Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.coreutils.StringExtract Class Reference

Classes

class  StringExtractResult
 
class  StringExtractUnicodeTable
 

Public Member Functions

 StringExtract ()
 
boolean isEnableUTF8 ()
 
void setEnableUTF8 (boolean enableUTF8)
 
boolean isEnableUTF16 ()
 
void setEnableUTF16 (boolean enableUTF16)
 
final void setEnabledScripts (List< SCRIPT > scripts)
 
final void setEnabledScript (SCRIPT script)
 
boolean isExtractionEnabled (SCRIPT script)
 
boolean isExtractionLatinBasicOnly ()
 
StringExtractResult extract (byte[] buff, int len, int offset)
 

Static Public Member Functions

static boolean isExtractionSupported (SCRIPT script)
 
static List< SCRIPTgetSupportedScripts ()
 
static String extractASCII (byte[] readBuf, int len, int offset)
 
static boolean isPrintableAscii (char c)
 

Static Public Attributes

static final int MIN_CHARS_STRING = 4
 

Private Member Functions

StringExtractResult extractUTF16 (byte[] buff, int len, int offset, boolean endianSwap, final StringExtractResult res)
 
StringExtractResult extractUTF8 (byte[] buff, int len, int offset, final StringExtractResult res)
 

Private Attributes

StringExtractUnicodeTable unicodeTable
 
List< SCRIPTenabledScripts
 
boolean enableUTF8
 
boolean enableUTF16
 
final StringExtractResult resUTF16En1 = new StringExtractResult()
 
final StringExtractResult resUTF16En2 = new StringExtractResult()
 
final StringExtractResult resUTF8 = new StringExtractResult()
 
final StringBuilder curString = new StringBuilder()
 

Static Private Attributes

static final Logger logger = Logger.getLogger(StringExtract.class.getName())
 
static final List< SCRIPTSUPPORTED_SCRIPTS
 

Detailed Description

Language and encoding aware utility to extract strings from stream of bytes Currently supports UTF-16 LE, UTF-16 BE and UTF8 Latin, Cyrillic, Chinese, Arabic

TODO: process control characters

TODO: handle tie better (when number of chars in 2 results is equal)

Definition at line 43 of file StringExtract.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract ( )

Member Function Documentation

StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extract ( byte[]  buff,
int  len,
int  offset 
)

Runs the byte buffer through the string extractor

Parameters
buff
len
offset
Returns
string extraction result, with the string extracted and additional info

Definition at line 186 of file StringExtract.java.

References org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16(), org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8(), org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En2, and org.sleuthkit.autopsy.coreutils.StringExtract.resUTF8.

Referenced by org.sleuthkit.autopsy.corecomponents.DataContentViewerString.setDataView().

static String org.sleuthkit.autopsy.coreutils.StringExtract.extractASCII ( byte[]  readBuf,
int  len,
int  offset 
)
static
StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16 ( byte[]  buff,
int  len,
int  offset,
boolean  endianSwap,
final StringExtractResult  res 
)
private
StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8 ( byte[]  buff,
int  len,
int  offset,
final StringExtractResult  res 
)
private
static List<SCRIPT> org.sleuthkit.autopsy.coreutils.StringExtract.getSupportedScripts ( )
static
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF16 ( )
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF8 ( )
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionEnabled ( SCRIPT  script)

Check if extraction of the script is enabled by this instance of the utility. For LATIN_2 (extended LATIN), enable also LATIN_1, even if it's not explicitely enabled.

Parameters
scriptscript that was identified, to check if it is enabled
Returns
true if the the script extraction is enabled

Definition at line 149 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16(), and org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8().

boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionLatinBasicOnly ( )

Determine if Basic Latin/English extraction is set enabled only

Returns
true if only Basic Latin/English extraction is set enabled only

Definition at line 163 of file StringExtract.java.

static boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionSupported ( SCRIPT  script)
static

Check if extraction of the script is supported by the utility

Parameters
scriptscript to check if supported
Returns
true if the the utility supports the extraction of the script

Definition at line 137 of file StringExtract.java.

static boolean org.sleuthkit.autopsy.coreutils.StringExtract.isPrintableAscii ( char  c)
static

Determine if char is a printable ASCII char in range <32,126> and a tab

Parameters
cchar to test
Returns
true if it's a printable char, or false otherwise

Definition at line 603 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extractASCII().

final void org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScript ( SCRIPT  script)

Sets the enabled script to one provided, resets previous setting

Parameters
scriptscript to consider for when extracting strings

Definition at line 125 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.corecomponents.DataContentViewerString.setDataView().

final void org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScripts ( List< SCRIPT scripts)

Sets the enabled scripts to ones provided, resets previous setting

Parameters
scriptsscripts to consider for when extracting strings

Definition at line 115 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract().

void org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF16 ( boolean  enableUTF16)
void org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF8 ( boolean  enableUTF8)

Member Data Documentation

final StringBuilder org.sleuthkit.autopsy.coreutils.StringExtract.curString = new StringBuilder()
private

Definition at line 73 of file StringExtract.java.

List<SCRIPT> org.sleuthkit.autopsy.coreutils.StringExtract.enabledScripts
private

currently enabled scripts

Definition at line 54 of file StringExtract.java.

boolean org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF16
private
boolean org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF8
private
final Logger org.sleuthkit.autopsy.coreutils.StringExtract.logger = Logger.getLogger(StringExtract.class.getName())
staticprivate

Definition at line 45 of file StringExtract.java.

final int org.sleuthkit.autopsy.coreutils.StringExtract.MIN_CHARS_STRING = 4
static

min. number of extracted chars to qualify as string

Definition at line 49 of file StringExtract.java.

final StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En1 = new StringExtractResult()
private

Definition at line 59 of file StringExtract.java.

final StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En2 = new StringExtractResult()
private
final StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.resUTF8 = new StringExtractResult()
private
final List<SCRIPT> org.sleuthkit.autopsy.coreutils.StringExtract.SUPPORTED_SCRIPTS
staticprivate
Initial value:
=
Arrays.asList(
SCRIPT.LATIN_1, SCRIPT.LATIN_2, SCRIPT.ARABIC, SCRIPT.CYRILLIC, SCRIPT.HAN,
SCRIPT.HIRAGANA, SCRIPT.KATAKANA, SCRIPT.HANGUL,
SCRIPT.ARMENIAN, SCRIPT.BENGALI, SCRIPT.KHMER, SCRIPT.ETHIOPIC,
SCRIPT.GEORGIAN, SCRIPT.HEBREW, SCRIPT.LAO, SCRIPT.MONGOLIAN, SCRIPT.THAI, SCRIPT.TIBETAN)

supported scripts, can be overridden with enableScriptX methods

Definition at line 66 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.getSupportedScripts().

StringExtractUnicodeTable org.sleuthkit.autopsy.coreutils.StringExtract.unicodeTable
private

Definition at line 50 of file StringExtract.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.