api-docs/3.1/_file_type_detector_8java_source.html

 /*

  * Autopsy Forensic Browser

  *

  * Copyright 2014-2015 Basis Technology Corp.

  * Contact: carrier <at> sleuthkit <dot> org

  *

  * Licensed under the Apache License, Version 2.0 (the "License");

  * you may not use this file except in compliance with the License.

  * You may obtain a copy of the License at

  *

  *     http://www.apache.org/licenses/LICENSE-2.0

  *

  * Unless required by applicable law or agreed to in writing, software

  * distributed under the License is distributed on an "AS IS" BASIS,

  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  * See the License for the specific language governing permissions and

  * limitations under the License.

  */

 package org.sleuthkit.autopsy.modules.filetypeid;


 import java.util.ArrayList;

 import java.util.Map;

 import java.util.SortedSet;

 import org.apache.tika.Tika;

 import org.apache.tika.mime.MediaType;

 import org.apache.tika.mime.MimeTypes;

 import org.sleuthkit.datamodel.AbstractFile;

 import org.sleuthkit.datamodel.BlackboardArtifact;

 import org.sleuthkit.datamodel.BlackboardAttribute;

 import org.sleuthkit.datamodel.TskCoreException;

 import org.sleuthkit.datamodel.TskData;


 public class FileTypeDetector {


     private static final Tika tika = new Tika();

     private static final int BUFFER_SIZE = 64 * 1024;

     private final byte buffer[] = new byte[BUFFER_SIZE];

     private final Map<String, FileType> userDefinedFileTypes;


     public FileTypeDetector() throws FileTypeDetectorInitException {

         try {

             userDefinedFileTypes = UserDefinedFileTypesManager.getInstance().getFileTypes();

         } catch (UserDefinedFileTypesManager.UserDefinedFileTypesException ex) {

             throw new FileTypeDetectorInitException("Error loading user-defined file types", ex); //NON-NLS

         }

     }


     public boolean isDetectable(String mimeType) {

         return isDetectableAsUserDefinedType(mimeType) || isDetectableByTika(mimeType);

     }


     private boolean isDetectableAsUserDefinedType(String mimeType) {

         return userDefinedFileTypes.containsKey(mimeType);

     }


     private boolean isDetectableByTika(String mimeType) {

         String[] split = mimeType.split("/");

         if (split.length == 2) {

             String type = split[0];

             String subtype = split[1];

             MediaType mediaType = new MediaType(type, subtype);

             SortedSet<MediaType> m = MimeTypes.getDefaultMimeTypes().getMediaTypeRegistry().getTypes();

             return m.contains(mediaType);

         }

         return false;

     }


     public String getFileType(AbstractFile file) throws TskCoreException {

         String fileType;

         ArrayList<BlackboardAttribute> attributes = file.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG);

         for (BlackboardAttribute attribute : attributes) {

             fileType = attribute.getValueString();

             if (null != fileType && !fileType.isEmpty()) {

                 return fileType;

             }

         }

         return detectAndPostToBlackboard(file);

     }


     public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException {

         String mimeType = detect(file);

         if (null != mimeType) {

             BlackboardArtifact getInfoArt = file.getGenInfoArtifact();

             BlackboardAttribute batt = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID(), FileTypeIdModuleFactory.getModuleName(), mimeType);

             getInfoArt.addAttribute(batt);

         }

         return mimeType;

     }


     public String detect(AbstractFile file) throws TskCoreException {

         // consistently mark non-regular files (refer TskData.TSK_FS_META_TYPE_ENUM),

         // 0 sized files, unallocated, and unused blocks (refer TskData.TSK_DB_FILES_TYPE_ENUM)

         // as octet-stream.

         if (!file.isFile() || file.getSize() <= 0

                 || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)

                 || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)) {

             return MimeTypes.OCTET_STREAM;

         }


         String fileType = detectUserDefinedType(file);

         if (null == fileType) {

             try {

                 byte buf[];

                 int len = file.read(buffer, 0, BUFFER_SIZE);

                 if (len < BUFFER_SIZE) {

                     buf = new byte[len];

                     System.arraycopy(buffer, 0, buf, 0, len);

                 } else {

                     buf = buffer;

                 }


                 String mimetype = tika.detect(buf, file.getName());


                 return mimetype.replace("tika-", ""); //NON-NLS


             } catch (Exception ignored) {

             }

         }

         return fileType;

     }


     private String detectUserDefinedType(AbstractFile file) throws TskCoreException {

         for (FileType fileType : userDefinedFileTypes.values()) {

             if (fileType.matches(file)) {

                 if (fileType.alertOnMatch()) {

                     BlackboardArtifact artifact;

                     artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);

                     BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getFilesSetName());

                     artifact.addAttribute(setNameAttribute);


                     BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());

                     artifact.addAttribute(ruleNameAttribute);

                 }

                 return fileType.getMimeType();

             }

         }

         return null;

     }


     public static class FileTypeDetectorInitException extends Exception {


         FileTypeDetectorInitException(String message) {

             super(message);

         }


         FileTypeDetectorInitException(String message, Throwable throwable) {

             super(message, throwable);

         }

     }


 }

org::sleuthkit

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.BUFFER_SIZE
static final int BUFFER_SIZE
Definition: FileTypeDetector.java:39

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_FILE_TYPE_SIG
TSK_FILE_TYPE_SIG

org::sleuthkit::datamodel::TskData

org::sleuthkit::datamodel::BlackboardAttribute

org

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.userDefinedFileTypes
final Map< String, FileType > userDefinedFileTypes
Definition: FileTypeDetector.java:41

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable
boolean isDetectable(String mimeType)
Definition: FileTypeDetector.java:65

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector
Definition: FileTypeDetector.java:36

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector
FileTypeDetector()
Definition: FileTypeDetector.java:50

org::sleuthkit::datamodel::BlackboardArtifact

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType
String detectUserDefinedType(AbstractFile file)
Definition: FileTypeDetector.java:205

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE::TSK_INTERESTING_FILE_HIT
TSK_INTERESTING_FILE_HIT

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_CATEGORY
TSK_CATEGORY

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.tika
static final Tika tika
Definition: FileTypeDetector.java:38

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE::TSK_SET_NAME
TSK_SET_NAME

org::sleuthkit::datamodel::BlackboardArtifact::addAttribute
void addAttribute(BlackboardAttribute attr)

org::sleuthkit::datamodel::TskCoreException

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer
final byte buffer[]
Definition: FileTypeDetector.java:40

org::sleuthkit.autopsy.modules.filetypeid.FileTypeIdModuleFactory
Definition: FileTypeIdModuleFactory.java:36

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetectorInitException
Definition: FileTypeDetector.java:228

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsUserDefinedType
boolean isDetectableAsUserDefinedType(String mimeType)
Definition: FileTypeDetector.java:76

org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM::UNALLOC_BLOCKS
UNALLOC_BLOCKS

org::sleuthkit::datamodel::AbstractFile

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect
String detect(AbstractFile file)
Definition: FileTypeDetector.java:154

org::sleuthkit::datamodel

org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType
String getFileType(AbstractFile file)
Definition: FileTypeDetector.java:107

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika
boolean isDetectableByTika(String mimeType)
Definition: FileTypeDetector.java:86

org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE

org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM::UNUSED_BLOCKS
UNUSED_BLOCKS

org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM

org::sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard
String detectAndPostToBlackboard(AbstractFile file)
Definition: FileTypeDetector.java:131