Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | FileTypeDetectorInitException |
Public Member Functions | |
FileTypeDetector () throws FileTypeDetectorInitException | |
String | detect (AbstractFile file) throws TskCoreException |
String | detectAndPostToBlackboard (AbstractFile file) throws TskCoreException |
String | getFileType (AbstractFile file) throws TskCoreException |
List< String > | getUserDefinedTypes () |
boolean | isDetectable (String mimeType) |
Private Member Functions | |
String | detect (AbstractFile file, boolean addToCaseDb) throws TskCoreException |
String | detectAutopsyDefinedType (AbstractFile file) throws TskCoreException |
String | detectUserDefinedType (AbstractFile file) throws TskCoreException |
boolean | isDetectableAsCustomType (List< FileType > customTypes, String mimeType) |
boolean | isDetectableByTika (String mimeType) |
Private Attributes | |
final List< FileType > | autopsyDefinedFileTypes |
final byte | buffer [] = new byte[BUFFER_SIZE] |
final List< FileType > | userDefinedFileTypes |
Static Private Attributes | |
static final int | BUFFER_SIZE = 64 * 1024 |
static final Logger | logger = Logger.getLogger(FileTypeDetector.class.getName()) |
static final Tika | tika = new Tika() |
Detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika.
Definition at line 44 of file FileTypeDetector.java.
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector | ( | ) | throws FileTypeDetectorInitException |
Constructs an object that detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika.
FileTypeDetectorInitException | if an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded. |
Definition at line 63 of file FileTypeDetector.java.
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect | ( | AbstractFile | file | ) | throws TskCoreException |
Detects the MIME type of a file. The result is not added to the case database.
file | The file to test. |
TskCoreException | If there is a problem writing the result to the case database. |
Definition at line 172 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), and org.sleuthkit.autopsy.corecomponents.MediaViewVideoPanel.isSupported().
|
private |
Detects the MIME type of a file. The result is saved to the case database only if the add to case database flag is set.
file | The file to test. |
addToCaseDb | Whether the MIME type should be added to the case database. This flag is part of a partial workaround for a check-then-act-race condition (see notes in comments for details). |
TskCoreException | If there is a problem writing the result to the case database. |
Definition at line 192 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer, org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), and org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 410 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType().
|
private |
Determines whether or not the a file matches a custom file type defined by Autopsy.
file | The file to test. |
TskCoreException |
Definition at line 356 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
private |
Determines whether or not the a file matches a user-defined custom file type.
file | The file to test. |
TskCoreException |
Definition at line 311 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error(), org.sleuthkit.autopsy.casemodule.services.Services.getBlackboard(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getServices(), and org.sleuthkit.autopsy.casemodule.services.Blackboard.indexArtifact().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
IMPORTANT: This method should only be called by ingest modules. All other clients should call AbstractFile.getMIMEType, and may call FileTypeDetector.detect, if AbstractFile.getMIMEType returns null.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 156 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process().
List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes | ( | ) |
Gets the names of the custom file types defined by the user or by Autopsy.
Definition at line 78 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().
boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable | ( | String | mimeType | ) |
Determines whether or not a given MIME type is detectable by this detector.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 97 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().
|
private |
Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.
customTypes | |
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 112 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Determines whether or not a given MIME type is detectable by Tika.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 128 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Definition at line 51 of file FileTypeDetector.java.
|
private |
Definition at line 49 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
staticprivate |
Definition at line 48 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 46 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 47 of file FileTypeDetector.java.
|
private |
Definition at line 50 of file FileTypeDetector.java.
Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.