Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Static Public Attributes | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.coreutils.StringExtract Class Reference

Classes

class  StringExtractResult
 
class  StringExtractUnicodeTable
 

Public Member Functions

 StringExtract ()
 
StringExtractResult extract (byte[] buff, int len, int offset)
 
boolean isEnableUTF16 ()
 
boolean isEnableUTF8 ()
 
boolean isExtractionEnabled (SCRIPT script)
 
boolean isExtractionLatinBasicOnly ()
 
final void setEnabledScript (SCRIPT script)
 
final void setEnabledScripts (List< SCRIPT > scripts)
 
void setEnableUTF16 (boolean enableUTF16)
 
void setEnableUTF8 (boolean enableUTF8)
 

Static Public Member Functions

static String extractASCII (byte[] readBuf, int len, int offset)
 
static List< SCRIPTgetSupportedScripts ()
 
static boolean isExtractionSupported (SCRIPT script)
 
static boolean isPrintableAscii (char c)
 

Static Public Attributes

static final int MIN_CHARS_STRING = 4
 

Private Member Functions

StringExtractResult extractUTF16 (byte[] buff, int len, int offset, boolean endianSwap, final StringExtractResult res)
 
StringExtractResult extractUTF8 (byte[] buff, int len, int offset, final StringExtractResult res)
 

Private Attributes

final StringBuilder curString = new StringBuilder()
 
List< SCRIPTenabledScripts
 
boolean enableUTF16
 
boolean enableUTF8
 
final StringExtractResult resUTF16En1 = new StringExtractResult()
 
final StringExtractResult resUTF16En2 = new StringExtractResult()
 
final StringExtractResult resUTF8 = new StringExtractResult()
 
StringExtractUnicodeTable unicodeTable
 

Static Private Attributes

static final Logger logger = Logger.getLogger(StringExtract.class.getName())
 
static final List< SCRIPTSUPPORTED_SCRIPTS
 

Detailed Description

Language and encoding aware utility to extract strings from stream of bytes Currently supports UTF-16 LE, UTF-16 BE and UTF8 Latin, Cyrillic, Chinese, Arabic

TODO: process control characters

TODO: handle tie better (when number of chars in 2 results is equal)

Definition at line 43 of file StringExtract.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract ( )

Member Function Documentation

StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extract ( byte[]  buff,
int  len,
int  offset 
)

Runs the byte buffer through the string extractor

Parameters
buff
len
offset
Returns
string extraction result, with the string extracted and additional info

Definition at line 186 of file StringExtract.java.

References org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16(), org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8(), org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En2, and org.sleuthkit.autopsy.coreutils.StringExtract.resUTF8.

Referenced by org.sleuthkit.autopsy.corecomponents.DataContentViewerString.setDataView().

static String org.sleuthkit.autopsy.coreutils.StringExtract.extractASCII ( byte[]  readBuf,
int  len,
int  offset 
)
static
StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16 ( byte[]  buff,
int  len,
int  offset,
boolean  endianSwap,
final StringExtractResult  res 
)
private
StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8 ( byte[]  buff,
int  len,
int  offset,
final StringExtractResult  res 
)
private
static List<SCRIPT> org.sleuthkit.autopsy.coreutils.StringExtract.getSupportedScripts ( )
static
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF16 ( )
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF8 ( )
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionEnabled ( SCRIPT  script)

Check if extraction of the script is enabled by this instance of the utility. For LATIN_2 (extended LATIN), enable also LATIN_1, even if it's not explicitely enabled.

Parameters
scriptscript that was identified, to check if it is enabled
Returns
true if the the script extraction is enabled

Definition at line 148 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16(), and org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8().

boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionLatinBasicOnly ( )

Determine if Basic Latin/English extraction is set enabled only

Returns
true if only Basic Latin/English extraction is set enabled only

Definition at line 163 of file StringExtract.java.

static boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionSupported ( SCRIPT  script)
static

Check if extraction of the script is supported by the utility

Parameters
scriptscript to check if supported
Returns
true if the the utility supports the extraction of the script

Definition at line 135 of file StringExtract.java.

References org.sleuthkit.autopsy.coreutils.StringExtract.SUPPORTED_SCRIPTS.

static boolean org.sleuthkit.autopsy.coreutils.StringExtract.isPrintableAscii ( char  c)
static

Determine if char is a printable ASCII char in range <32,126> and a tab

Parameters
cchar to test
Returns
true if it's a printable char, or false otherwise

Definition at line 597 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extractASCII().

final void org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScript ( SCRIPT  script)

Sets the enabled script to one provided, resets previous setting

Parameters
scriptscript to consider for when extracting strings

Definition at line 122 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.corecomponents.DataContentViewerString.setDataView().

final void org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScripts ( List< SCRIPT scripts)

Sets the enabled scripts to ones provided, resets previous setting

Parameters
scriptsscripts to consider for when extracting strings

Definition at line 113 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract().

void org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF16 ( boolean  enableUTF16)
void org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF8 ( boolean  enableUTF8)

Member Data Documentation

final StringBuilder org.sleuthkit.autopsy.coreutils.StringExtract.curString = new StringBuilder()
private

Definition at line 73 of file StringExtract.java.

List<SCRIPT> org.sleuthkit.autopsy.coreutils.StringExtract.enabledScripts
private

currently enabled scripts

Definition at line 54 of file StringExtract.java.

boolean org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF16
private
boolean org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF8
private
final Logger org.sleuthkit.autopsy.coreutils.StringExtract.logger = Logger.getLogger(StringExtract.class.getName())
staticprivate

Definition at line 45 of file StringExtract.java.

final int org.sleuthkit.autopsy.coreutils.StringExtract.MIN_CHARS_STRING = 4
static

min. number of extracted chars to qualify as string

Definition at line 49 of file StringExtract.java.

final StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En1 = new StringExtractResult()
private

Definition at line 59 of file StringExtract.java.

final StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En2 = new StringExtractResult()
private
final StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.resUTF8 = new StringExtractResult()
private
final List<SCRIPT> org.sleuthkit.autopsy.coreutils.StringExtract.SUPPORTED_SCRIPTS
staticprivate
Initial value:
= Arrays.asList(
SCRIPT.LATIN_1, SCRIPT.LATIN_2, SCRIPT.ARABIC, SCRIPT.CYRILLIC, SCRIPT.HAN,
SCRIPT.HIRAGANA, SCRIPT.KATAKANA, SCRIPT.HANGUL,
SCRIPT.ARMENIAN, SCRIPT.BENGALI, SCRIPT.KHMER, SCRIPT.ETHIOPIC,
SCRIPT.GEORGIAN, SCRIPT.HEBREW, SCRIPT.LAO, SCRIPT.MONGOLIAN, SCRIPT.THAI, SCRIPT.TIBETAN)

supported scripts, can be overridden with enableScriptX methods

Definition at line 67 of file StringExtract.java.

Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.getSupportedScripts(), org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionSupported(), and org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract().

StringExtractUnicodeTable org.sleuthkit.autopsy.coreutils.StringExtract.unicodeTable
private

Definition at line 50 of file StringExtract.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.