Autopsy
4.12.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | FileTypeDetectorInitException |
Public Member Functions | |
FileTypeDetector () throws FileTypeDetectorInitException | |
String | detect (AbstractFile file) throws TskCoreException |
String | detectAndPostToBlackboard (AbstractFile file) throws TskCoreException |
String | getFileType (AbstractFile file) throws TskCoreException |
String | getMIMEType (AbstractFile file) |
List< String > | getUserDefinedTypes () |
boolean | isDetectable (String mimeType) |
Static Public Member Functions | |
static synchronized SortedSet< String > | getDetectedTypes () throws FileTypeDetectorInitException |
Private Member Functions | |
boolean | byteIs0xFF (byte x) |
String | detectAutopsyDefinedType (AbstractFile file) |
String | detectUserDefinedType (AbstractFile file) |
byte[] | getNBytes (AbstractFile file, int offset, int n) throws TskCoreException |
boolean | isDetectableAsCustomType (List< FileType > customTypes, String mimeType) |
boolean | isDetectableByTika (String mimeType) |
String | removeOptionalParameter (String mimeType) |
Static Private Member Functions | |
static SortedSet< String > | getTikaDetectedTypes () |
Private Attributes | |
final List< FileType > | autopsyDefinedFileTypes |
final List< FileType > | userDefinedFileTypes |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(FileTypeDetector.class.getName()) |
static final int | SLACK_FILE_THRESHOLD = 4096 |
static final Tika | tika = new Tika() |
static SortedSet< String > | tikaDetectedTypes |
Detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.
Definition at line 44 of file FileTypeDetector.java.
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector | ( | ) | throws FileTypeDetectorInitException |
Constructs an object that detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.
FileTypeDetectorInitException | If an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded. |
Definition at line 116 of file FileTypeDetector.java.
|
private |
Determine if the byte is 255 (0xFF) by examining the last 4 bits and the first 4 bits.
x | byte |
Definition at line 298 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect | ( | AbstractFile | file | ) | throws TskCoreException |
Detects the MIME type of a file. The result is not added to the case database.
file | The file to test. |
TskCoreException |
Definition at line 481 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 437 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
private |
Determines whether or not a file matches a custom file type defined by Autopsy.
file | The file to test. |
Definition at line 362 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
private |
Determines whether or not a file matches a user-defined custom file type.
file | The file to test. |
Definition at line 342 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
static |
Gets a sorted set of the file types that can be detected: the MIME types detected by Tika (without optional parameters), the custom MIME types defined by Autopsy, and any custom MIME types defined by the user.
FileTypeDetectorInitException | If an error occurs while assembling the list of types |
Definition at line 63 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes().
Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.customInit(), and org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 461 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType | ( | AbstractFile | file | ) |
Detects the MIME type of a file, then writes it the AbstractFile object representing the file and returns the detected type.
file | The file to test. |
We cannot trust Tika's audio/mpeg mimetype. Lets verify the first two bytes and confirm it is not 0xffff. Details in JIRA-4659
Definition at line 179 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.byteIs0xFF(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getNBytes(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.SLACK_FILE_THRESHOLD.
Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.contentviewers.FileViewer.isPreferred(), org.sleuthkit.autopsy.contentviewers.FileViewer.isSupported(), org.sleuthkit.autopsy.contentviewers.MediaPlayerPanel.isSupported(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process(), and org.sleuthkit.autopsy.contentviewers.FileViewer.setNode().
|
private |
Retrieves the first N bytes from a file.
file | Abstract file to read |
offset | Offset to begin reading |
n | Number of bytes to read |
TskCoreException |
Definition at line 313 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
staticprivate |
Gets a sorted set of the MIME types detected by Tika (without optional parameters).
Definition at line 96 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes | ( | ) |
Gets the names of the custom file types defined by the user or by Autopsy.
Definition at line 411 of file FileTypeDetector.java.
boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable | ( | String | mimeType | ) |
Determines whether or not a given MIME type is detectable by this detector.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 133 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().
|
private |
Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.
customTypes | |
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 148 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Determines whether or not a given MIME type is detectable by Tika.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 164 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Removes the optional parameter from a MIME type string
mimeType |
Definition at line 326 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
|
private |
Definition at line 50 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 46 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 48 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
staticprivate |
Definition at line 47 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 51 of file FileTypeDetector.java.
|
private |
Definition at line 49 of file FileTypeDetector.java.
Copyright © 2012-2018 Basis Technology. Generated on: Wed Sep 18 2019
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.