19 package org.sleuthkit.autopsy.modules.filetypeid;
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.logging.Level;
26 import org.openide.util.NbBundle;
47 "CannotRunFileTypeDetection=Unable to run file type detection."
53 private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs =
new HashMap<>();
71 logger.log(Level.SEVERE,
"Failed to create file type detector", ex);
85 jobId = context.getJobId();
102 long startTime = System.currentTimeMillis();
103 String mimeType = fileTypeDetector.
getMIMEType(file);
104 file.setMIMEType(mimeType);
105 FileType fileType = detectUserDefinedFileType(file);
106 if (fileType != null && fileType.createInterestingFileHit()) {
107 createInterestingFileHit(file, fileType);
109 addToTotals(jobId, (System.currentTimeMillis() - startTime));
111 }
catch (Exception e) {
112 logger.log(Level.WARNING, String.format(
"Error while attempting to determine file type of file %d", file.getId()), e);
128 FileType retValue = null;
130 CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
131 List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
132 for (FileType fileType : fileTypesList) {
133 if (fileType.matches(file)) {
150 BlackboardArtifact artifact;
151 artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
152 Collection<BlackboardAttribute> attributes =
new ArrayList<>();
153 BlackboardAttribute setNameAttribute =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
154 attributes.add(setNameAttribute);
155 BlackboardAttribute ruleNameAttribute =
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY,
FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
156 attributes.add(ruleNameAttribute);
157 artifact.addAttributes(attributes);
161 logger.log(Level.SEVERE, String.format(
"Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex);
163 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
165 }
catch (TskCoreException ex) {
166 logger.log(Level.SEVERE, String.format(
"Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex);
178 synchronized (
this) {
179 jobTotals = totalsForIngestJobs.remove(jobId);
181 if (jobTotals != null) {
182 StringBuilder detailsSb =
new StringBuilder();
183 detailsSb.append(
"<table border='0' cellpadding='4' width='280'>");
185 detailsSb.append(
"<tr><td>")
186 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalProcTime"))
187 .append(
"</td><td>").append(jobTotals.matchTime).append(
"</td></tr>\n");
188 detailsSb.append(
"<tr><td>")
189 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalFiles"))
190 .append(
"</td><td>").append(jobTotals.numFiles).append(
"</td></tr>\n");
191 detailsSb.append(
"</table>");
193 NbBundle.getMessage(this.getClass(),
194 "FileTypeIdIngestModule.complete.srvMsg.text"),
195 detailsSb.toString()));
207 private static synchronized void addToTotals(
long jobId,
long matchTimeInc) {
209 if (ingestJobTotals == null) {
211 totalsForIngestJobs.put(jobId, ingestJobTotals);
214 ingestJobTotals.matchTime += matchTimeInc;
215 ingestJobTotals.numFiles++;
216 totalsForIngestJobs.put(jobId, ingestJobTotals);
synchronized long decrementAndGet(long jobId)
boolean isDetectable(String mimeType)
FileTypeDetector fileTypeDetector
synchronized long incrementAndGet(long jobId)
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
void startUp(IngestJobContext context)
String getMIMEType(AbstractFile file)
ProcessResult process(AbstractFile file)
void postMessage(final IngestMessage message)
void createInterestingFileHit(AbstractFile file, FileType fileType)
static boolean isMimeTypeDetectable(String mimeType)
Blackboard getBlackboard()
synchronized void indexArtifact(BlackboardArtifact artifact)
synchronized static Logger getLogger(String name)
FileType detectUserDefinedFileType(AbstractFile file)
static Case getCurrentCaseThrows()
static synchronized void addToTotals(long jobId, long matchTimeInc)
static synchronized IngestServices getInstance()