Autopsy  4.5.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileType.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-2015 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.io.Serializable;
22 import java.io.UnsupportedEncodingException;
23 import java.nio.charset.StandardCharsets;
24 import java.util.ArrayList;
25 import java.util.Arrays;
26 import java.util.Collections;
27 import java.util.List;
28 import java.util.Objects;
29 import java.util.logging.Level;
30 import javax.swing.JOptionPane;
31 import javax.xml.bind.DatatypeConverter;
33 import org.sleuthkit.datamodel.AbstractFile;
34 import org.sleuthkit.datamodel.TskCoreException;
35 
41 class FileType implements Serializable {
42 
43  private static final long serialVersionUID = 1L;
44  private final String mimeType;
45  private final List<Signature> signatures;
46  private final boolean createInterestingFileHit;
47  private final String interestingFilesSetName;
48 
57  FileType(String mimeType, List<Signature> signatures) throws IllegalArgumentException {
58  this(mimeType, signatures, false, "");
59  }
60 
71  FileType(String mimeType, List<Signature> signatures, boolean createInterestingFileHit, String setName) throws IllegalArgumentException {
72  if (signatures.isEmpty()) {
73  throw new IllegalArgumentException("Must have at least one signature.");
74  }
75  this.mimeType = mimeType;
76  this.signatures = new ArrayList<>(signatures);
77  this.createInterestingFileHit = createInterestingFileHit;
78  this.interestingFilesSetName = setName;
79  }
80 
86  String getMimeType() {
87  return mimeType;
88  }
89 
96  String getInterestingFilesSetName() {
97  return interestingFilesSetName;
98  }
99 
106  boolean createInterestingFileHit() {
107  return createInterestingFileHit;
108  }
109 
115  List<Signature> getSignatures() {
116  return Collections.unmodifiableList(this.signatures);
117  }
118 
124  void addSignature(Signature sig) {
125  this.signatures.add(sig);
126  }
127 
135  boolean matches(final AbstractFile file) {
136  for (Signature sig : this.signatures) {
137  if (!sig.containedIn(file)) {
138  return false;
139  }
140  }
141  return true;
142  }
143 
144  @Override
145  public String toString() {
146  return this.mimeType;
147  }
148 
149  @Override
150  public boolean equals(Object other) {
151  if (other != null && other instanceof FileType) {
152  FileType that = (FileType) other;
153  if (this.getMimeType().equals(that.getMimeType()) && this.getSignatures().equals(that.getSignatures())) {
154  return true;
155  }
156  }
157  return false;
158  }
159 
160  @Override
161  public int hashCode() {
162  int hash = 7;
163  hash = 67 * hash + Objects.hashCode(this.mimeType);
164  hash = 67 * hash + Objects.hashCode(this.signatures);
165  return hash;
166  }
167 
174  static class Signature implements Serializable {
175 
176  private static final long serialVersionUID = 1L;
177  private static final Logger logger = Logger.getLogger(Signature.class.getName());
178 
182  enum Type {
183 
184  RAW, ASCII
185  };
186 
187  private final byte[] signatureBytes;
188  private final long offset;
189  private final Type type;
190  private final boolean isRelativeToStart;
191 
201  Signature(final byte[] signatureBytes, long offset, Type type) {
202  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
203  this.offset = offset;
204  this.type = type;
205  this.isRelativeToStart = true;
206  }
207 
215  Signature(String signatureString, long offset) {
216  this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
217  this.offset = offset;
218  this.type = Type.ASCII;
219  this.isRelativeToStart = true;
220  }
221 
231  Signature(final byte[] signatureBytes, long offset) {
232  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
233  this.offset = offset;
234  this.type = Type.RAW;
235  this.isRelativeToStart = true;
236  }
237 
249  Signature(final byte[] signatureBytes, long offset, Type type, boolean isRelativeToStart) {
250  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
251  this.offset = offset;
252  this.type = type;
253  this.isRelativeToStart = isRelativeToStart;
254  }
255 
265  Signature(String signatureString, long offset, boolean isRelativeToStart) {
266  this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
267  this.offset = offset;
268  this.type = Type.ASCII;
269  this.isRelativeToStart = isRelativeToStart;
270  }
271 
283  Signature(final byte[] signatureBytes, long offset, boolean isRelativeToStart) {
284  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
285  this.offset = offset;
286  this.type = Type.RAW;
287  this.isRelativeToStart = isRelativeToStart;
288  }
289 
295  byte[] getSignatureBytes() {
296  return Arrays.copyOf(signatureBytes, signatureBytes.length);
297  }
298 
304  long getOffset() {
305  return offset;
306  }
307 
313  Type getType() {
314  return type;
315  }
316 
317  boolean isRelativeToStart() {
318  return isRelativeToStart;
319  }
320 
329  boolean containedIn(final AbstractFile file) {
330  if (offset >= file.getSize()) {
331  return false; // File is too small, offset lies outside file.
332  }
333  long actualOffset = offset;
334  if (!isRelativeToStart) {
335  actualOffset = file.getSize() - 1 - offset;
336  }
337  if (file.getSize() < (actualOffset + signatureBytes.length)) {
338  return false;
339  }
340  try {
341  byte[] buffer = new byte[signatureBytes.length];
342  int bytesRead = file.read(buffer, actualOffset, signatureBytes.length);
343  return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes)));
344  } catch (TskCoreException ex) {
350  Signature.logger.log(Level.WARNING, "Error reading from file with objId = " + file.getId(), ex); //NON-NLS
351  return false;
352  }
353  }
354 
355  @Override
356  public boolean equals(Object other) {
357  if (other != null && other instanceof Signature) {
358  Signature that = (Signature) other;
359  if (Arrays.equals(this.getSignatureBytes(), that.getSignatureBytes())
360  && this.getOffset() == that.getOffset()
361  && this.getType().equals(that.getType())) {
362  return true;
363  }
364  }
365  return false;
366  }
367 
368  @Override
369  public int hashCode() {
370  int hash = 3;
371  hash = 97 * hash + Arrays.hashCode(this.signatureBytes);
372  hash = 97 * hash + (int) (this.offset ^ (this.offset >>> 32));
373  hash = 97 * hash + Objects.hashCode(this.type);
374  return hash;
375  }
376 
377  @Override
378  public String toString() {
379  String signatureBytesString;
380  if (Signature.Type.RAW == this.getType()) {
381  signatureBytesString = DatatypeConverter.printHexBinary(this.getSignatureBytes());
382  signatureBytesString = "0x" + signatureBytesString;
383  } else {
384  try {
385  signatureBytesString = new String(this.getSignatureBytes(), "UTF-8");
386  } catch (UnsupportedEncodingException ex) {
387  JOptionPane.showMessageDialog(null,
388  ex.getLocalizedMessage(),
389  Bundle.AddFileTypeSignaturePanel_signatureStringFail_text(),
390  JOptionPane.ERROR_MESSAGE);
391  signatureBytesString = "";
392  }
393  }
394  String startOrEnd;
395  if (this.isRelativeToStart) {
396  startOrEnd = "start";
397  } else {
398  startOrEnd = "end";
399  }
400  return signatureBytesString + ", " + offset + " bytes from " + startOrEnd;
401 
402  }
403  }
404 
405 }

Copyright © 2012-2016 Basis Technology. Generated on: Tue Feb 20 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.