19 package org.sleuthkit.autopsy.modules.fileextmismatch;
21 import java.util.Collections;
22 import java.util.HashMap;
24 import java.util.logging.Level;
25 import org.openide.util.NbBundle;
26 import org.openide.util.NbBundle.Messages;
41 import org.
sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
51 "CannotRunFileTypeDetection=Unable to run file type detection.",
52 "FileExtMismatchIngestModule.readError.message=Could not read settings."
58 private final FileExtMismatchDetectorModuleSettings
settings;
59 private HashMap<String, Set<String>> mimeTypeToExtsMap =
new HashMap<>();
61 private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs =
new HashMap<>();
68 private long processTime = 0;
69 private long numFiles = 0;
78 private static synchronized void addToTotals(
long ingestJobId,
long processTimeInc) {
80 if (ingestJobTotals == null) {
82 totalsForIngestJobs.put(ingestJobId, ingestJobTotals);
87 totalsForIngestJobs.put(ingestJobId, ingestJobTotals);
91 this.settings = settings;
96 jobId = context.getJobId();
100 mimeTypeToExtsMap = FileExtMismatchSettings.readSettings().getMimeTypeToExtsMap();
102 }
catch (FileExtMismatchSettings.FileExtMismatchSettingsException ex) {
110 @Messages({
"FileExtMismatchIngestModule.indexError.message=Failed to index file extension mismatch artifact for keyword search."})
113 if (this.settings.skipKnownFiles() && (abstractFile.getKnown() == FileKnown.KNOWN)) {
118 if ((abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)
119 || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)
120 || (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.SLACK)
121 || (abstractFile.isFile() ==
false)) {
126 if ((abstractFile.isMetaFlagSet(TskData.TSK_FS_META_FLAG_ENUM.UNALLOC))
127 || (abstractFile.isDirNameFlagSet(TskData.TSK_FS_NAME_FLAG_ENUM.UNALLOC))) {
132 long startTime = System.currentTimeMillis();
134 boolean mismatchDetected = compareSigTypeToExt(abstractFile);
136 addToTotals(jobId, System.currentTimeMillis() - startTime);
138 if (mismatchDetected) {
140 BlackboardArtifact bart = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED);
146 logger.log(Level.SEVERE,
"Unable to index blackboard artifact " + bart.getArtifactID(), ex);
148 Bundle.FileExtMismatchIngestModule_indexError_message(), bart.getDisplayName());
154 }
catch (TskException ex) {
155 logger.log(Level.WARNING,
"Error matching file signature", ex);
168 String currActualExt = abstractFile.getNameExtension();
171 if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) {
174 String currActualSigType = detector.
getFileType(abstractFile);
175 if (currActualSigType == null) {
178 if (settings.getCheckType() != CHECK_TYPE.ALL) {
179 if (settings.getCheckType() == CHECK_TYPE.NO_TEXT_FILES) {
180 if (!currActualExt.isEmpty() && currActualSigType.equals(
"text/plain")) {
184 if (settings.getCheckType() == CHECK_TYPE.ONLY_MEDIA_AND_EXE) {
185 if (!FileExtMismatchDetectorModuleSettings.MEDIA_AND_EXE_MIME_TYPES.contains(currActualSigType)) {
192 Set<String> allowedExtSet = mimeTypeToExtsMap.get(currActualSigType);
193 if (allowedExtSet != null) {
195 for (String e : allowedExtSet) {
196 if (e.equals(currActualExt)) {
211 synchronized (
this) {
212 jobTotals = totalsForIngestJobs.remove(jobId);
214 if (jobTotals != null) {
215 StringBuilder detailsSb =
new StringBuilder();
216 detailsSb.append(
"<table border='0' cellpadding='4' width='280'>");
218 detailsSb.append(
"<tr><td>").append(
219 NbBundle.getMessage(
this.getClass(),
"FileExtMismatchIngestModule.complete.totalProcTime"))
220 .append(
"</td><td>").append(jobTotals.
processTime).append(
"</td></tr>\n");
221 detailsSb.append(
"<tr><td>").append(
222 NbBundle.getMessage(
this.getClass(),
"FileExtMismatchIngestModule.complete.totalFiles"))
223 .append(
"</td><td>").append(jobTotals.
numFiles).append(
"</td></tr>\n");
224 detailsSb.append(
"</table>");
227 NbBundle.getMessage(this.getClass(),
228 "FileExtMismatchIngestModule.complete.svcMsg.text"),
229 detailsSb.toString()));
synchronized long decrementAndGet(long jobId)
FileTypeDetector detector
synchronized long incrementAndGet(long jobId)
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
boolean compareSigTypeToExt(AbstractFile abstractFile)
void postMessage(final IngestMessage message)
void fireModuleDataEvent(ModuleDataEvent moduleDataEvent)
Blackboard getBlackboard()
static void error(String title, String message)
void startUp(IngestJobContext context)
synchronized void indexArtifact(BlackboardArtifact artifact)
final FileExtMismatchDetectorModuleSettings settings
static Case getCurrentCase()
synchronized static Logger getLogger(String name)
String getFileType(AbstractFile file)
ProcessResult process(AbstractFile abstractFile)
static Blackboard blackboard
static synchronized void addToTotals(long ingestJobId, long processTimeInc)
static synchronized IngestServices getInstance()