19 package org.sleuthkit.autopsy.modules.filetypeid;
21 import java.util.Arrays;
22 import java.util.HashMap;
23 import java.util.List;
24 import java.util.logging.Level;
25 import org.openide.util.NbBundle;
39 import static org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT;
41 import static org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY;
42 import static org.
sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
50 @NbBundle.Messages({
"CannotRunFileTypeDetection=Unable to run file type detection."})
54 private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs =
new HashMap<>();
74 logger.log(Level.SEVERE,
"Failed to create file type detector", ex);
88 jobId = context.getJobId();
105 long startTime = System.currentTimeMillis();
106 String mimeType = fileTypeDetector.
getMIMEType(file);
107 file.setMIMEType(mimeType);
108 FileType fileType = detectUserDefinedFileType(file);
109 if (fileType != null && fileType.shouldCreateInterestingFileHit()) {
110 createInterestingFileHit(file, fileType);
112 addToTotals(jobId, (System.currentTimeMillis() - startTime));
114 }
catch (Exception e) {
115 logger.log(Level.WARNING, String.format(
"Error while attempting to determine file type of file %d", file.getId()), e);
132 if (CustomFileTypesManager.getInstance().getUserDefinedFileTypes().isEmpty()) {
139 byte[] buf =
new byte[1024];
142 bufLen = file.read(buf, 0, 1024);
143 }
catch (TskCoreException ex) {
147 return detectUserDefinedFileType(file, buf, bufLen);
162 private FileType
detectUserDefinedFileType(AbstractFile file, byte[] startOfFileBuffer,
int bufLen)
throws CustomFileTypesManager.CustomFileTypesException {
163 FileType retValue = null;
165 CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
166 List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
167 for (FileType fileType : fileTypesList) {
168 if (fileType.matches(file, startOfFileBuffer, bufLen)) {
185 List<BlackboardAttribute> attributes = Arrays.asList(
186 new BlackboardAttribute(
188 fileType.getInterestingFilesSetName()),
189 new BlackboardAttribute(
191 fileType.getMimeType()));
197 if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
198 BlackboardArtifact artifact = file.newAnalysisResult(
199 BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
200 null, fileType.getInterestingFilesSetName(), null,
202 .getAnalysisResult();
210 }
catch (Blackboard.BlackboardException ex) {
211 logger.log(Level.SEVERE, String.format(
"Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex);
215 }
catch (TskCoreException ex) {
216 logger.log(Level.SEVERE, String.format(
"Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex);
218 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
230 synchronized (
this) {
231 jobTotals = totalsForIngestJobs.remove(jobId);
233 if (jobTotals != null) {
234 StringBuilder detailsSb =
new StringBuilder();
235 detailsSb.append(
"<table border='0' cellpadding='4' width='280'>");
237 detailsSb.append(
"<tr><td>")
238 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalProcTime"))
239 .append(
"</td><td>").append(jobTotals.matchTime).append(
"</td></tr>\n");
240 detailsSb.append(
"<tr><td>")
241 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalFiles"))
242 .append(
"</td><td>").append(jobTotals.numFiles).append(
"</td></tr>\n");
243 detailsSb.append(
"</table>");
245 NbBundle.getMessage(this.getClass(),
246 "FileTypeIdIngestModule.complete.srvMsg.text"),
247 detailsSb.toString()));
259 private static synchronized void addToTotals(
long jobId,
long matchTimeInc) {
261 if (ingestJobTotals == null) {
263 totalsForIngestJobs.put(jobId, ingestJobTotals);
266 ingestJobTotals.matchTime += matchTimeInc;
267 ingestJobTotals.numFiles++;
268 totalsForIngestJobs.put(jobId, ingestJobTotals);
synchronized long decrementAndGet(long jobId)
boolean isDetectable(String mimeType)
FileTypeDetector fileTypeDetector
synchronized long incrementAndGet(long jobId)
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
void startUp(IngestJobContext context)
String getMIMEType(AbstractFile file)
ProcessResult process(AbstractFile file)
void postMessage(final IngestMessage message)
void createInterestingFileHit(AbstractFile file, FileType fileType)
static boolean isMimeTypeDetectable(String mimeType)
SleuthkitCase getSleuthkitCase()
synchronized static Logger getLogger(String name)
FileType detectUserDefinedFileType(AbstractFile file, byte[] startOfFileBuffer, int bufLen)
FileType detectUserDefinedFileType(AbstractFile file)
static Case getCurrentCaseThrows()
static synchronized void addToTotals(long jobId, long matchTimeInc)
static String getModuleName()
static synchronized IngestServices getInstance()