Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
PhotoRecCarverOutputParser.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.photoreccarver;
20 
21 import java.io.File;
22 import java.io.FileNotFoundException;
23 import java.io.IOException;
24 import java.nio.file.Path;
25 import java.nio.file.Paths;
26 import java.util.ArrayList;
27 import java.util.Collections;
28 import java.util.List;
29 import java.util.logging.Level;
39 import org.w3c.dom.Document;
40 import org.w3c.dom.Element;
41 import org.w3c.dom.NodeList;
42 
46 class PhotoRecCarverOutputParser {
47 
48  private final Path basePath;
49  private static final Logger logger = Logger.getLogger(PhotoRecCarverFileIngestModule.class.getName());
50 
51  PhotoRecCarverOutputParser(Path base) {
52  basePath = base;
53  }
54 
66  List<LayoutFile> parse(File xmlInputFile, long id, AbstractFile af) throws FileNotFoundException, IOException {
67  try {
68  final Document doc = XMLUtil.loadDoc(PhotoRecCarverOutputParser.class, xmlInputFile.toString());
69  if (doc == null) {
70  return null;
71  }
72 
73  Element root = doc.getDocumentElement();
74  if (root == null) {
75  logger.log(Level.SEVERE, "Error loading config file: invalid file format (bad root)."); //NON-NLS
76  return null;
77  }
78 
79  NodeList fileObjects = root.getElementsByTagName("fileobject"); //NON-NLS
80  final int numberOfFiles = fileObjects.getLength();
81 
82  if (numberOfFiles == 0) {
83  return null;
84  }
85  String fileName;
86  Long fileSize;
87  NodeList fileNames;
88  NodeList fileSizes;
89  NodeList fileRanges;
90  Element entry;
91  Path filePath;
92  FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
93 
94  // create and initialize the list to put into the database
95  List<CarvedFileContainer> carvedFileContainer = new ArrayList<>();
96 
97  for (int fileIndex = 0; fileIndex < numberOfFiles; ++fileIndex) {
98  entry = (Element) fileObjects.item(fileIndex);
99  fileNames = entry.getElementsByTagName("filename"); //NON-NLS
100  fileSizes = entry.getElementsByTagName("filesize"); //NON-NLS
101  fileRanges = entry.getElementsByTagName("byte_run"); //NON-NLS
102 
103  fileSize=Long.parseLong(fileSizes.item(0).getTextContent());
104  fileName=fileNames.item(0).getTextContent();
105  filePath = Paths.get(fileName);
106  if (filePath.startsWith(basePath)) {
107  fileName = filePath.getFileName().toString();
108  }
109 
110  List<TskFileRange> tskRanges = new ArrayList<>();
111  for (int rangeIndex = 0; rangeIndex < fileRanges.getLength(); ++rangeIndex) {
112 
113  Long img_offset = Long.parseLong(((Element) fileRanges.item(rangeIndex)).getAttribute("img_offset")); //NON-NLS
114  Long len = Long.parseLong(((Element) fileRanges.item(rangeIndex)).getAttribute("len")); //NON-NLS
115 
116  // Verify PhotoRec's output
117  long fileByteStart = af.convertToImgOffset(img_offset);
118  if (fileByteStart == -1) {
119  // This better never happen... Data for this file is corrupted. Skip it.
120  logger.log(Level.INFO, "Error while parsing PhotoRec output for file {0}", fileName); //NON-NLS
121  continue;
122  }
123 
124  // check that carved file is within unalloc block
125  long fileByteEnd = img_offset + len;
126  if (fileByteEnd > af.getSize()) {
127  long overshoot = fileByteEnd - af.getSize();
128  if (fileSize > overshoot) {
129  fileSize = fileSize - overshoot;
130  } else {
131  // This better never happen... Data for this file is corrupted. Skip it.
132  continue;
133  }
134  }
135 
136  tskRanges.add(new TskFileRange(fileByteStart, len, rangeIndex));
137  }
138 
139  if (!tskRanges.isEmpty()) {
140  carvedFileContainer.add(new CarvedFileContainer(fileName, fileSize, id, tskRanges));
141  }
142  }
143  return fileManager.addCarvedFiles(carvedFileContainer);
144  }
145  catch (NumberFormatException | TskCoreException ex) {
146  logger.log(Level.SEVERE, "Error parsing PhotoRec output and inserting it into the database: {0}", ex); //NON_NLS
147  }
148 
149  List<LayoutFile> empty = Collections.emptyList();
150  return empty;
151  }
152 }

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.