Autopsy
3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | FileTypeDetectorInitException |
Public Member Functions | |
FileTypeDetector () throws FileTypeDetectorInitException | |
boolean | isDetectable (String mimeType) |
String | getFileType (AbstractFile file) throws TskCoreException |
String | detectAndPostToBlackboard (AbstractFile file) throws TskCoreException |
String | detect (AbstractFile file) throws TskCoreException |
Private Member Functions | |
boolean | isDetectableAsUserDefinedType (String mimeType) |
boolean | isDetectableByTika (String mimeType) |
String | detectUserDefinedType (AbstractFile file) throws TskCoreException |
Private Attributes | |
final byte | buffer [] = new byte[BUFFER_SIZE] |
final Map< String, FileType > | userDefinedFileTypes |
Static Private Attributes | |
static final Tika | tika = new Tika() |
static final int | BUFFER_SIZE = 64 * 1024 |
Detects the type of a file by an inspection of its contents.
Definition at line 36 of file FileTypeDetector.java.
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector | ( | ) | throws FileTypeDetectorInitException |
Constructs an object that detects the type of a file by an inspection of its contents.
FileTypeDetector.FileTypeDetectorInitException | if an initialization error occurs. |
Definition at line 50 of file FileTypeDetector.java.
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect | ( | AbstractFile | file | ) | throws TskCoreException |
Detect the MIME type of a file.
file | The file to test. |
TskCoreException |
Strip out any Tika enhancements to the MIME type name.
This exception is swallowed rather than propagated because files in images are not always consistent with their file system meta data making for read errors, and Tika can be a bit flaky at times, making this a best effort endeavor.
Definition at line 154 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer, org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS, and org::sleuthkit::datamodel::TskData::TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard | ( | AbstractFile | file | ) | throws TskCoreException |
Detect the MIME type of a file, posting it to the blackboard if detection succeeds. Note that this method should currently be called at most once per file.
file | The file to test. |
TskCoreException |
Add the file type attribute to the general info artifact. Note that no property change is fired for this blackboard posting because general info artifacts are different from other artifacts, e.g., they are not displayed in the results tree.
Definition at line 131 of file FileTypeDetector.java.
References org::sleuthkit::datamodel::BlackboardArtifact.addAttribute(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect(), and org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType().
|
private |
Determines whether or not the a file matches a user-defined or Autopsy predefined file type. If a match is found and the file type definition calls for an alert on a match, an interesting file hit artifact is posted to the blackboard.
file | The file to test. |
TskCoreException |
Use the MIME type as the category, i.e., the rule that determined this file belongs to the interesting files set.
Definition at line 205 of file FileTypeDetector.java.
References org::sleuthkit::datamodel::BlackboardArtifact.addAttribute(), org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_CATEGORY, org::sleuthkit::datamodel::BlackboardArtifact::ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, and org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_SET_NAME.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType | ( | AbstractFile | file | ) | throws TskCoreException |
Look up the MIME type of a file using the blackboard. If it is not already posted, detect the type of the file, posting it to the blackboard if detection succeeds.
file | The file to test. |
TskCoreException |
Get the first TSK_FILE_TYPE_SIG attribute.
Definition at line 107 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), and org::sleuthkit::datamodel::BlackboardAttribute::ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.
Referenced by org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process().
boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable | ( | String | mimeType | ) |
Determines whether or not a given MIME type is detectable by this detector.
mimeType | The MIME type name, e.g. "text/html", to look up. |
Definition at line 65 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsUserDefinedType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().
|
private |
Determines whether or not a given MIME type is detectable as a user-defined file type.
mimeType | The MIME type name, e.g. "text/html", to look up. |
Definition at line 76 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Determines whether or not a given MIME type is detectable by Tika.
mimeType | The MIME type name, e.g. "text/html", to look up. |
Definition at line 86 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Definition at line 40 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
staticprivate |
Definition at line 39 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 38 of file FileTypeDetector.java.
|
private |
Definition at line 41 of file FileTypeDetector.java.
Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.