19 package org.sleuthkit.autopsy.modules.filetypeid;
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.HashMap;
24 import java.util.List;
25 import java.util.logging.Level;
26 import org.openide.util.NbBundle;
47 "CannotRunFileTypeDetection=Unable to run file type detection."
53 private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs =
new HashMap<>();
71 logger.log(Level.SEVERE,
"Failed to create file type detector", ex);
85 jobId = context.getJobId();
102 long startTime = System.currentTimeMillis();
103 String mimeType = fileTypeDetector.
getMIMEType(file);
104 file.setMIMEType(mimeType);
105 FileType fileType = detectUserDefinedFileType(file);
106 if (fileType != null && fileType.shouldCreateInterestingFileHit()) {
107 createInterestingFileHit(file, fileType);
109 addToTotals(jobId, (System.currentTimeMillis() - startTime));
111 }
catch (Exception e) {
112 logger.log(Level.WARNING, String.format(
"Error while attempting to determine file type of file %d", file.getId()), e);
128 FileType retValue = null;
130 CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
131 List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
132 for (FileType fileType : fileTypesList) {
133 if (fileType.matches(file)) {
150 Collection<BlackboardAttribute> attributes =
new ArrayList<>();
151 attributes.add(
new BlackboardAttribute(
152 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()));
153 attributes.add(
new BlackboardAttribute(
154 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY,
FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()));
159 if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
160 BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
161 artifact.addAttributes(attributes);
166 logger.log(Level.SEVERE, String.format(
"Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex);
169 }
catch (TskCoreException ex) {
170 logger.log(Level.SEVERE, String.format(
"Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex);
172 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
184 synchronized (
this) {
185 jobTotals = totalsForIngestJobs.remove(jobId);
187 if (jobTotals != null) {
188 StringBuilder detailsSb =
new StringBuilder();
189 detailsSb.append(
"<table border='0' cellpadding='4' width='280'>");
191 detailsSb.append(
"<tr><td>")
192 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalProcTime"))
193 .append(
"</td><td>").append(jobTotals.matchTime).append(
"</td></tr>\n");
194 detailsSb.append(
"<tr><td>")
195 .append(NbBundle.getMessage(
this.getClass(),
"FileTypeIdIngestModule.complete.totalFiles"))
196 .append(
"</td><td>").append(jobTotals.numFiles).append(
"</td></tr>\n");
197 detailsSb.append(
"</table>");
199 NbBundle.getMessage(this.getClass(),
200 "FileTypeIdIngestModule.complete.srvMsg.text"),
201 detailsSb.toString()));
213 private static synchronized void addToTotals(
long jobId,
long matchTimeInc) {
215 if (ingestJobTotals == null) {
217 totalsForIngestJobs.put(jobId, ingestJobTotals);
220 ingestJobTotals.matchTime += matchTimeInc;
221 ingestJobTotals.numFiles++;
222 totalsForIngestJobs.put(jobId, ingestJobTotals);
synchronized long decrementAndGet(long jobId)
boolean isDetectable(String mimeType)
FileTypeDetector fileTypeDetector
synchronized long incrementAndGet(long jobId)
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
void startUp(IngestJobContext context)
String getMIMEType(AbstractFile file)
ProcessResult process(AbstractFile file)
void postMessage(final IngestMessage message)
void createInterestingFileHit(AbstractFile file, FileType fileType)
static boolean isMimeTypeDetectable(String mimeType)
SleuthkitCase getSleuthkitCase()
Blackboard getBlackboard()
synchronized void indexArtifact(BlackboardArtifact artifact)
synchronized static Logger getLogger(String name)
FileType detectUserDefinedFileType(AbstractFile file)
static Case getCurrentCaseThrows()
static synchronized void addToTotals(long jobId, long matchTimeInc)
static synchronized IngestServices getInstance()