Autopsy  4.14.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileType.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.io.Serializable;
22 import java.io.UnsupportedEncodingException;
23 import java.nio.charset.StandardCharsets;
24 import java.util.ArrayList;
25 import java.util.Arrays;
26 import java.util.Collections;
27 import java.util.List;
28 import java.util.Objects;
29 import java.util.logging.Level;
30 import javax.swing.JOptionPane;
31 import javax.xml.bind.DatatypeConverter;
32 import org.openide.windows.WindowManager;
34 import org.sleuthkit.datamodel.AbstractFile;
35 import org.sleuthkit.datamodel.TskCoreException;
36 
42 class FileType implements Serializable {
43 
44  private static final long serialVersionUID = 1L;
45  private final String mimeType;
46  private final List<Signature> signatures;
47  private final boolean createInterestingFileHit;
48  private final String interestingFilesSetName;
49 
58  FileType(String mimeType, List<Signature> signatures) throws IllegalArgumentException {
59  this(mimeType, signatures, false, "");
60  }
61 
72  FileType(String mimeType, List<Signature> signatures, boolean createInterestingFileHit, String setName) throws IllegalArgumentException {
73  if (signatures.isEmpty()) {
74  throw new IllegalArgumentException("Must have at least one signature.");
75  }
76  this.mimeType = mimeType;
77  this.signatures = new ArrayList<>(signatures);
78  this.createInterestingFileHit = createInterestingFileHit;
79  this.interestingFilesSetName = setName;
80  }
81 
87  String getMimeType() {
88  return mimeType;
89  }
90 
97  String getInterestingFilesSetName() {
98  return interestingFilesSetName;
99  }
100 
107  boolean shouldCreateInterestingFileHit() {
108  return createInterestingFileHit;
109  }
110 
116  List<Signature> getSignatures() {
117  return Collections.unmodifiableList(this.signatures);
118  }
119 
125  void addSignature(Signature sig) {
126  this.signatures.add(sig);
127  }
128 
136  boolean matches(final AbstractFile file) {
137  for (Signature sig : this.signatures) {
138  if (!sig.containedIn(file)) {
139  return false;
140  }
141  }
142  return true;
143  }
144 
145  @Override
146  public String toString() {
147  return this.mimeType;
148  }
149 
150  @Override
151  public boolean equals(Object other) {
152  if (other != null && other instanceof FileType) {
153  FileType that = (FileType) other;
154  if (this.getMimeType().equals(that.getMimeType()) && this.getSignatures().equals(that.getSignatures())) {
155  return true;
156  }
157  }
158  return false;
159  }
160 
161  @Override
162  public int hashCode() {
163  int hash = 7;
164  hash = 67 * hash + Objects.hashCode(this.mimeType);
165  hash = 67 * hash + Objects.hashCode(this.signatures);
166  return hash;
167  }
168 
175  static class Signature implements Serializable {
176 
177  private static final long serialVersionUID = 1L;
178  private static final Logger logger = Logger.getLogger(Signature.class.getName());
179 
183  enum Type {
184 
185  RAW, ASCII
186  };
187 
188  private final byte[] signatureBytes;
189  private final long offset;
190  private final Type type;
191  private final boolean isRelativeToStart;
192 
202  Signature(final byte[] signatureBytes, long offset, Type type) {
203  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
204  this.offset = offset;
205  this.type = type;
206  this.isRelativeToStart = true;
207  }
208 
216  Signature(String signatureString, long offset) {
217  this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
218  this.offset = offset;
219  this.type = Type.ASCII;
220  this.isRelativeToStart = true;
221  }
222 
232  Signature(final byte[] signatureBytes, long offset) {
233  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
234  this.offset = offset;
235  this.type = Type.RAW;
236  this.isRelativeToStart = true;
237  }
238 
250  Signature(final byte[] signatureBytes, long offset, Type type, boolean isRelativeToStart) {
251  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
252  this.offset = offset;
253  this.type = type;
254  this.isRelativeToStart = isRelativeToStart;
255  }
256 
266  Signature(String signatureString, long offset, boolean isRelativeToStart) {
267  this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
268  this.offset = offset;
269  this.type = Type.ASCII;
270  this.isRelativeToStart = isRelativeToStart;
271  }
272 
284  Signature(final byte[] signatureBytes, long offset, boolean isRelativeToStart) {
285  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
286  this.offset = offset;
287  this.type = Type.RAW;
288  this.isRelativeToStart = isRelativeToStart;
289  }
290 
296  byte[] getSignatureBytes() {
297  return Arrays.copyOf(signatureBytes, signatureBytes.length);
298  }
299 
305  long getOffset() {
306  return offset;
307  }
308 
314  Type getType() {
315  return type;
316  }
317 
318  boolean isRelativeToStart() {
319  return isRelativeToStart;
320  }
321 
330  boolean containedIn(final AbstractFile file) {
331  if (offset >= file.getSize()) {
332  return false; // File is too small, offset lies outside file.
333  }
334  long actualOffset = offset;
335  if (!isRelativeToStart) {
336  actualOffset = file.getSize() - 1 - offset;
337  }
338  if (file.getSize() < (actualOffset + signatureBytes.length)) {
339  return false;
340  }
341  try {
342  byte[] buffer = new byte[signatureBytes.length];
343  int bytesRead = file.read(buffer, actualOffset, signatureBytes.length);
344  return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes)));
345  } catch (TskCoreException ex) {
351  Signature.logger.log(Level.WARNING, "Error reading from file with objId = " + file.getId(), ex); //NON-NLS
352  return false;
353  }
354  }
355 
356  @Override
357  public boolean equals(Object other) {
358  if (other != null && other instanceof Signature) {
359  Signature that = (Signature) other;
360  if (Arrays.equals(this.getSignatureBytes(), that.getSignatureBytes())
361  && this.getOffset() == that.getOffset()
362  && this.getType().equals(that.getType())) {
363  return true;
364  }
365  }
366  return false;
367  }
368 
369  @Override
370  public int hashCode() {
371  int hash = 3;
372  hash = 97 * hash + Arrays.hashCode(this.signatureBytes);
373  hash = 97 * hash + (int) (this.offset ^ (this.offset >>> 32));
374  hash = 97 * hash + Objects.hashCode(this.type);
375  return hash;
376  }
377 
378  @Override
379  public String toString() {
380  String signatureBytesString;
381  if (Signature.Type.RAW == this.getType()) {
382  signatureBytesString = DatatypeConverter.printHexBinary(this.getSignatureBytes());
383  signatureBytesString = "0x" + signatureBytesString;
384  } else {
385  try {
386  signatureBytesString = new String(this.getSignatureBytes(), "UTF-8");
387  } catch (UnsupportedEncodingException ex) {
388  JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(),
389  ex.getLocalizedMessage(),
390  Bundle.AddFileTypeSignaturePanel_signatureStringFail_text(),
391  JOptionPane.ERROR_MESSAGE);
392  signatureBytesString = "";
393  }
394  }
395  String startOrEnd;
396  if (this.isRelativeToStart) {
397  startOrEnd = "start";
398  } else {
399  startOrEnd = "end";
400  }
401  return signatureBytesString + ", " + offset + " bytes from " + startOrEnd;
402 
403  }
404  }
405 
406 }

Copyright © 2012-2020 Basis Technology. Generated on: Wed Apr 8 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.