed design of FS_INODE so that it contains the inode address and the inode_walk action was changed to remove inum as an argument. 6/15/05: Update: Added 'ils -o' back in as 'ils -O' to list open and deleted files. 6/15/05: Update: Added '-m' flag to mactime so that it prints the month as a number instead of its name. 7/2/05: Bug Fix: If an NTFS file did not have a $DATA or $IDX_* attribute, then fls would not print it. The file had no content, but the name should be shown. (BUG: 1231515) (Reported by Fuerst) ---------------- VERSION 2.01 -------------- 3/24/05: Bug Fix: ffind would fail if the directory had two non-printable chars. The handling of non-printable chars was changed to replace with '^.'. (BUG: 1170310) (reported by Brian Baskin) 3/24/05: Bug Fix: icat would not print the output to stdout when split images were used. There was a bug in the image closing process of icat. (BUG: 1170309) (reported by Brian Baskin) 3/24/05: Update: Changed the header files in fstools to make fs_lib.h more self contained. 4/1/05: Bug Fix: Imgtools byte offset with many leading 0s could cause issues. (BUG: 1174977) 4/1/05: Update: Removed test check in mmtools/dos.c for value cluster size because to many partition tables have that as a valid field. Now it checks only OEM name. 4/8/05: Update: Updated usage of 'strtoul' to 'strtoull' for blocks and inodes. ---------------- VERSION 2.00 -------------- 1/6/05: Update: Added '-b' flag to 'mmls' so that sizes can be printed in bytes. Suggested and a patch proposed by Matt Kucenski 1/6/05: Update: Define DADDR_T, INUM_T, OFF_T, PNUM_T as a static size and use those to store values in data structures. Updated print statements as well. 1/6/05: Update: FAT now supports larger images becuase the inode address space is 64-bits. 1/6/05: Moved guess and get functions to misc from mmtools and fstools. 1/7/05: Update: Added imgtools with support for "raw" and "split" layers. All fstools have been updated. 1/7/05: Update: removed dtime from ils output 1/9/05: Update: FAT code reads in clusters instead of sectors to be faster (suggested by David Collett) 1/9/05: Update: mmtools uses imgtools for split images etc. 1/10/05: Update: Removed usage of global variables when using file_walk internally. 1/10/05: Update: mmls BSD will use the next sector automatically if the wrong is given instead of giving an error. 1/10/05: Update: Updated file to version 4.12 1/11/05: Update: Added autodetect to file system tools. 1/11/05: Update: Changed names to specify file system type (not OS-based) 1/11/05: Update: Added '-t' option to fsstat to give just the type. 1/11/05: Update: Added autodetect to mmls 1/17/05: Update: Added the 'mmstat' tool that gives the type of volume system. 1/17/05: Update: Now using CVS for local version control - added date stamps to all files. 2/20/05: Bug Fix: ils / istat would go into an infinte loop if the attribute list had an entry with a length of 0. Reported by Angus Marshall (BUG: 1144846) 3/2/05: Update: non-printable letters in ExtX/UFS file names are now replaced by a '.' 3/2/05: Update: Made file system tools more library friendly by making stubs for each application. 3/4/05: Update: Redesigned the diskstat tool and created the disksreset tool to remove the HPA temporarily. 3/4/05: Update: Added imgstat tool that displays image format details 3/7/05: Bug Fix: In fsstat on ExtX, the final group would have an incorrect _percentage_ of free blocks value (although the actual number was correct). Reported by Knut Eckstein. (BUG: 1158620) 3/11/05: Update: Renamed diskstat, disksreset, sstrings, and imgstat to disk_stat, disk_sreset, srch_strings, and img_stat to make the names more clear. 3/13/05: Bug Fix: The verbose output for fatfs_file_walk had an incorrect sector address. Reported by Rudolph Pereira. 3/13/05: Bug Fix: The beta version had compiling problems on FreeBSD because of a naming clash with the new 'fls' functions. (reported by secman) ---------------- VERSION 1.74 -------------- 11/18/04: Bug Fix: FreeBSD 5 would produce incorrect 'icat' output for Ext2/3 & UFS1 images because it used a 64-bit on-disk address. reported by neutrino neutrino. (BUG: 1068771) 11/30/04: Bug Fix: The makefile in disktools would generate an error on some systems (Cygwin) because of an extra entry. Reported by Vajira Ganepola (BUG: 1076029) ---------------- VERSION 1.73 -------------- 09/09/04: Update: Added journal support for EXT3FS and added jls and jcat tools. 09/13/04: Updated: Added the major and minor device numbers to EXTxFS istat. 09/13/04: Update: Added EXTxFS orphan code to 'fsstat' 09/24/04: Update: Fixed incorrect usage of 'ptr' and "" in action of ntfs_dent.c. Did not affect any code, but could have in the future. Reported by Pete Winkler. 09/25/04: Update: Added UFS flags to fsstat 09/26/04: Update: All fragments are printed for indirect block pointer addresses in UFS istat. 09/29/04: Update: Print extended UFS2 attributes in 'istat' 10/07/04: Bug Fix: Changed usage of (int) to (uintptr_t) for pointer arithmetic. Caused issues with Debian Sarge. (BUG: 1049352) - turned out to be from changes made to package version so that it would compile in 64-bit system (BUG: 928278). 10/11/04: Update: Added diskstat to check for HPA on linux systems. 10/13/04: Update: Added root directory location to FAT32 fsstat output 10/17/04: Bug Fix: EXTxFS superblock location would not be printed for images in fsstat that did not have sparse superblok (which is rare) (BUG: 1049355) 10/17/04: Update: Added sigfind tool to find binary signatures. 10/27/04: Bug Fix: NTFS is_clust_alloc returned an error when loading $MFT that had attribute list entry. Now I assume that clusters referred to by the $MFT are allocated until the $MFT is loaded. (BUG: 1055862). 10/28/04: Bug Fix: Check to see if an attribute with the same name exists instead of relying on id only. (ntfs_proc_attrseq) Affects the processing of attribute lists. Reported by Szakacsits Szabolcs, Matt Kucenski, & Gene Meltser (BUG: 1055862) 10/28/04: Update: Removed usage of mylseek in fstools for all systems (Bug: 928278) ---------------- VERSION 1.72 -------------- 07/31/04: Update: Added flag to mft_lookup so that ifind can run in noabort mode and it will not stop when it finds an invalid magic value. 08/01/04: Update: Removed previous change and removed MAGIC check entirely. XP doesn't even care if the Magic is corrupt, so neither does TSK. The update sequence check should find an invalid MFT entry. 08/01/04: Update: Added error message to 'ifind' if none of the search options are given. 08/05/04: Bug Fix: Fixed g_curdirptr recursive error by clearing the value when dent_walk had to abort because a deleted directory could not be recovered. (BUG: 1004329) Reported by epsilon@yahoo.com 08/16/04: Update: Added a sanity check to fatfs.c fat2unixtime to check if the year is > 137 (which is the overflow date for the 32-bit UNIX time). 08/16/04: Update: Added first version of sstrings from binutils-2.15 08/20/04: Bug Fix: Fixed a bug where the group number for block 0 of an EXT2FS file system would report -1. 'dstat' no longer displays value when it is not part of a block group. (BUG: 1013227) 8/24/04: Update: If an attribute list entry is found with an invalid MFT entry address, then it is ignored instead of an error being generated and exiting. 8/26/04: Update: Changed internal design of NTFS to make is_clust_alloc 8/26/04: Update: If an attribute list entry is found with an invalid MFT entry address AND the entry is unallocated, then no error message is printed, it is just ignored or logged in verbose mode. 8/29/04: Update: Added support for 32-bit GID and UID in EXTxFS 8/30/04: Bug Fix: ntfs_dent_walk was adding 24 extra bytes to the size of the index record for the final record processing (calc of list_len) (BUG: 1019321) (reported and debugging help from Matt Kucenski). 8/30/04: Bug Fix: fs_data_lookup was using an id of 0 as a wild card, but 0 is a legit id value and this could cause confusion. To solve this, a new FS_FLAG_FILE_NOID flag was added and a new fs_data_lookup_noid function that will not use the id to lookup values. (BUG: 1019690) (reported and debugging help from Matt Kucenski) 8/30/04: Update: modified fs_data_lookup_noid to return unamed data attribute if that type is requested (instead of just relying on id value in attributes) 8/31/04: Update: Updated file to v4.10, which seems to fix the CYGWIN compile problem. 9/1/04: Update: Added more DOS partition types to mmls (submitted by Matt Kucenski) 9/2/04: Update: Added EXT3FS extended attributes and Posix ACL to istat output. 9/2/04: Update: Added free inode and block counts per group to fsstat for EXT2FS. 9/7/04: Bug Fix: FreeBSD compile error for PRIx printf stuff in mmtools/gpt.c ---------------- VERSION 1.71 -------------- 06/05/04: Update: Added sanity checks in fat to unix time conversion so that invalid times are set to 0. 06/08/04: Bug Fix: Added a type cast when size is assigned in FAT and removed the assignment to a 32-bit signed variable (which was no longer needed). (Bug: 966839) 06/09/04: Bug Fix: Added a type cast to the 'getuX' macros because some compilers were assuming it was signed (Bug: 966839). 06/11/04: Update: Changed NTFS magic check to use the aa55 at the end and fixed the name of the original "magic" value to oemname. The oemname is now printed in fsstat. 06/12/04: Bug Fix: The NTFS serial number was being printed with bytes in the wrong order in the fsstat output. (BUG: 972207) 06/12/04: Update: The begin offset value in index header for NTFS was 16-bits instead of 32-bits. 06/22/04: Update: Created a library for the MD5 and SHA1 functions so that it can be incorporated into other tools. Also renamed some of the indexing tools that hfind uses. 06/23/04: Update: Changed output of 'istat' for NTFS images. Added more data from $STANDARD_INFORMATION. 07/13/04: Update: Changed output of 'istat' for NTFS images again. Moved more data to the $FILE_NAME section and added new data. 07/13/04: Update: Changed code for processing NTFS runs and no longer check for the offset to be 0 in ntfs_make_data_run(). This could have prevented some sparse files from being processed. 07/13/04: Update: Added flags for compressed and encrypted NTFS files. They are not decrypted or uncompressed yet, just identified. They cannot be displayed from 'icat', but the known layout is given in 'istat'. 07/18/04: Bug Fix: Sometimes, 'icat' would report an error about an existing FILLER entry in an NTFS attribute. This was traced to instances when it was run on a non-base file record. There is now a check for that to not show the error. (BUG: 993459) 07/19/04: Bug Fix: A run of -1 may exist for sparse files in non-NT versions of NTFS. Changed check for this. reported by Matthew Kucenski. (BUG: 994024). 07/24/04: Bug Fix: NTFS attribute names were missing (rarely) on some files because the code assumed they would always be at offset 64 for non-res attributes (Bug: 996981). 07/24/04: Update: Made listing of unallcoated NTFS file names less strict. There was a check for file name length versus stream length. 07/24/04: Update: Added $OBJECT_ID output to 'istat' 07/24/04: Update: Fixed ntfs.c compile warning about constant too large in time conversion code. 07/25/04: Update: Added attribute list contents to NTFS 'istat' output 07/25/04: Bug Fix: Not all slack space was being shown with 'dls -s'. It was documented that this occurs, but it is not what would be expected. (BUG: 997800). 07/25/04: Update: Changed output format of 'dls -s' so that it sends zeros where the file content was. Therefore the output is now a multiple of the data unit size. Also removed limitation to FAT & NTFS. 07/25/04: Update: 'dcalc' now has the '-s' option calculate the original location of data from a slack space image (dls -s). (from Chris Betz). 07/26/04: Update: Created the fs_os.h file and adjusted some of the header files for the PRI macros (C99). Created defines for OSes that do not have the macros already defined. 07/26/04: Non-release bug fix: Fixed file record size bug introduced with recent changes. 07/27/04: Update: Added GPT support to mmls. 07/29/04: Update: Added '-p' flag to 'ifind' to find deleted NTFS files that point to the given parent directory. Added '-l and -z' as well. ---------------- VERSION 1.70 -------------- 04/21/04: Update: Changed attribute and mode for FAT 'istat' so that actual FAT attributes are used instead of UNIX translation. 04/21/04: Update: The FAT 'istat' output better handles Long FIle Name entry 04/21/04: Update: The FAT 'istat' output better handles Volume Label entry 04/21/04: Update: Allowed the FAT volume label entry to be displayed with 'ils' 04/21/04: Update: Allowed the FAT volume label entry to be displayed with 'fls' 04/24/04: Update: 'dstat' on a FAT cluster now shows the cluster address in addition to the sector address. 04/24/04: Update: Added the cluster range to the FAT 'fsstat' output 05/01/04: Update: Improved the FAT version autodetect code. 05/02/04: Update: Removed 'H' flag from 'icat'. 05/02/04: Update: Changed all of the FS_FLAG_XXX variables in the file system tools to constants that are specific to the usage (NAME, DATA, META, FILE). 05/03/04: Update: fatfs_inode_walk now goes by sectors instead of clusters to get more dentries from slack space. 05/03/04: Bug Fix: The allocation status of FAT dentires was set only by the flag and not the allocation status of the cluster it is located in. (BUG: 947112) 05/03/04: Update: Improved comments and variable names in FAT code 05/03/04: Update: Added '-r' flag to 'icat' for deleted file recovery 05/03/04: Update: Added RECOVERY flag to file_walk for deleted file recovery 05/03/04: Update: Added FAT file recovery. 05/03/04: Update: Removed '-H' flag from 'icat'. Default is to display holes. 05/03/04: Update: 'fls -r' will recurse down deleted directories in FAT 05/03/04: Update: 'fsstat' reports FAT clusters that are marked as BAD 05/03/04: Update: 'istat' for FAT now shows recovery clusters for deleted files. 05/04/04: Update: Added output to 'fsstat' for FAT file systems by adding a list of BAD sectors and improving the amount of layout information. I also changed some of the internal variables. 05/08/04: Update: Removed addr_bsize from FS_INFO, moved block_frags to FFS_INFO, modified dcat output only data unit size. 05/20/04: Update: Added RECOVERY flag to 'ifind' so that it can find the data units that are allocated to deleted files 05/20/04: Update: Added icat recovery options to 'sorter'. 05/20/04: Update: Improved the naming convention in sorter for the 'ils' dead files. 05/21/04: Update: Added outlook to sorter rules (from David Berger) 05/27/04: Bug Fix: Added to mylseek.c so that it compiles with Fedora Core 2 (Patch by Angus Marshall) (BUG: 961908). 05/27/04: Update: Changed the letter with 'fls -l' for FIFO to 'p' instead of 'f' (reported by Dave Henkewick). 05/28/04: Update: Added '-u' flag to 'dcat' so that the data unit size can be specified for raw, swap, and dls image types. 05/28/04: Update: Changed the size argument of 'dcat' to be number of data units instead of size in bytes (suggestion by Harald Katzer). ---------------- VERSION 1.69 -------------- 03/06/04: Update: Fixed some memory leaks in ext2fs_close. reported by Paul Bakker. 03/10/04: Bug Fix: If the '-s' flag was used with 'icat' on a EXT2FS or FFS file system, then a large amount of extra data came out. Reported by epsion. (BUG: 913874) 03/10/04: Bug Fix: One of the verbose outputs in ext2fs.c was being sent to STDOUT instead of logfp. (BUG: 913875) 04/14/04: Update: Added more data to fsstat output of FAT file system. 04/15/04: Bug Fix: The last sector of a FAT file system may not be analyzed. (BUG: 935976) 04/16/04: Update: Added full support for swap and raw by making the standard files and functions for them instead of the hack in dcat. Suggested by (and initial patch by) Paul Baker. 04/18/04: Update: Changed error messages in EXT2/3FS code to be extXfs. 04/18/04: Update: Updaged to version 4.09 of 'file'. This will help fix some of the problems people have had compiling it under OS X 10.3. 04/18/04: Update: Added compiling support for SFU 3.5 (Microsoft). Patches from an anonymous person. ---------------- VERSION 1.68 -------------- 01/20/04: Bug Fix: FAT times were an hour too fast during daylight savings. Now use mktime() instead of manual calculation. Reported by Randall Shane. (BUG: 880606) 02/01/04: Update: 'hfind -i' now reports the header entry as an invalid entry. The first header row was ignored. 02/20/04: Bug Fix: indirect block pointer blocks would not be identified by the ifind tool. Reported by Knut Eckstein (BUG: 902709) 03/01/04: Update: Added fs->seek_pos check to fs_read_random. ---------------- VERSION 1.67 -------------- 11/15/03: Bug Fix: Added support for OS X 10.3 to src/makedefs. (BUG: 843029) 11/16/03: Bug Fix: Mac partition tables could generate an error if there were VOID-type partitions. (BUG: 843366) 11/21/03: Update: Changed NOABORT messages to verbose messages, so invalid data is not printed during 'ifind' searches. 11/30/03: Bug Fix: icat would not hide the 'holes' if '-h' was given because the _UNALLOC flag was always being passed to file_walk. (reported by Knut Eckstein). (BUG: 851873) 11/30/03: Bug Fix: NTFS data_walk was not using _ALLOC and _UNALLOC flags and other code that called it was not either. (BUG: 851895) 11/30/03: Bug Fix: Not all needed commands were using _UNALLOC when they called file_walk (although for most cases it did not matter because sparse files would not be found in a directory for example). (Bug: 851897) 12/09/03: Bug Fix: FFS and EXT2FS code was using OFF_T type instead of size_t for the size of the file. This could result in a file > 2GB as being a negative size on some systems (BUG: 856957). 12/26/03: Bug Fix: ffind would crash for root directory of FAT image. Added NULL check and added a NULL name to fake root directory entry. (BUG: 871219) 01/05/04: Bug Fix: The clustcnt value for FAT was incorrectly calculated and was too large for FAT12 and FAT16 by 32 sectors. This could produce extra entries in the 'fsstat' output when the FAT is dumped. (BUG: 871220) 01/05/04: Bug Fix: ils, fls, and istat were not printing the full size of files that are > 2GB. (reported by Knut Eckstein) (BUG: 871457) 01/05/04: Bug Fix: The EXT2FS and EXT3FS code was not using the i_dir_acl value as the upper 32-bits of regular files that are > 2GB (BUG: 871458) 01/06/04: Mitigation: An error was reported where sorter would error that icat was being passed a '-1' argument. I can't find how that would happen, so I added quotes to all arguments so that the next time it occurs, the error is more useful (BUG: 845840). 01/06/04: Update: Incorporated patch from Charles Seeger so that 'cc' can be used and compile time warnings are fixed with Sun 'cc'. 01/06/04: Update: Upgraded file from v3.41 to v4.07 ---------------- VERSION 1.66 -------------- 09/02/03: Bug Fix: Would not compile under OpenBSD 3 because fs_tools.h & mm_tools was missing a defined statement (reported by Randy - m0th_man) NOTE: Bugs now will have an entry into the Source Forge bug tracking sytem. 10/13/03: Bug Fix: buffer was not being cleared between uses and length incorrectly set in NTFS resulted in false deleted file names being shown when the '-r' flag was given. The extra entries were from the previous directory. (BUG: 823057) 10/13/03: Bug Fix: The results of 'sorter' varied depending on the version of Perl and the system. If the file output matched more than one, sorter could not gaurantee which would match. Therefore, results were different for some files and some machines. 'sorter' now enforces the ordering based on the order they are in the configuration file. The entries at the end of the file have priority over the first entries (generic rules to specific rules). (BUG: 823057) 10/14/03: Update: 'mmls' prints 'MS LVM' with partition type 0x42 now. 10/25/03: Bug Fix: NTFS could have a null pointer crash if the image was very corrupt and $Data was not found for the MFT. 11/10/03: Bug Fix: NTFS 'ffind' would only report the file name and not the attribute name because the type and id were ignored. ffind and ntfs_dent were updated - found during NTFS keyword search test. (Bug: 831579() 11/12/03: Update: added support for Solaris x86 partition tables to 'mmls' 11/12/03: Update: Modified the sparc data structure to add the correct location of the 'sanity' magic value. 11/15/03: Update: Added '-s' flag to 'icat' so that slack space is also displayed. ---------------- VERSION 1.65 -------------- 08/03/03: Bug Fix: 'sorter' now checks for inode values that are too small to avoid 'icat' errors about invalid inode values. 08/19/03: Update: 'raw' is now a valid type for 'dcat'. 08/21/03: Update: mactime and sorter look for perl5.6.0 first. 08/21/03: Update: Removed NSRL support from 'sorter' until a better wany to identify the known good and known bad files is found 08/21/03: Bug Fix: The file path replaces < and > with HTML encoding for HTML output (ils names were not being shown) 08/25/03: Update: Added 'nsrl.txt' describing why the NSRL functionality was removed. 08/27/03: Update: Improved code in 'mactime' to reduce warnings when '-w' is used with Perl ('exists' checks on arrays). 08/27/03: Update: Improved code in 'sorter' to reduce warnings when '-w' is used with Perl (inode_int for NTFS). ---------------- VERSION 1.64 -------------- 08/01/03: Docs Fix: The Sun VTOC was documented as Virtual TOC and it should be Volume TOC (Jake @ UMASS). 08/02/03: Bug Fix: Some compilers complained about verbose logging assignment in 'mmls' (Ralf Spenneberg). ---------------- VERSION 1.63 -------------- 06/13/03; Update: Added 'mmtools' directory with 'dos' partitions and 'mmls'. 06/18/03: Update: Updated the documents in the 'doc' directory 06/19/03: Update: Updated error message for EXT3FS magic check 06/27/03: Update: Added slot & table number to mmls 07/08/03: Update: Added mac support to mmtools 07/11/03: Bug Fix: 'sorter' was not processing all unallocated meta data structures because of a regexp error. (reported by Jeff Reava) 07/16/03: Update: Added support for FreeBSD5 07/16/03: Update: Added BSD disk labels to mmtools 07/28/03: Update: Relaxed requirements for DOS directory entries, the wtime can be zero (reported by Adam Uccello). 07/30/03: Update: Added SUN VTOC to mmtools 07/31/03: Update: Added NetBSD support (adam@monkeybyte.org) 08/01/03: Update: Added more sanity checks to FAT so that it would not try and process NTFS images that have the same MAGIC value ---------------- VERSION 1.62 -------------- 04/11/03: Bug Fix: 'fsstat' for an FFS file system could report data fragments in the last group that were larger than the maximum fragment 04/11/03: Bug Fix: 'ffs' allows the image to not be a multiple of the block size. A read error occurred when it tried to read the last fragments since a whole block could not be read. 04/15/03: Update: Added debug statements to FAT code. 04/26/03: Update: Added verbose statements to FAT code 04/26/03: Update: Added NOABORT flag to dls -s 04/26/03: Update: Added stderr messages for errors that are not aborted because of NOABORT 05/27/03: Update: Added 'mask' field to FATFS_INFO structure and changed code in fatfs.c to use it. 05/27/03: Update: isdentry now checks the starting cluster to see if it is a valid size. 05/27/03: Bug Fix: Added a sanitizer to 'sorter' to remove invalid chars from the 'file' output and reduce the warnings from Perl. 05/28/03: Bug Fix: Improved sanitize expression in 'sorter' 05/28/03: Update: Added '-d' option to 'mactime' to allow output to be given in comma delimited format for importing into a spread sheet or other graphing tool 06/09/03: Update: Added hourly summary / indexing to mactime 06/09/03: Bug Fix: sorter would not allow linux-ext3 fstype ---------------- VERSION 1.61 -------------- 02/05/03: Update: Started addition of image thumbnails to sorter 03/05/03: Update: Updated 'file' to version 3.41 03/16/03: Update: Added comments and NULL check to 'ifind' 03/16/03: Bug Fix: Added a valid magic of 0 for MFT entries. This was found in an XP image. 03/26/03: Bug Fix: fls would crash for an inode of 0 and a clock skew was given. fixed the bug in fls.c (debug help from Josep Homs) 03/26/03: Update: Added more verbose comments to ntfs_dent.c. 03/26/03: Bug Fix: 'ifind' for a path could return a result that was shorter than the requested name (strncmp was used) 03/26/03: Update: Short FAT names can be used in 'ifind -n' and error messages were improved 03/26/03: Bug Fix: A final NTFS Index Buffer was not always processed in ntfs_dent.c, which resulted in files not being shown. This was fixed with debugging help from Matthew Shannon. 03/27/03: Update: Added an 'index.html' for image thumbnails in sorter and added a 'details' link from the thumbnail to the images.html file 03/27/03: Update: 'sorter' can now take a directory inode to start processing 03/27/03: Update: added '-z' flag when running 'file' in 'sorter' so that compressed file contents are reported 03/27/03: Update: added '-i' flag to 'mactime' that creates a daily summary of events 03/27/03: Update: Added support for Version 2 of the NSRL in 'hfind' 04/01/03: Update: Added support for Hash Keeper to 'hfind' 04/01/03: Update: Added '-e' flag to 'hfind' for extended info (currently hashkeeper only) ---------------- VERSION 1.60 -------------- 10/31/02: Bug Fix: the unmounting status of EXT2FS in the 'fsstat' command was not correct (reported by Stephane Denis). 11/24/02: Bug Fix: The -v argument was not allowed on istat or fls (Michael Stone) 11/24/02: Bug Fix: When doing an 'ifind' on a UNIX fs, it could abort if it looked at an unallocated inode with invalid indirect block pointers. This was fixed by adding a "NOABORT" flag to the walk code and adding error checks in the file system code instead of relying on the fs_io code. (suggested by Micael Stone) 11/26/02: Update: ifind has a '-n' argument that allows one to specify a file name it and it searches to find the meta data structure for it (suggested by William Salusky). 11/26/02: Update: Now that there is a '-n' flag with 'ifind', the '-d' flag was added to specify the data unit address. The old syntax of giving the data_unit at the end is no longer supported. 11/27/02: Update: Added sanity checks on meta data and data unit addresses earlier in the code. 12/12/02: Update: Added additional debug statements to NTFS code 12/19/02: Update: Moved 'hash' directory to 'hashtools' 12/19/02: Update: Started development of 'hfind' 12/31/02: Update: Improved verbose debug statements to show full 64-bit offsets 01/02/03: Update: Finished development of 'hfind' with ability to update for next version of NSRL (which may have a different format) 01/05/03: Bug Fix: FFS and EXT2FS symbolic link destinations where not properly NULL terminated and some extra chars were appended in 'fls' (later reported by Thorsten Zachmann) 01/06/03: Bug Fix: getu64() was not properly masking byte sizes and some data was being lost. This caused incorrect times to be displayed in some NTFS files. 01/06/03: Bug Fix: ifind reported incorrect ownership for some UNIX file systems if the end fragments were allocated to a different file than the first ones were. 01/07/03: Update: Renamed the src/mactime directory to src/timeline. 01/07/03: Update: Updated README and man pages for hfind and sorter 01/12/03: Bug Fix: ntfs_mft_lookup was casting a 64-bit value to a 32-bit variable. This caused MFT Magic errors. Reported and debugged by Keven Murphy 01/12/03: Update: Added verbose argument to 'fls' 01/12/03: Bug Fix: '-V' argument to 'istat' was doing verbose instead of version 01/13/03: Update: Changed static sizes of OFF_T and DADDR_T in Linux version to the actual 'off_t' and 'daddr_t' types 01/23/03: Update: Changed use of strtok_r to strtok in ifind.c so that Mac 10.1 could compile (Dave Goldsmith). 01/28/03: Update: Improved code in 'hfind' and 'sorter' to handle files with spaces in the path (Dave Goldsmith). ---------------- VERSION 1.52 -------------- 09/24/02: Bug Fix: Memory leak in ntfs_dent_idxentry(), ntfs_find_file(), and ntfs_dent_walk() 09/24/02: Update: Removal of index sequences for index buffers is now done using upd_off, which will allow for NTFS to move the structure in the future. 09/26/02: Update: Added create time for NTFS / STANDARD_INFO to istat output. 09/26/02: Update: Changed the method that the NTFS time is converted to UNIX time. Should be more efficient. 10/09/02: Update: dcat error changed. 10/02/02: Update: Includes a Beta version of 'sorter' ---------------- VERSION 1.51 -------------- 09/10/02: Bug Fix: Fixed a design bug that would not allow attribute lists in $MFT. This bug would generate an error that complained about an invalid MFT entry in attribute list. 09/10/02: Update: The size of files and directories is now calculated after each time proc_attrseq() is called so that it is more up to date when dealing with attribute lists. The size has the sizes of all $Data, $IDX_ROOT, and $IDX_ALLOC streams. 09/10/02: Update: The maxinum number of MFT entries is now calculated each time an MFT entry is processed while loading the MFT. This allows us to reflect what the maximum possible MFT entry is at that given point based on how many attribute lists have been processed. 09/10/02: Update: Added file version 3.39 to distro (bigger magic files) (Salusky) 09/10/02: Bug Fix: fs_data was wasting memory when it was allocated 09/10/02: Update: added a fs_data_alloc() function 09/12/02: Bug Fix: Do not give an error if an attribute list of an unallocated file points to an MFT that no longer claims it is a member of the list. 09/12/02: Update: No longer need version to remove update sequence values from on-disk buffers 09/19/02: Bug Fix: fixed memory leak in ntfs_load_ver() 09/19/02: Bug Fix: Update sequence errors were displayed because of a bug that occurred when an MFT entry crossed a run in $MFT. Only occurred with 512-byte clusters and an odd number of clusters in a run. 09/19/02: Update: New argument to ils, istat, and fls that allows user to specify a time skew in seconds of the compromised system. Originated from discussion at DFRWS II. 09/19/02: Update: Added '-h' argument to mactime to display header info ---------------- VERSION 1.50 -------------- 04/21/02: icat now displays idxroot attribute for NTFS directories 04/21/02: fs_dent_print functions now are passed the FS_DATA structure instead of the extra inode and name strings. (NTFS) 04/21/02: fs_dent_print functions display alternate data stream size instead of the default data size (NTFS) 04/24/02: Fixed bug in istat that displayed too many fragments with ffs images 04/24/02: Fixed bug in istat that did not display sparse files correctly 04/24/02: fsstat of FFS images now identifies the fragments at the beginning of cyl groups as data fragments. 04/26/02: Fixed bug in ext2fs_dent_parse_block that did not advance the directory entry pointer far enough each time 04/26/02: Fixed bug in ext2fs_dent_parse_block so that gave an error if a file name was exactly 255 chars 04/29/02: Removed the getX functions from get.c as they are now macros 05/11/02: Added support for lowercase flag in FAT 05/11/02: Added support for sequence values (NTFS) 05/13/02: Added FS_FLAG_META for FAT 05/13/02: Changed ifind so that it looks the block up to identify if it is a meta data block when an inode can not be found 05/13/02: Added a conditional to ifind so that it handles sparse files better 05/19/02: Changed icat so that the default attribute type is set in the file_walk function 05/20/02: ils and dls now use boundary inode & block values if too large or small are given 05/21/02: istat now displays all NTFS times 05/21/02: Created functions to just display date and time 05/24/02: moved istat functionality to the specific file system file 05/25/02: added linux-ext3 flag, but no new features 05/25/02: Added sha1 (so Autopsy can use the NIST SW Database) 05/26/02: Fixed bug with FAT that did not return all slack space on file_walk 05/26/02: Added '-s' flag to dls to extract slack space of FAT and NTFS 06/07/02: fixed _timezone variable so correct times are shown in CYGWIN 06/11/02: *_copy_inode now sets the flags for the inode 06/11/02: fixed bug in mactimes that displayed a duplicate entry with time because of header entries in body file 06/12/02: Added ntfs.README doc 06/16/02: Added a comment to file Makefile to make it easier to compile for an IR CD. 06/18/02: Fixed NTFS bug that showed ADS when only deleted files were supposed to be shown (when ADS in directory) 06/19/02: added the day of the week to the mactime output (Tan) 07/09/02: Fixed bug that added extra chars to end of symlink destination 07/17/02: 1.50 Released ---------------- VERSION 1.00 -------------- - Integrated TCT-1.09 and TCTUTILs-1.01 - Fixed bug in bcat if size is not given with type of swap. - Added platform indep by including the structures of each file system type - Added flags for large file support under linux - blockcalc was off by 1 if calculated using the raw block number and not the one that lazarus spits out (which start at 1) - Changed the inode_walk and block_walk functions slightly to return a value so that a walk can be ended in the middle of it. - FAT support added - Improved ifind to better handle fragments - '-z' flag to fls and istat now use the time zone string instead of integer value. - no longer prepend / in _dent - verify that '-m' directory in fls ends with a '/' - identify the destination of sym links - fsstat tool added - fixed caching bug with FAT12 when the value overlapped cache entries - added mactime - removed the value in fls when printing mac format (inode is now printed in mactime) - renamed src/misc directory to src/hash (it only has md5 and will have sha) - renamed aux directory to misc (Windows doesn't allow aux as a name ??) - Added support for Cygwin - Use the flags in super block of EXT2FS to identify v1 or v2 - removed file system types of linux1 and linux2 and linux - added file system type of linux-ext2 (as ext3 is becoming more popular) - bug in file command that reported seek error for object files and STDIN sleuthkit-sleuthkit-4.4.2/README.md000066400000000000000000000201741314210574700170360ustar00rootroot00000000000000[![Build Status](https://travis-ci.org/sleuthkit/sleuthkit.svg?branch=develop)](https://travis-ci.org/sleuthkit/sleuthkit) [![Build status](https://ci.appveyor.com/api/projects/status/8f7ljj8s2lh5sqfv?svg=true)](https://ci.appveyor.com/project/bcarrier/sleuthkit) # [The Sleuth Kit](http://www.sleuthkit.org/sleuthkit) README File ## INTRODUCTION The Sleuth Kit is an open source forensic toolkit for analyzing Microsoft and UNIX file systems and disks. The Sleuth Kit enables investigators to identify and recover evidence from images acquired during incident response or from live systems. The Sleuth Kit is open source, which allows investigators to verify the actions of the tool or customize it to specific needs. The Sleuth Kit uses code from the file system analysis tools of The Coroner's Toolkit (TCT) by Wietse Venema and Dan Farmer. The TCT code was modified for platform independence. In addition, support was added for the NTFS (see docs/ntfs.README) and FAT (see docs/fat.README) file systems. Previously, The Sleuth Kit was called The @stake Sleuth Kit (TASK). The Sleuth Kit is now independent of any commercial or academic organizations. It is recommended that these command line tools can be used with the Autopsy Forensic Browser. Autopsy, (http://www.sleuthkit.org/autopsy), is a graphical interface to the tools of The Sleuth Kit and automates many of the procedures and provides features such as image searching and MD5 image integrity checks. As with any investigation tool, any results found with The Sleuth Kit should be be recreated with a second tool to verify the data. ## OVERVIEW The Sleuth Kit allows one to analyze a disk or file system image created by 'dd', or a similar application that creates a raw image. These tools are low-level and each performs a single task. When used together, they can perform a full analysis. For a more detailed description of these tools, refer to docs/filesystem.README. The tools are briefly described in a file system layered approach. Each tool name begins with a letter that is assigned to the layer. ### File System Layer: A disk contains one or more partitions (or slices). Each of these partitions contain a file system. Examples of file systems include the Berkeley Fast File System (FFS), Extended 2 File System (EXT2FS), File Allocation Table (FAT), and New Technologies File System (NTFS). The fsstat tool displays file system details in an ASCII format. Examples of data in this display include volume name, last mounting time, and the details about each "group" in UNIX file systems. ### Content Layer (block): The content layer of a file system contains the actual file content, or data. Data is stored in large chunks, with names such as blocks, fragments, and clusters. All tools in this layer begin with the letters 'blk'. The blkcat tool can be used to display the contents of a specific unit of the file system (similar to what 'dd' can do with a few arguments). The unit size is file system dependent. The 'blkls' tool displays the contents of all unallocated units of a file system, resulting in a stream of bytes of deleted content. The output can be searched for deleted file content. The 'blkcalc' program allows one to identify the unit location in the original image of a unit in the 'blkls' generated image. A new feature of The Sleuth Kit from TCT is the '-l' argument to 'blkls' (or 'unrm' in TCT). This argument lists the details for data units, similar to the 'ils' command. The 'blkstat' tool displays the statistics of a specific data unit (including allocation status and group number). ### Metadata Layer (inode): The metadata layer describes a file or directory. This layer contains descriptive data such as dates and size as well as the addresses of the data units. This layer describes the file in terms that the computer can process efficiently. The structures that the data is stored in have names such as inode and directory entry. All tools in this layer begin with an 'i'. The 'ils' program lists some values of the metadata structures. By default, it will only list the unallocated ones. The 'istat' displays metadata information in an ASCII format about a specific structure. New to The Sleuth Kit is that 'istat' will display the destination of symbolic links. The 'icat' function displays the contents of the data units allocated to the metadata structure (similar to the UNIX cat(1) command). The 'ifind' tool will identify which metadata structure has allocated a given content unit or file name. Refer to the ntfs.README doc for information on addressing metadata attributes in NTFS. ### Human Interface Layer (file): The human interface layer allows one to interact with files in a manner that is more convenient than directly with the metadata layer. In some operating systems there are separate structures for the metadata and human interface layers while others combine them. All tools in this layer begin with the letter 'f'. The 'fls' program lists file and directory names. This tool will display the names of deleted files as well. The 'ffind' program will identify the name of the file that has allocated a given metadata structure. With some file systems, deleted files will be identified. #### Time Line Generation Time lines are useful to quickly get a picture of file activity. Using The Sleuth Kit a time line of file MAC times can be easily made. The mactime (TCT) program takes as input the 'body' file that was generated by fls and ils. To get data on allocated and unallocated file names, use 'fls -rm dir' and for unallocated inodes use 'ils -m'. Note that the behavior of these tools are different than in TCT. For more information, refer to docs/mac.README. #### Hash Databases Hash databases are used to quickly identify if a file is known. The MD5 or SHA-1 hash of a file is taken and a database is used to identify if it has been seen before. This allows identification to occur even if a file has been renamed. The Sleuth Kit includes the 'md5' and 'sha1' tools to generate hashes of files and other data. Also included is the 'hfind' tool. The 'hfind' tool allows one to create an index of a hash database and perform quick lookups using a binary search algorithm. The 'hfind' tool can perform lookups on the NIST National Software Reference Library (NSRL) (www.nsrl.nist.gov) and files created from the 'md5' or 'md5sum' command. Refer to the docs/hfind.README file for more details. #### File Type Categories Different types of files typically have different internal structure. The 'file' command comes with most versions of UNIX and a copy is also distributed with The Sleuth Kit. This is used to identify the type of file or other data regardless of its name and extension. It can even be used on a given data unit to help identify what file used that unit for storage. Note that the 'file' command typically uses data in the first bytes of a file so it may not be able to identify a file type based on the middle blocks or clusters. The 'sorter' program in The Sleuth Kit will use other Sleuth Kit tools to sort the files in a file system image into categories. The categories are based on rule sets in configuration files. The 'sorter' tool will also use hash databases to flag known bad files and ignore known good files. Refer to the 'docs/sorter.README' file for more details. ## LICENSE The file system tools (in the src/fstools directory) are released under the IBM open source license and Common Public License, both are located in the license directory. The modifications to 'mactime' from the original 'mactime' in TCT and 'mac-daddy' are released under the Common Public License. Other tools in the src directory are either Common Public License or the GNU Public License. ## INSTALL For installation instructions, refer to the INSTALL document. ## OTHER DOCS The 'docs' directory contains documents that describe the provided tools in more detail. The Sleuth Kit Informer is a newsletter that contains new documentation and articles. > www.sleuthkit.org/informer/ ## MAILING LIST Mailing lists exist on SourceForge, for both users and a low-volume announcements list. > http://sourceforge.net/mail/?group_id=55685 Brian Carrier carrier sleuthkit org sleuthkit-sleuthkit-4.4.2/README_win32.txt000066400000000000000000000033511314210574700202750ustar00rootroot00000000000000 The Sleuth Kit Win32 README File http://www.sleuthkit.org/sleuthkit Last Modified: Jan 2014 ==================================================================== The Sleuth Kit (TSK) runs on Windows. If you simply want the executables, you can download them from the www.sleuthkit.org website. If you want to build your own executables, you have two options. 1) Microsoft Visual Studio. The VS solution file is in the win32 directory. Refer to the win32\BUILDING.txt file for details for building the 32-bit and 64-bit versions. 2) mingw32. See below for more details. --------------------------------------------------------------- MINGW32 If you're using mingw32 on Linux, simply give the "--host=i586-mingw32msvc" argument when running the './configure' script and use 'make' to compile. If you're using mingw32 on Windows, './configure' and 'make' will work directly. Note that to compile the Java bindings you will need to have a JDK to be installed, and by default the Oracle JDK on Windows is installed in a path such as C:\Program Files\Java\jdk1.6.0_16\. GNU autotools (which is used if you do a mingw32 compile, but not a Visual Studio compile) do not handle paths containing spaces, so you will need to copy the JDK to a directory without spaces in the name, such as C:\jdk1.6.0_16\, then add C:\jdk1.6.0_16\bin to $PATH before running './configure' Note also that libtool may fail on mingw32 on Windows if C:\Windows\system32 is on $PATH before /usr/bin. The fix is to have the C:\Windows directories at the _end_ of your mingw $PATH. ------------------------------------------------------------------- carrier sleuthkit org Brian Carrier sleuthkit-sleuthkit-4.4.2/bindings/000077500000000000000000000000001314210574700173505ustar00rootroot00000000000000sleuthkit-sleuthkit-4.4.2/bindings/java/000077500000000000000000000000001314210574700202715ustar00rootroot00000000000000sleuthkit-sleuthkit-4.4.2/bindings/java/Makefile.am000066400000000000000000000003651314210574700223310ustar00rootroot00000000000000# Compile the sub directories SUBDIRS = jni tsk_jar = $(top_builddir)/bindings/java/dist/Tsk_DataModel.jar jardir = $(prefix)/share/java jar_DATA = $(tsk_jar) $(tsk_jar): all-local: ant dist CLEANFILES = $(tsk_jar) clean-local: ant clean sleuthkit-sleuthkit-4.4.2/bindings/java/README.txt000066400000000000000000000045461314210574700220000ustar00rootroot00000000000000Sleuth Kit Java Bindings Overview The core functionality of the Sleuth Kit is in the C/C++ library. The functionality is made available to Java applications by using JNI. The theory is that a SQLite database is created by the C++ library and then it is queried by native Java code. JNI methods exist to make the database and to read file content (and other raw data that is too large to fit into the database). To use the Java bindings, you must have the Sleuth Kit datamodel JAR file compiled and have compiled the associated dynamic library from the C/C++ code. Requirements: * Java JDK * Ant * Jar files as listed in ivy.xml (which will get downloaded automatically) Building the Dynamic Library (for JNI) The win32 Visual Studio solution has a tsk_jni project that will build the JNI dll. To use this project, you will need to have JDK_HOME environment variable set to the root directory of JDK. On non-windows environments, it should just build as part of running ./configure and make. If the needed Java components are not found, it will not be built. This library will depend on libewf, zlib, and other libraries that TSK was built to depend on. In Windows, the core of TSK (libtsk) is a static library that is fully embedded in the libtsk_jni.dll file. On non-Windows environments, libtsk_jni will depend on the libtsk dynamic library. Building The Jar File Build with the default ant target (by running 'ant'). This will download the required libraries (using ivy) and place the jar file in the dist folder along with the needed dll and library files. Using the Jar file and Library There are two categories of things that need to be in the right place: - The Jar file needs to be on the CLASSPATH. - The libewf and zlib dynamic libraries need to be loadable. The TSK JNI native library is inside of the Jar file and it will depend on the libewf and zlib libraries. On a Unix-like platform, that means that if you did a 'make install' with libewf and zlib, you should be OK. On Windows, you should copy these dlls to a place that is found based on the rules of Windows library loading. Note that these locations are based on the rules of Windows loading them and not necessarily based on java's loading paths. Refer to the javadocs for details on using the API: http://sleuthkit.org/sleuthkit/docs/jni-docs/ ------------ Brian Carrier Jan 2014 sleuthkit-sleuthkit-4.4.2/bindings/java/build-unix.xml000066400000000000000000000110271314210574700230740ustar00rootroot00000000000000 sleuthkit-sleuthkit-4.4.2/bindings/java/build-windows.xml000066400000000000000000000120761314210574700236100ustar00rootroot00000000000000 sleuthkit-sleuthkit-4.4.2/bindings/java/build.xml000077500000000000000000000201331314210574700221140ustar00rootroot00000000000000 Sleuthkit Java DataModel sleuthkit-sleuthkit-4.4.2/bindings/java/doxygen/000077500000000000000000000000001314210574700217465ustar00rootroot00000000000000sleuthkit-sleuthkit-4.4.2/bindings/java/doxygen/Doxyfile000066400000000000000000003132321314210574700234600ustar00rootroot00000000000000# Doxyfile 1.8.9.1 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = "Sleuth Kit Java Bindings (JNI)" # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = 4.4.1 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = "Java bindings for using The Sleuth Kit" # With the PROJECT_LOGO tag one can specify a logo or an icon that is included # in the documentation. The maximum height of the logo should not exceed 55 # pixels and the maximum width should not exceed 200 pixels. Doxygen will copy # the logo to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = docs # If the CREATE_SUBDIRS tag is set to YES then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # If the ALLOW_UNICODE_NAMES tag is set to YES, doxygen will allow non-ASCII # characters to appear in the names of generated files. If set to NO, non-ASCII # characters will be escaped, for example _xE3_x81_x84 will be used for Unicode # U+3044. # The default value is: NO. ALLOW_UNICODE_NAMES = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Armenian, Brazilian, Catalan, Chinese, # Chinese-Traditional, Croatian, Czech, Danish, Dutch, English (United States), # Esperanto, Farsi (Persian), Finnish, French, German, Greek, Hungarian, # Indonesian, Italian, Japanese, Japanese-en (Japanese with English messages), # Korean, Korean-en (Korean with English messages), Latvian, Lithuanian, # Macedonian, Norwegian, Persian (Farsi), Polish, Portuguese, Romanian, Russian, # Serbian, Serbian-Cyrillic, Slovak, Slovene, Spanish, Swedish, Turkish, # Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES, doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES, doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES, doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = YES # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES then doxygen will produce a new # page for each member. If set to NO, the documentation of a member will be part # of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 8 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = NO # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = YES # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, Javascript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran (fixed format Fortran: # FortranFixed, free formatted Fortran: FortranFree, unknown formatted Fortran: # Fortran. In the later case the parser tries to guess whether the code is fixed # or free formatted code, this is the default for Fortran type files), VHDL. For # instance to make doxygen treat .inc files as Fortran files (default is PHP), # and .f files as C (default is Fortran), use: inc=Fortran f=C. # # Note: For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by putting a % sign in front of the word or # globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = NO # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES, doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = YES # If the EXTRACT_PRIVATE tag is set to YES, all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = YES # If the EXTRACT_PACKAGE tag is set to YES, all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES, all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = YES # If the EXTRACT_LOCAL_CLASSES tag is set to YES, classes (and structs) defined # locally in source files will be included in the documentation. If set to NO, # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. If set to YES, local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO, only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO, these classes will be included in the various overviews. This option # has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO, these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO, these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES, upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = NO # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES, the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = NO # If the HIDE_COMPOUND_REFERENCE tag is set to NO (default) then doxygen will # append additional text to a page's title, such as Class Reference. If set to # YES the compound reference will be hidden. # The default value is: NO. HIDE_COMPOUND_REFERENCE= NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = YES # If the SHOW_GROUPED_MEMB_INC tag is set to YES then Doxygen will add for each # grouped member an include statement to the documentation, telling the reader # which file to include in order to use the member. # The default value is: NO. SHOW_GROUPED_MEMB_INC = NO # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO, the members will appear in declaration order. Note that # this will also influence the order of the classes in the class list. # The default value is: NO. SORT_BRIEF_DOCS = YES # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = YES # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = YES # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable (YES) or disable (NO) the todo # list. This list is created by putting \todo commands in the documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable (YES) or disable (NO) the test # list. This list is created by putting \test commands in the documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable (YES) or disable (NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or disable (NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if ... \endif and \cond # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES, the # list will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. See also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error (stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO, doxygen will only warn about wrong or incomplete # parameter documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = NO # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text " # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. # Note: If this tag is empty the current directory is searched. INPUT = main.dox \ query_database.dox \ blackboard.dox \ insert_and_update_database.dox \ ../src # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank the # following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii, # *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, # *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, # *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, # *.qsf, *.as and *.js. FILE_PATTERNS = *.java # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = YES # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # # # where is the value of the INPUT_FILTER tag, and is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = YES # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = YES # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = YES # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES # If the CLANG_ASSISTED_PARSING tag is set to YES then doxygen will use the # clang parser (see: http://clang.llvm.org/) for more accurate parsing at the # cost of reduced performance. This can be particularly helpful with template # rich C++ code for which doxygen's built-in parser lacks the necessary type # information. # Note: The availability of this option depends on whether or not doxygen was # compiled with the --with-libclang option. # The default value is: NO. CLANG_ASSISTED_PARSING = NO # If clang assisted parsing is enabled you can provide the compiler with command # line options that you would normally use when invoking the compiler. Note that # the include paths will already be set by doxygen for the files and directories # specified with INPUT and INCLUDE_PATH. # This tag requires that the tag CLANG_ASSISTED_PARSING is set to YES. CLANG_OPTIONS = #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = YES # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES, doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = jni-docs/4.4.1/ # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = footer.html # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify additional user-defined # cascading style sheets that are included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefore more robust against future updates. # Doxygen will copy the style sheet files to the output directory. # Note: The order of the extra style sheet files is of importance (e.g. the last # style sheet in the list overrules the setting of the previous ones in the # list). For an example see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the style sheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to NO can help when comparing the output of multiple runs. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = YES # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = YES # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Doxygen # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler (hhc.exe). If non-empty, # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated # (YES) or that it should be included in the master .chm file (NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index (hhk), content (hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated # (YES) or a normal table of contents (NO) in the .chm file. Furthermore it # enables the Previous and Next buttons. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom style sheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = YES # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # If the EXT_LINKS_IN_WINDOW option is set to YES, doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = YES # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side Javascript for the rendering # instead of using pre-rendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use + S # (what the is depends on the OS and browser, but it is typically # , /