Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileType.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-2015 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.io.Serializable;
22 import java.nio.charset.StandardCharsets;
23 import java.util.Arrays;
24 import java.util.Objects;
25 import java.util.logging.Level;
27 import org.sleuthkit.datamodel.AbstractFile;
28 import org.sleuthkit.datamodel.TskCoreException;
29 
35 class FileType implements Serializable {
36 
37  private static final long serialVersionUID = 1L;
38  private final String mimeType;
39  private final Signature signature;
40  private final String interestingFilesSetName;
41  private final boolean alert;
42 
54  FileType(String mimeType, final Signature signature, String filesSetName, boolean alert) {
55  this.mimeType = mimeType;
56  this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isRelativeToStart());
57  this.interestingFilesSetName = filesSetName;
58  this.alert = alert;
59  }
60 
66  String getMimeType() {
67  return mimeType;
68  }
69 
75  Signature getSignature() {
76  return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isRelativeToStart());
77  }
78 
86  boolean matches(final AbstractFile file) {
87  return signature.containedIn(file);
88  }
89 
96  boolean alertOnMatch() {
97  return alert;
98  }
99 
106  String getFilesSetName() {
107  return interestingFilesSetName;
108  }
109 
110  @Override
111  public String toString() {
112  return this.mimeType;
113  }
114 
115  @Override
116  public boolean equals(Object other) {
117  if (other != null && other instanceof FileType) {
118  FileType that = (FileType) other;
119  if (this.getMimeType().equals(that.getMimeType()) && this.getSignature().equals(that.getSignature())) {
120  return true;
121  }
122  }
123  return false;
124  }
125 
126  @Override
127  public int hashCode() {
128  int hash = 7;
129  hash = 67 * hash + Objects.hashCode(this.mimeType);
130  hash = 67 * hash + Objects.hashCode(this.signature);
131  return hash;
132  }
133 
140  static class Signature implements Serializable {
141 
142  private static final long serialVersionUID = 1L;
143  private static final Logger logger = Logger.getLogger(Signature.class.getName());
144 
148  enum Type {
149 
150  RAW, ASCII
151  };
152 
153  private final byte[] signatureBytes;
154  private final long offset;
155  private final Type type;
156  private final boolean isRelativeToStart;
157 
167  Signature(final byte[] signatureBytes, long offset, Type type) {
168  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
169  this.offset = offset;
170  this.type = type;
171  this.isRelativeToStart = true;
172  }
173 
181  Signature(String signatureString, long offset) {
182  this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
183  this.offset = offset;
184  this.type = Type.ASCII;
185  this.isRelativeToStart = true;
186  }
187 
197  Signature(final byte[] signatureBytes, long offset) {
198  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
199  this.offset = offset;
200  this.type = Type.RAW;
201  this.isRelativeToStart = true;
202  }
203 
215  Signature(final byte[] signatureBytes, long offset, Type type, boolean isRelativeToStart) {
216  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
217  this.offset = offset;
218  this.type = type;
219  this.isRelativeToStart = isRelativeToStart;
220  }
221 
231  Signature(String signatureString, long offset, boolean isRelativeToStart) {
232  this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
233  this.offset = offset;
234  this.type = Type.ASCII;
235  this.isRelativeToStart = isRelativeToStart;
236  }
237 
249  Signature(final byte[] signatureBytes, long offset, boolean isRelativeToStart) {
250  this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
251  this.offset = offset;
252  this.type = Type.RAW;
253  this.isRelativeToStart = isRelativeToStart;
254  }
255 
261  byte[] getSignatureBytes() {
262  return Arrays.copyOf(signatureBytes, signatureBytes.length);
263  }
264 
270  long getOffset() {
271  return offset;
272  }
273 
279  Type getType() {
280  return type;
281  }
282 
283  boolean isRelativeToStart() {
284  return isRelativeToStart;
285  }
286 
295  boolean containedIn(final AbstractFile file) {
296  if (offset >= file.getSize()) {
297  return false; // File is too small, offset lies outside file.
298  }
299  long actualOffset = offset;
300  if (!isRelativeToStart) {
301  actualOffset = file.getSize() - 1 - offset;
302  }
303  if (file.getSize() < (actualOffset + signatureBytes.length)) {
304  return false;
305  }
306  try {
307  byte[] buffer = new byte[signatureBytes.length];
308  int bytesRead = file.read(buffer, actualOffset, signatureBytes.length);
309  return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes)));
310  } catch (TskCoreException ex) {
316  Signature.logger.log(Level.WARNING, "Error reading from file with objId = " + file.getId(), ex); //NON-NLS
317  return false;
318  }
319  }
320 
321  @Override
322  public boolean equals(Object other) {
323  if (other != null && other instanceof Signature) {
324  Signature that = (Signature) other;
325  if (Arrays.equals(this.getSignatureBytes(), that.getSignatureBytes())
326  && this.getOffset() == that.getOffset()
327  && this.getType().equals(that.getType())) {
328  return true;
329  }
330  }
331  return false;
332  }
333 
334  @Override
335  public int hashCode() {
336  int hash = 3;
337  hash = 97 * hash + Arrays.hashCode(this.signatureBytes);
338  hash = 97 * hash + (int) (this.offset ^ (this.offset >>> 32));
339  hash = 97 * hash + Objects.hashCode(this.type);
340  return hash;
341  }
342  }
343 
344 }
synchronized static Logger getLogger(String name)
Definition: Logger.java:166

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.