Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
PhotoRecCarverOutputParser.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2011-2016 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.photoreccarver;
20 
21 import java.io.File;
22 import java.io.FileNotFoundException;
23 import java.io.IOException;
24 import java.nio.file.Path;
25 import java.nio.file.Paths;
26 import java.util.ArrayList;
27 import java.util.Collections;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle;
37 import org.sleuthkit.datamodel.AbstractFile;
38 import org.sleuthkit.datamodel.CarvingResult;
39 import org.sleuthkit.datamodel.LayoutFile;
40 import org.sleuthkit.datamodel.TskCoreException;
41 import org.sleuthkit.datamodel.TskFileRange;
42 import org.w3c.dom.Document;
43 import org.w3c.dom.Element;
44 import org.w3c.dom.NodeList;
45 
50 class PhotoRecCarverOutputParser {
51 
52  private final Path basePath;
53  private static final Logger logger = Logger.getLogger(PhotoRecCarverFileIngestModule.class.getName());
54 
55  PhotoRecCarverOutputParser(Path base) {
56  basePath = base;
57  }
58 
76  List<LayoutFile> parse(File xmlInputFile, AbstractFile af, IngestJobContext context) throws FileNotFoundException, IOException {
77  try {
78  final Document doc = XMLUtil.loadDoc(PhotoRecCarverOutputParser.class, xmlInputFile.toString());
79  if (doc == null) {
80  return new ArrayList<>();
81  }
82 
83  Element root = doc.getDocumentElement();
84  if (root == null) {
85  logger.log(Level.SEVERE, "Error loading config file: invalid file format (bad root)."); //NON-NLS
86  return new ArrayList<>();
87  }
88 
89  NodeList fileObjects = root.getElementsByTagName("fileobject"); //NON-NLS
90  final int numberOfFiles = fileObjects.getLength();
91 
92  if (numberOfFiles == 0) {
93  return new ArrayList<>();
94  }
95  String fileName;
96  Long fileSize;
97  NodeList fileNames;
98  NodeList fileSizes;
99  NodeList fileRanges;
100  Element entry;
101  Path filePath;
102  FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
103 
104  // create and initialize the list to put into the database
105  List<CarvingResult.CarvedFile> carvedFiles = new ArrayList<>();
106  for (int fileIndex = 0; fileIndex < numberOfFiles; ++fileIndex) {
107  if (context.fileIngestIsCancelled() == true) {
108  // if it was cancelled by the user, result is OK
109  logger.log(Level.INFO, "PhotoRec cancelled by user"); // NON-NLS
110  MessageNotifyUtil.Notify.info(PhotoRecCarverIngestModuleFactory.getModuleName(), NbBundle.getMessage(PhotoRecCarverFileIngestModule.class, "PhotoRecIngestModule.cancelledByUser"));
111  break;
112  }
113  entry = (Element) fileObjects.item(fileIndex);
114  fileNames = entry.getElementsByTagName("filename"); //NON-NLS
115  fileSizes = entry.getElementsByTagName("filesize"); //NON-NLS
116  fileRanges = entry.getElementsByTagName("byte_run"); //NON-NLS
117 
118  fileSize = Long.parseLong(fileSizes.item(0).getTextContent());
119  fileName = fileNames.item(0).getTextContent();
120  filePath = Paths.get(fileName);
121  if (filePath.startsWith(basePath)) {
122  fileName = filePath.getFileName().toString();
123  }
124 
125  List<TskFileRange> tskRanges = new ArrayList<>();
126  for (int rangeIndex = 0; rangeIndex < fileRanges.getLength(); ++rangeIndex) {
127 
128  Long img_offset = Long.parseLong(((Element) fileRanges.item(rangeIndex)).getAttribute("img_offset")); //NON-NLS
129  Long len = Long.parseLong(((Element) fileRanges.item(rangeIndex)).getAttribute("len")); //NON-NLS
130 
131  // Verify PhotoRec's output
132  long fileByteStart = af.convertToImgOffset(img_offset);
133  if (fileByteStart == -1) {
134  // This better never happen... Data for this file is corrupted. Skip it.
135  logger.log(Level.INFO, "Error while parsing PhotoRec output for file {0}", fileName); //NON-NLS
136  continue;
137  }
138 
139  // check that carved file is within unalloc block
140  long fileByteEnd = img_offset + len;
141  if (fileByteEnd > af.getSize()) {
142  long overshoot = fileByteEnd - af.getSize();
143  if (fileSize > overshoot) {
144  fileSize -= overshoot;
145  } else {
146  // This better never happen... Data for this file is corrupted. Skip it.
147  continue;
148  }
149  }
150 
151  tskRanges.add(new TskFileRange(fileByteStart, len, rangeIndex));
152  }
153 
154  if (!tskRanges.isEmpty()) {
155  carvedFiles.add(new CarvingResult.CarvedFile(fileName, fileSize, tskRanges));
156  }
157  }
158  return fileManager.addCarvedFiles(new CarvingResult(af, carvedFiles));
159  } catch (NumberFormatException | TskCoreException ex) {
160  logger.log(Level.SEVERE, "Error parsing PhotoRec output and inserting it into the database: {0}", ex); //NON-NLS
161  }
162 
163  List<LayoutFile> empty = Collections.emptyList();
164  return empty;
165  }
166 }

Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.