Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
EmbeddedFileExtractorIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.embeddedfileextractor;
20 
21 import java.io.File;
22 import java.util.logging.Level;
36 
42 public final class EmbeddedFileExtractorIngestModule implements FileIngestModule {
43 
44  private static final Logger logger = Logger.getLogger(EmbeddedFileExtractorIngestModule.class.getName());
46  static final String[] SUPPORTED_EXTENSIONS = {"zip", "rar", "arj", "7z", "7zip", "gzip", "gz", "bzip2", "tar", "tgz",}; // "iso"}; NON-NLS
47 
49  private long jobId;
51 
52  private String moduleDirRelative;
53  private String moduleDirAbsolute;
54 
55  private boolean archivextraction;
56  private boolean imageExtraction;
57  private ImageExtractor imageExtractor;
58  private SevenZipExtractor archiveExtractor;
59  SupportedImageExtractionFormats abstractFileExtractionFormat;
60  FileTypeDetector fileTypeDetector;
61 
63  }
64 
65  @Override
66  public void startUp(IngestJobContext context) throws IngestModuleException {
67  this.context = context;
68  jobId = context.getJobId();
69 
70  final Case currentCase = Case.getCurrentCase();
71 
72  moduleDirRelative = Case.getModulesOutputDirRelPath() + File.separator + EmbeddedFileExtractorModuleFactory.getModuleName(); //relative to the case, to store in db
73  moduleDirAbsolute = currentCase.getModulesOutputDirAbsPath() + File.separator + EmbeddedFileExtractorModuleFactory.getModuleName(); //absolute, to extract to
74 
75  // initialize the folder where the embedded files are extracted.
76  File extractionDirectory = new File(moduleDirAbsolute);
77  if (!extractionDirectory.exists()) {
78  try {
79  extractionDirectory.mkdirs();
80  } catch (SecurityException ex) {
81  logger.log(Level.SEVERE, "Error initializing output dir: " + moduleDirAbsolute, ex); //NON-NLS
82  services.postMessage(IngestMessage.createErrorMessage(EmbeddedFileExtractorModuleFactory.getModuleName(), "Error initializing", "Error initializing output dir: " + moduleDirAbsolute)); //NON-NLS
83  throw new IngestModuleException(ex.getMessage());
84  }
85  }
86 
87  // initialize the filetypedetector
88  try {
89  fileTypeDetector = new FileTypeDetector();
91  throw new IngestModuleException(ex.getMessage());
92  }
93 
94  // initialize the extraction modules.
95  this.archiveExtractor = new SevenZipExtractor(context, fileTypeDetector, moduleDirRelative, moduleDirAbsolute);
96  this.imageExtractor = new ImageExtractor(context, fileTypeDetector, moduleDirRelative, moduleDirAbsolute);
97  }
98 
99  @Override
100  public ProcessResult process(AbstractFile abstractFile) {
101  // skip the unallocated blocks
102  if (abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)) {
103  return ProcessResult.OK;
104  }
105 
106  // skip unknown files
107  if (abstractFile.getKnown().equals(TskData.FileKnown.KNOWN)) {
108  return ProcessResult.OK;
109  }
110 
111  // check if the file is supported by either of the two embedded file extractors.
112  this.archivextraction = archiveExtractor.isSevenZipExtractionSupported(abstractFile);
113  this.imageExtraction = imageExtractor.isImageExtractionSupported(abstractFile);
114 
115  if (!abstractFile.isFile() && (!this.archivextraction || !this.imageExtraction)) {
116  return ProcessResult.OK;
117  }
118 
119  // call the archive extractor if archiveextraction flag is set.
120  if (this.archivextraction) {
121  archiveExtractor.unpack(abstractFile);
122  }
123 
124  // calling the image extractor if imageExtraction flag set.
125  if (this.imageExtraction) {
126  imageExtractor.extractImage(abstractFile);
127  }
128 
129  return ProcessResult.OK;
130  }
131 
132  @Override
133  public void shutDown() {
134  // We don't need the value, but for cleanliness and consistency
135  refCounter.decrementAndGet(jobId);
136  }
137 
144  static String getUniqueName(AbstractFile archiveFile) {
145  return archiveFile.getName() + "_" + archiveFile.getId();
146  }
147 }
static IngestMessage createErrorMessage(String source, String subject, String detailsHtml)
TskData.TSK_DB_FILES_TYPE_ENUM getType()
static String getModulesOutputDirRelPath()
Definition: Case.java:787
void postMessage(final IngestMessage message)
static Logger getLogger(String name)
Definition: Logger.java:131
static synchronized IngestServices getInstance()

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.