Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector Class Reference

Classes

class  FileTypeDetectorInitException
 

Public Member Functions

 FileTypeDetector () throws FileTypeDetectorInitException
 
String detect (AbstractFile file) throws TskCoreException
 
String detectAndPostToBlackboard (AbstractFile file) throws TskCoreException
 
String getFileType (AbstractFile file) throws TskCoreException
 
List< String > getUserDefinedTypes ()
 
boolean isDetectable (String mimeType)
 

Private Member Functions

String detect (AbstractFile file, boolean addToCaseDb) throws TskCoreException
 
String detectUserDefinedType (AbstractFile file, boolean postToBlackBoard) throws TskCoreException
 
boolean isDetectableAsUserDefinedType (String mimeType)
 
boolean isDetectableByTika (String mimeType)
 

Private Attributes

final byte buffer [] = new byte[BUFFER_SIZE]
 
final List< FileType > userDefinedFileTypes
 

Static Private Attributes

static final int BUFFER_SIZE = 64 * 1024
 
static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName())
 
static final Tika tika = new Tika()
 

Detailed Description

Detects the MIME type of a file by an inspection of its contents, using both user-defined type definitions and Tika.

Definition at line 43 of file FileTypeDetector.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector ( ) throws FileTypeDetectorInitException

Constructs an object that detects the MIME type of a file by an inspection of its contents, using both user-defined type definitions and Tika.

Exceptions
FileTypeDetectorInitExceptionif an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded.

Definition at line 61 of file FileTypeDetector.java.

Member Function Documentation

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect ( AbstractFile  file) throws TskCoreException

Detects the MIME type of a file. The result is not added to the case database.

Parameters
fileThe file to test.
Returns
A MIME type name. If file type could not be detected or results were uncertain, octet-stream is returned.
Exceptions
TskCoreExceptionIf there is a problem writing the result to the case database.

Definition at line 164 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), and org.sleuthkit.autopsy.corecomponents.MediaViewVideoPanel.isSupported().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect ( AbstractFile  file,
boolean  addToCaseDb 
) throws TskCoreException
private

Detects the MIME type of a file. The result is saved to the case database only if the add to case dastabase flag is set.

Parameters
fileThe file to test.
addToCaseDbWhether the MIME type should be added to the case database. This flag is part of a partial workaround for a check-then-act-race condition (see notes in comments for details).
Returns
A MIME type name. If file type could not be detected or results were uncertain, octet-stream is returned.
Exceptions
TskCoreExceptionIf there is a problem writing the result to the case database.

Definition at line 184 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer, org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard ( AbstractFile  file) throws TskCoreException

Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.

Parameters
fileThe file.
Returns
A MIME type name.
Exceptions
TskCoreExceptionif detection is required and there is a problem writing the result to the case database.
Deprecated:
Use getFileType instead and use AbstractFile.getMIMEType instead of querying the blackboard.

Definition at line 381 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType ( AbstractFile  file,
boolean  postToBlackBoard 
) throws TskCoreException
private

Determines whether or not the a file matches a user-defined or Autopsy predefined file type. If postToBlackBoard is true, and a match is found, and the file type definition calls for an alert on a match, an interesting file hit artifact is posted to the blackboard.

Parameters
fileThe file to test.
postToBlackBoardWhether an interesting file hit could be posted to the blackboard.
Returns
The file type name string or null, if no match is detected.
Exceptions
TskCoreException

Definition at line 298 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error(), org.sleuthkit.autopsy.casemodule.services.Services.getBlackboard(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getServices(), and org.sleuthkit.autopsy.casemodule.services.Blackboard.indexArtifact().

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType ( AbstractFile  file) throws TskCoreException

Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.

IMPORTANT: This method should only be called by ingest modules. All other clients should call AbstractFile.getMIMEType, and may call FileTypeDetector.detect, if AbstractFile.getMIMEType returns null.

Parameters
fileThe file.
Returns
A MIME type name. If file type could not be detected or results were uncertain, octet-stream is returned.
Exceptions
TskCoreExceptionif detection is required and there is a problem writing the result to the case database.

Definition at line 148 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().

Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process().

List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes ( )

Gets the names of the user-defined MIME types.

Returns
A list of the user-defined MIME types.

Definition at line 74 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable ( String  mimeType)

Determines whether or not a given MIME type is detectable by this detector.

Parameters
mimeTypeThe MIME type name (e.g., "text/html").
Returns
True or false.

Definition at line 92 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsUserDefinedType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsUserDefinedType ( String  mimeType)
private

Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.

Parameters
mimeTypeThe MIME type name (e.g., "text/html").
Returns
True or false.

Definition at line 104 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika ( String  mimeType)
private

Determines whether or not a given MIME type is detectable by Tika.

Parameters
mimeTypeThe MIME type name (e.g., "text/html").
Returns
True or false.

Definition at line 120 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().

Member Data Documentation

final byte org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer[] = new byte[BUFFER_SIZE]
private
final int org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.BUFFER_SIZE = 64 * 1024
staticprivate

Definition at line 46 of file FileTypeDetector.java.

final Logger org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.logger = Logger.getLogger(FileTypeDetector.class.getName())
staticprivate

Definition at line 49 of file FileTypeDetector.java.

final Tika org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.tika = new Tika()
staticprivate

Definition at line 45 of file FileTypeDetector.java.

final List<FileType> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.userDefinedFileTypes
private

Definition at line 48 of file FileTypeDetector.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.