19 package org.sleuthkit.autopsy.modules.filetypeid;
21 import java.util.Arrays;
22 import java.util.HashMap;
23 import java.util.List;
24 import java.util.logging.Level;
25 import org.openide.util.NbBundle;
39 import static org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT;
41 import static org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY;
42 import static org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
49 @NbBundle.Messages({
"CannotRunFileTypeDetection=Unable to run file type detection."})
53 private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs =
new HashMap<>();
73 logger.log(Level.SEVERE,
"Failed to create file type detector", ex);
87 jobId = context.getJobId();
104 long startTime = System.currentTimeMillis();
105 String mimeType = fileTypeDetector.
getMIMEType(file);
106 file.setMIMEType(mimeType);
107 FileType fileType = detectUserDefinedFileType(file);
108 if (fileType != null && fileType.shouldCreateInterestingFileHit()) {
109 createInterestingFileHit(file, fileType);
111 addToTotals(jobId, (System.currentTimeMillis() - startTime));
113 }
catch (Exception e) {
114 logger.log(Level.WARNING, String.format(
"Error while attempting to determine file type of file %d", file.getId()), e);
130 FileType retValue = null;
132 CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
133 List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
134 for (FileType fileType : fileTypesList) {
135 if (fileType.matches(file)) {
152 List<BlackboardAttribute> attributes = Arrays.asList(
153 new BlackboardAttribute(
155 fileType.getInterestingFilesSetName()),
156 new BlackboardAttribute(
158 fileType.getMimeType()));
164 if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
165 BlackboardArtifact artifact = file.newArtifact(TSK_INTERESTING_FILE_HIT);
166 artifact.addAttributes(attributes);
174 }
catch (Blackboard.BlackboardException ex) {
175 logger.log(Level.SEVERE, String.format(
"Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex);
179 }
catch (TskCoreException ex) {
180 logger.log(Level.SEVERE, String.format(
"Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex);
182 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
194 synchronized (
this) {
195 jobTotals = totalsForIngestJobs.remove(jobId);
197 if (jobTotals != null) {
198 StringBuilder detailsSb =
new StringBuilder();
199 detailsSb.append(
"<table border='0' cellpadding='4' width='280'>");
201 detailsSb.append(
"<tr><td>")
202 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalProcTime"))
203 .append(
"</td><td>").append(jobTotals.matchTime).append(
"</td></tr>\n");
204 detailsSb.append(
"<tr><td>")
205 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalFiles"))
206 .append(
"</td><td>").append(jobTotals.numFiles).append(
"</td></tr>\n");
207 detailsSb.append(
"</table>");
209 NbBundle.getMessage(this.getClass(),
210 "FileTypeIdIngestModule.complete.srvMsg.text"),
211 detailsSb.toString()));
223 private static synchronized void addToTotals(
long jobId,
long matchTimeInc) {
225 if (ingestJobTotals == null) {
227 totalsForIngestJobs.put(jobId, ingestJobTotals);
230 ingestJobTotals.matchTime += matchTimeInc;
231 ingestJobTotals.numFiles++;
232 totalsForIngestJobs.put(jobId, ingestJobTotals);
synchronized long decrementAndGet(long jobId)
boolean isDetectable(String mimeType)
FileTypeDetector fileTypeDetector
synchronized long incrementAndGet(long jobId)
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
void startUp(IngestJobContext context)
String getMIMEType(AbstractFile file)
ProcessResult process(AbstractFile file)
void postMessage(final IngestMessage message)
void createInterestingFileHit(AbstractFile file, FileType fileType)
static boolean isMimeTypeDetectable(String mimeType)
SleuthkitCase getSleuthkitCase()
synchronized static Logger getLogger(String name)
FileType detectUserDefinedFileType(AbstractFile file)
static Case getCurrentCaseThrows()
static synchronized void addToTotals(long jobId, long matchTimeInc)
static String getModuleName()
static synchronized IngestServices getInstance()