Autopsy  4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileTypeIdIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.logging.Level;
26 import org.openide.util.NbBundle;
35 import org.sleuthkit.datamodel.AbstractFile;
38 import org.sleuthkit.datamodel.BlackboardArtifact;
39 import org.sleuthkit.datamodel.BlackboardAttribute;
40 import org.sleuthkit.datamodel.TskCoreException;
41 
46 @NbBundle.Messages({
47  "CannotRunFileTypeDetection=Unable to run file type detection."
48 })
49 public class FileTypeIdIngestModule implements FileIngestModule {
50 
51  private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName());
52  private long jobId;
53  private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs = new HashMap<>();
54  private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
56 
66  @Deprecated
67  public static boolean isMimeTypeDetectable(String mimeType) {
68  try {
69  return new FileTypeDetector().isDetectable(mimeType);
71  logger.log(Level.SEVERE, "Failed to create file type detector", ex); //NON-NLS
72  return false;
73  }
74  }
75 
81  }
82 
83  @Override
84  public void startUp(IngestJobContext context) throws IngestModuleException {
85  jobId = context.getJobId();
86  refCounter.incrementAndGet(jobId);
87  try {
88  fileTypeDetector = new FileTypeDetector();
90  throw new IngestModuleException(Bundle.CannotRunFileTypeDetection(), ex);
91  }
92  }
93 
94  @Override
95  public ProcessResult process(AbstractFile file) {
101  try {
102  long startTime = System.currentTimeMillis();
103  String mimeType = fileTypeDetector.getMIMEType(file);
104  file.setMIMEType(mimeType);
105  FileType fileType = detectUserDefinedFileType(file);
106  if (fileType != null && fileType.createInterestingFileHit()) {
107  createInterestingFileHit(file, fileType);
108  }
109  addToTotals(jobId, (System.currentTimeMillis() - startTime));
110  return ProcessResult.OK;
111  } catch (Exception e) {
112  logger.log(Level.WARNING, String.format("Error while attempting to determine file type of file %d", file.getId()), e); //NON-NLS
113  return ProcessResult.ERROR;
114  }
115  }
116 
127  private FileType detectUserDefinedFileType(AbstractFile file) throws CustomFileTypesManager.CustomFileTypesException {
128  FileType retValue = null;
129 
130  CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
131  List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
132  for (FileType fileType : fileTypesList) {
133  if (fileType.matches(file)) {
134  retValue = fileType;
135  break;
136  }
137  }
138 
139  return retValue;
140  }
141 
148  private void createInterestingFileHit(AbstractFile file, FileType fileType) {
149  try {
150  BlackboardArtifact artifact;
151  artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
152  Collection<BlackboardAttribute> attributes = new ArrayList<>();
153  BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
154  attributes.add(setNameAttribute);
155  BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
156  attributes.add(ruleNameAttribute);
157  artifact.addAttributes(attributes);
158  try {
160  } catch (Blackboard.BlackboardException ex) {
161  logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
162  } catch (NoCurrentCaseException ex) {
163  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
164  }
165  } catch (TskCoreException ex) {
166  logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS
167  }
168  }
169 
170  @Override
171  public void shutDown() {
176  if (refCounter.decrementAndGet(jobId) == 0) {
177  IngestJobTotals jobTotals;
178  synchronized (this) {
179  jobTotals = totalsForIngestJobs.remove(jobId);
180  }
181  if (jobTotals != null) {
182  StringBuilder detailsSb = new StringBuilder();
183  detailsSb.append("<table border='0' cellpadding='4' width='280'>"); //NON-NLS
184  detailsSb.append("<tr><td>").append(FileTypeIdModuleFactory.getModuleName()).append("</td></tr>"); //NON-NLS
185  detailsSb.append("<tr><td>") //NON-NLS
186  .append(NbBundle.getMessage(this.getClass(), "FileTypeIdIngestModule.complete.totalProcTime"))
187  .append("</td><td>").append(jobTotals.matchTime).append("</td></tr>\n"); //NON-NLS
188  detailsSb.append("<tr><td>") //NON-NLS
189  .append(NbBundle.getMessage(this.getClass(), "FileTypeIdIngestModule.complete.totalFiles"))
190  .append("</td><td>").append(jobTotals.numFiles).append("</td></tr>\n"); //NON-NLS
191  detailsSb.append("</table>"); //NON-NLS
193  NbBundle.getMessage(this.getClass(),
194  "FileTypeIdIngestModule.complete.srvMsg.text"),
195  detailsSb.toString()));
196  }
197  }
198  }
199 
207  private static synchronized void addToTotals(long jobId, long matchTimeInc) {
208  IngestJobTotals ingestJobTotals = totalsForIngestJobs.get(jobId);
209  if (ingestJobTotals == null) {
210  ingestJobTotals = new IngestJobTotals();
211  totalsForIngestJobs.put(jobId, ingestJobTotals);
212  }
213 
214  ingestJobTotals.matchTime += matchTimeInc;
215  ingestJobTotals.numFiles++;
216  totalsForIngestJobs.put(jobId, ingestJobTotals);
217  }
218 
219  private static class IngestJobTotals {
220 
221  long matchTime = 0;
222  long numFiles = 0;
223  }
224 
225 }
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
void postMessage(final IngestMessage message)
synchronized void indexArtifact(BlackboardArtifact artifact)
Definition: Blackboard.java:59
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
static synchronized void addToTotals(long jobId, long matchTimeInc)
static synchronized IngestServices getInstance()

Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.