Autopsy
4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | FileTypeDetectorInitException |
Public Member Functions | |
FileTypeDetector () throws FileTypeDetectorInitException | |
String | detect (AbstractFile file) throws TskCoreException |
String | detectAndPostToBlackboard (AbstractFile file) throws TskCoreException |
String | getFileType (AbstractFile file) throws TskCoreException |
List< String > | getUserDefinedTypes () |
boolean | isDetectable (String mimeType) |
Static Public Member Functions | |
static synchronized SortedSet< String > | getStandardDetectedTypes () |
Private Member Functions | |
String | detect (AbstractFile file, boolean addToCaseDb) throws TskCoreException |
String | detectAutopsyDefinedType (AbstractFile file) throws TskCoreException |
String | detectUserDefinedType (AbstractFile file) throws TskCoreException |
boolean | isDetectableAsCustomType (List< FileType > customTypes, String mimeType) |
boolean | isDetectableByTika (String mimeType) |
String | removeOptionalParameter (String mimeType) |
Private Attributes | |
final List< FileType > | autopsyDefinedFileTypes |
final byte | buffer [] = new byte[BUFFER_SIZE] |
final List< FileType > | userDefinedFileTypes |
Static Private Attributes | |
static final int | BUFFER_SIZE = 64 * 1024 |
static SortedSet< String > | detectedTypes |
static final Logger | logger = Logger.getLogger(FileTypeDetector.class.getName()) |
static final Tika | tika = new Tika() |
Detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika.
Definition at line 46 of file FileTypeDetector.java.
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector | ( | ) | throws FileTypeDetectorInitException |
Constructs an object that detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika.
FileTypeDetectorInitException | if an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded. |
Definition at line 66 of file FileTypeDetector.java.
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect | ( | AbstractFile | file | ) | throws TskCoreException |
Detects the MIME type of a file. The result is not added to the case database.
file | The file to test. |
TskCoreException | If there is a problem writing the result to the case database. |
Definition at line 182 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), and org.sleuthkit.autopsy.corecomponents.MediaViewVideoPanel.isSupported().
|
private |
Detects the MIME type of a file. The result is saved to the case database only if the add to case database flag is set.
file | The file to test. |
addToCaseDb | Whether the MIME type should be added to the case database. This flag is part of a partial workaround for a check-then-act-race condition (see notes in comments for details). |
TskCoreException | If there is a problem writing the result to the case database. |
Definition at line 202 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer, org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 431 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType().
|
private |
Determines whether or not the a file matches a custom file type defined by Autopsy.
file | The file to test. |
TskCoreException |
Definition at line 377 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
private |
Determines whether or not the a file matches a user-defined custom file type.
file | The file to test. |
TskCoreException |
Definition at line 332 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error(), org.sleuthkit.autopsy.casemodule.services.Services.getBlackboard(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getServices(), and org.sleuthkit.autopsy.casemodule.services.Blackboard.indexArtifact().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
IMPORTANT: This method should only be called by ingest modules. All other clients should call AbstractFile.getMIMEType, and may call FileTypeDetector.detect, if AbstractFile.getMIMEType returns null.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 166 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process().
|
static |
Returns an unmodifiable list of standard MIME types that does not contain types with optional parameters. The list has no duplicate types and is in alphabetical order.
Definition at line 113 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes | ( | ) |
Gets the names of the custom file types defined by the user or by Autopsy.
Definition at line 81 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().
boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable | ( | String | mimeType | ) |
Determines whether or not a given MIME type is detectable by this detector.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 100 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().
|
private |
Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.
customTypes | |
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 130 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Determines whether or not a given MIME type is detectable by Tika.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 146 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getStandardDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Removes the optional parameter from a MIME type string
mimeType |
Definition at line 313 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
|
private |
Definition at line 53 of file FileTypeDetector.java.
|
private |
Definition at line 51 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
staticprivate |
Definition at line 50 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 54 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 48 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 49 of file FileTypeDetector.java.
|
private |
Definition at line 52 of file FileTypeDetector.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jan 2 2017
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.