Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileType.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-2015 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.util.Arrays;
22 import java.util.logging.Level;
23 import org.sleuthkit.autopsy.coreutils.Logger;
24 import org.sleuthkit.datamodel.AbstractFile;
25 import org.sleuthkit.datamodel.TskCoreException;
26 
32 class FileType {
33 
34  private final String mimeType;
35  private final Signature signature;
36  private final String interestingFilesSetName;
37  private final boolean alert;
38 
50  FileType(String mimeType, final Signature signature, String filesSetName, boolean alert) {
51  this.mimeType = mimeType;
52  this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType());
53  this.interestingFilesSetName = filesSetName;
54  this.alert = alert;
55  }
56 
62  String getMimeType() {
63  return mimeType;
64  }
65 
71  Signature getSignature() {
72  return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType());
73  }
74 
81  boolean matches(final AbstractFile file) {
82  return signature.containedIn(file);
83  }
84 
91  boolean alertOnMatch() {
92  return alert;
93  }
94 
101  String getFilesSetName() {
102  return interestingFilesSetName;
103  }
104 
111  static class Signature {
112 
113  private static final Logger logger = Logger.getLogger(Signature.class.getName());
114 
118  enum Type {
119 
120  RAW, ASCII
121  };
122 
123  private final byte[] signatureBytes;
124  private final long offset;
125  private final Type type;
126 
136  Signature(final byte[] signatureBytes, long offset, Type type) {
137  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
138  this.offset = offset;
139  this.type = type;
140  }
141 
147  byte[] getSignatureBytes() {
148  return Arrays.copyOf(signatureBytes, signatureBytes.length);
149  }
150 
156  long getOffset() {
157  return offset;
158  }
159 
165  Type getType() {
166  return type;
167  }
168 
176  boolean containedIn(final AbstractFile file) {
177  try {
178  byte[] buffer = new byte[signatureBytes.length];
179  int bytesRead = file.read(buffer, offset, signatureBytes.length);
180  return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes)));
181  } catch (TskCoreException ex) {
187  Signature.logger.log(Level.WARNING, "Error reading from file with objId = " + file.getId(), ex); //NON-NLS
188  return false;
189  }
190  }
191  }
192 
193 }
org::sleuthkit::datamodel::AbstractContent::getId
long getId()
org::sleuthkit::datamodel::AbstractFile::read
final int read(byte[] buf, long offset, long len)
org::sleuthkit.autopsy.coreutils.Logger.getLogger
static Logger getLogger(String name)
Definition: Logger.java:131

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.