Autopsy
4.7.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | FileTypeDetectorInitException |
Public Member Functions | |
FileTypeDetector () throws FileTypeDetectorInitException | |
String | detect (AbstractFile file) throws TskCoreException |
String | detectAndPostToBlackboard (AbstractFile file) throws TskCoreException |
String | getFileType (AbstractFile file) throws TskCoreException |
String | getMIMEType (AbstractFile file) |
List< String > | getUserDefinedTypes () |
boolean | isDetectable (String mimeType) |
Static Public Member Functions | |
static synchronized SortedSet< String > | getDetectedTypes () throws FileTypeDetectorInitException |
Private Member Functions | |
String | detectAutopsyDefinedType (AbstractFile file) |
String | detectUserDefinedType (AbstractFile file) |
boolean | isDetectableAsCustomType (List< FileType > customTypes, String mimeType) |
boolean | isDetectableByTika (String mimeType) |
String | removeOptionalParameter (String mimeType) |
Static Private Member Functions | |
static SortedSet< String > | getTikaDetectedTypes () |
Private Attributes | |
final List< FileType > | autopsyDefinedFileTypes |
final List< FileType > | userDefinedFileTypes |
Static Private Attributes | |
static final Logger | logger = Logger.getLogger(FileTypeDetector.class.getName()) |
static final int | SLACK_FILE_THRESHOLD = 4096 |
static final Tika | tika = new Tika() |
static SortedSet< String > | tikaDetectedTypes |
Detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.
Definition at line 43 of file FileTypeDetector.java.
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector | ( | ) | throws FileTypeDetectorInitException |
Constructs an object that detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.
FileTypeDetectorInitException | If an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded. |
Definition at line 115 of file FileTypeDetector.java.
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect | ( | AbstractFile | file | ) | throws TskCoreException |
Detects the MIME type of a file. The result is not added to the case database.
file | The file to test. |
TskCoreException |
Definition at line 419 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 375 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
private |
Determines whether or not a file matches a custom file type defined by Autopsy.
file | The file to test. |
Definition at line 300 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
private |
Determines whether or not a file matches a user-defined custom file type.
file | The file to test. |
Definition at line 281 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
static |
Gets a sorted set of the file types that can be detected: the MIME types detected by Tika (without optional parameters), the custom MIME types defined by Autopsy, and any custom MIME types defined by the user.
FileTypeDetectorInitException | If an error occurs while assembling the list of types |
Definition at line 62 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes().
Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.customInit(), and org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 399 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType | ( | AbstractFile | file | ) |
Detects the MIME type of a file, then writes it the AbstractFile object representing the file and returns the detected type.
file | The file to test. |
Definition at line 178 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.SLACK_FILE_THRESHOLD.
Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.contentviewers.FileViewer.isPreferred(), org.sleuthkit.autopsy.contentviewers.FileViewer.isSupported(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process(), and org.sleuthkit.autopsy.contentviewers.FileViewer.setNode().
|
staticprivate |
Gets a sorted set of the MIME types detected by Tika (without optional parameters).
Definition at line 95 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes | ( | ) |
Gets the names of the custom file types defined by the user or by Autopsy.
Definition at line 349 of file FileTypeDetector.java.
boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable | ( | String | mimeType | ) |
Determines whether or not a given MIME type is detectable by this detector.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 132 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().
|
private |
Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.
customTypes | |
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 147 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Determines whether or not a given MIME type is detectable by Tika.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 163 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Removes the optional parameter from a MIME type string
mimeType |
Definition at line 265 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
|
private |
Definition at line 49 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 45 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 47 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().
|
staticprivate |
Definition at line 46 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 50 of file FileTypeDetector.java.
|
private |
Definition at line 48 of file FileTypeDetector.java.
Copyright © 2012-2016 Basis Technology. Generated on: Mon Jun 18 2018
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.