Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | StringExtractResult |
class | StringExtractUnicodeTable |
Public Member Functions | |
StringExtract () | |
StringExtractResult | extract (byte[] buff, int len, int offset) |
boolean | isEnableUTF16 () |
boolean | isEnableUTF8 () |
boolean | isExtractionEnabled (SCRIPT script) |
boolean | isExtractionLatinBasicOnly () |
final void | setEnabledScript (SCRIPT script) |
final void | setEnabledScripts (List< SCRIPT > scripts) |
void | setEnableUTF16 (boolean enableUTF16) |
void | setEnableUTF8 (boolean enableUTF8) |
Static Public Member Functions | |
static String | extractASCII (byte[] readBuf, int len, int offset) |
static List< SCRIPT > | getSupportedScripts () |
static boolean | isExtractionSupported (SCRIPT script) |
static boolean | isPrintableAscii (char c) |
Static Public Attributes | |
static final int | MIN_CHARS_STRING = 4 |
Private Member Functions | |
StringExtractResult | extractUTF16 (byte[] buff, int len, int offset, boolean endianSwap, final StringExtractResult res) |
StringExtractResult | extractUTF8 (byte[] buff, int len, int offset, final StringExtractResult res) |
Private Attributes | |
final StringBuilder | curString = new StringBuilder() |
List< SCRIPT > | enabledScripts |
boolean | enableUTF16 |
boolean | enableUTF8 |
final StringExtractResult | resUTF16En1 = new StringExtractResult() |
final StringExtractResult | resUTF16En2 = new StringExtractResult() |
final StringExtractResult | resUTF8 = new StringExtractResult() |
final StringExtractUnicodeTable | unicodeTable |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(StringExtract.class.getName()) |
static final List< SCRIPT > | SUPPORTED_SCRIPTS |
Language and encoding aware utility to extract strings from stream of bytes Currently supports UTF-16 LE, UTF-16 BE and UTF8 Latin, Cyrillic, Chinese, Arabic
TODO: process control characters
TODO: handle tie better (when number of chars in 2 results is equal)
Definition at line 43 of file StringExtract.java.
org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract | ( | ) |
Initializes the StringExtract utility Sets enabled scripts to all supported ones
Definition at line 79 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.getInstance(), org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScripts(), and org.sleuthkit.autopsy.coreutils.StringExtract.SUPPORTED_SCRIPTS.
StringExtractResult org.sleuthkit.autopsy.coreutils.StringExtract.extract | ( | byte[] | buff, |
int | len, | ||
int | offset | ||
) |
Runs the byte buffer through the string extractor
buff | |
len | |
offset |
Definition at line 181 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16(), org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8(), org.sleuthkit.autopsy.coreutils.StringExtract.resUTF16En2, and org.sleuthkit.autopsy.coreutils.StringExtract.resUTF8.
Referenced by org.sleuthkit.autopsy.keywordsearch.StringsTextExtractor.InternationalStream.convert(), and org.sleuthkit.autopsy.corecomponents.DataContentViewerString.setDataView().
|
static |
Definition at line 543 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.isPrintableAscii().
|
private |
Definition at line 266 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.getScript(), org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionEnabled(), org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.isGeneric(), and org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.UNICODE_TABLE_SIZE.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extract().
|
private |
Definition at line 350 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.getScript(), org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionEnabled(), org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.isGeneric(), and org.sleuthkit.autopsy.coreutils.StringExtract.StringExtractUnicodeTable.UNICODE_TABLE_SIZE.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extract().
|
static |
Definition at line 167 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.SUPPORTED_SCRIPTS.
Referenced by org.sleuthkit.autopsy.corecomponents.DataContentViewerString.customizeComponents().
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF16 | ( | ) |
Definition at line 100 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF16.
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF8 | ( | ) |
Definition at line 92 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF8.
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionEnabled | ( | SCRIPT | script | ) |
Check if extraction of the script is enabled by this instance of the utility. For LATIN_2 (extended LATIN), enable also LATIN_1, even if it's not explicitely enabled.
script | script that was identified, to check if it is enabled |
Definition at line 147 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF16(), and org.sleuthkit.autopsy.coreutils.StringExtract.extractUTF8().
boolean org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionLatinBasicOnly | ( | ) |
Determine if Basic Latin/English extraction is set enabled only
Definition at line 162 of file StringExtract.java.
|
static |
Check if extraction of the script is supported by the utility
script | script to check if supported |
Definition at line 134 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.SUPPORTED_SCRIPTS.
|
static |
Determine if char is a printable ASCII char in range <32,126> and a tab
c | char to test |
Definition at line 587 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extractASCII(), and org.sleuthkit.autopsy.keywordsearch.StringsTextExtractor.EnglishOnlyStream.read().
final void org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScript | ( | SCRIPT | script | ) |
Sets the enabled script to one provided, resets previous setting
script | script to consider for when extracting strings |
Definition at line 122 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.corecomponents.DataContentViewerString.setDataView().
final void org.sleuthkit.autopsy.coreutils.StringExtract.setEnabledScripts | ( | List< SCRIPT > | scripts | ) |
Sets the enabled scripts to ones provided, resets previous setting
scripts | scripts to consider for when extracting strings |
Definition at line 113 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.keywordsearch.StringsTextExtractor.InternationalStream.InternationalStream(), and org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract().
void org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF16 | ( | boolean | enableUTF16 | ) |
Definition at line 104 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF16.
Referenced by org.sleuthkit.autopsy.keywordsearch.StringsTextExtractor.InternationalStream.InternationalStream().
void org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF8 | ( | boolean | enableUTF8 | ) |
Definition at line 96 of file StringExtract.java.
References org.sleuthkit.autopsy.coreutils.StringExtract.enableUTF8.
Referenced by org.sleuthkit.autopsy.keywordsearch.StringsTextExtractor.InternationalStream.InternationalStream().
|
private |
Definition at line 73 of file StringExtract.java.
|
private |
currently enabled scripts
Definition at line 54 of file StringExtract.java.
|
private |
Definition at line 56 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF16(), and org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF16().
|
private |
Definition at line 55 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.isEnableUTF8(), and org.sleuthkit.autopsy.coreutils.StringExtract.setEnableUTF8().
|
staticprivate |
Definition at line 45 of file StringExtract.java.
|
static |
min. number of extracted chars to qualify as string
Definition at line 49 of file StringExtract.java.
|
private |
Definition at line 59 of file StringExtract.java.
|
private |
Definition at line 60 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extract().
|
private |
Definition at line 61 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.extract().
|
staticprivate |
supported scripts, can be overridden with enableScriptX methods
Definition at line 67 of file StringExtract.java.
Referenced by org.sleuthkit.autopsy.coreutils.StringExtract.getSupportedScripts(), org.sleuthkit.autopsy.coreutils.StringExtract.isExtractionSupported(), and org.sleuthkit.autopsy.coreutils.StringExtract.StringExtract().
|
private |
Definition at line 50 of file StringExtract.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.