Autopsy  4.19.3
Graphical digital forensics platform for The Sleuth Kit and other tools.
Classes | Public Member Functions | Static Public Member Functions | Private Member Functions | Static Private Member Functions | Private Attributes | Static Private Attributes | List of all members
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector Class Reference

Classes

class  FileTypeDetectorInitException
 

Public Member Functions

 FileTypeDetector () throws FileTypeDetectorInitException
 
String detect (AbstractFile file) throws TskCoreException
 
String detectAndPostToBlackboard (AbstractFile file) throws TskCoreException
 
String getFileType (AbstractFile file) throws TskCoreException
 
String getMIMEType (AbstractFile file)
 
List< String > getUserDefinedTypes ()
 
boolean isDetectable (String mimeType)
 

Static Public Member Functions

static synchronized SortedSet< String > getDetectedTypes () throws FileTypeDetectorInitException
 

Private Member Functions

boolean byteIs0xFF (byte x)
 
String detectAutopsyDefinedType (AbstractFile file, byte[] startOfFileBuffer, int bufLen)
 
String detectUserDefinedType (AbstractFile file, byte[] startOfFileBuffer, int bufLen)
 
byte[] getNBytes (AbstractFile file, int offset, int n) throws TskCoreException
 
boolean isDetectableAsCustomType (List< FileType > customTypes, String mimeType)
 
boolean isDetectableByTika (String mimeType)
 
String removeOptionalParameter (String mimeType)
 

Static Private Member Functions

static SortedSet< String > getTikaDetectedTypes ()
 

Private Attributes

final List< FileType > autopsyDefinedFileTypes
 
final int defaultBufferSize = 600
 
final List< FileType > userDefinedFileTypes
 

Static Private Attributes

static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName())
 
static final int SLACK_FILE_THRESHOLD = 4096
 
static final Tika tika = new Tika()
 
static SortedSet< String > tikaDetectedTypes
 

Detailed Description

Detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.

Definition at line 46 of file FileTypeDetector.java.

Constructor & Destructor Documentation

org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector ( ) throws FileTypeDetectorInitException

Constructs an object that detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.

Exceptions
FileTypeDetectorInitExceptionIf an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded.

Definition at line 119 of file FileTypeDetector.java.

Member Function Documentation

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.byteIs0xFF ( byte  x)
private

Determine if the byte is 255 (0xFF) by examining the last 4 bits and the first 4 bits.

Parameters
xbyte
Returns
Flag indicating the byte if 0xFF

Definition at line 323 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect ( AbstractFile  file) throws TskCoreException

Detects the MIME type of a file. The result is not added to the case database.

Parameters
fileThe file to test.
Returns
A MIME type name. If file type could not be detected or results were uncertain, octet-stream is returned.
Exceptions
TskCoreException
Deprecated:
Use getMIMEType instead.

Definition at line 510 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard ( AbstractFile  file) throws TskCoreException

Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.

Parameters
fileThe file.
Returns
A MIME type name.
Exceptions
TskCoreExceptionif detection is required and there is a problem writing the result to the case database.
Deprecated:
Use getMIMEType instead, and call AbstractFile.setMIMEType and AbstractFile.save to save the result to the file object and the database.

Definition at line 466 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType ( AbstractFile  file,
byte[]  startOfFileBuffer,
int  bufLen 
)
private

Determines whether or not a file matches a custom file type defined by Autopsy.

Parameters
fileThe file to test.
startOfFileBufferThe beginning of the file data.
bufLenThe length of startOfFileBuffer.
Returns
The MIME type as a string if a match is found; otherwise null.

Definition at line 391 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType ( AbstractFile  file,
byte[]  startOfFileBuffer,
int  bufLen 
)
private

Determines whether or not a file matches a user-defined custom file type.

Parameters
fileThe file to test.
startOfFileBufferThe beginning of the file data.
bufLenThe length of startOfFileBuffer.
Returns
The MIME type as a string if a match is found; otherwise null.

Definition at line 369 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

static synchronized SortedSet<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getDetectedTypes ( ) throws FileTypeDetectorInitException
static

Gets a sorted set of the file types that can be detected: the MIME types detected by Tika (without optional parameters), the custom MIME types defined by Autopsy, and any custom MIME types defined by the user.

Returns
A list of all detectable file types.
Exceptions
FileTypeDetectorInitExceptionIf an error occurs while assembling the list of types

Definition at line 66 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes().

Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.customInit(), and org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType ( AbstractFile  file) throws TskCoreException

Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.

Parameters
fileThe file.
Returns
A MIME type name. If file type could not be detected or results were uncertain, octet-stream is returned.
Exceptions
TskCoreExceptionif detection is required and there is a problem writing the result to the case database.
Deprecated:
Use getMIMEType instead, and call AbstractFile.setMIMEType and AbstractFile.save to save the result to the file object and the database.

Definition at line 490 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType ( AbstractFile  file)

Detects the MIME type of a file, then writes it the AbstractFile object representing the file and returns the detected type.

Parameters
fileThe file to test.
Returns
A MIME type name. If file type could not be detected, or results were uncertain, octet-stream is returned.

We cannot trust Tika's audio/mpeg mimetype. Lets verify the first two bytes and confirm it is not 0xffff. Details in JIRA-4659

Definition at line 182 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.byteIs0xFF(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.defaultBufferSize, org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.coreutils.textutils.EncodingUtils.getEncoding(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getNBytes(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.SLACK_FILE_THRESHOLD, and org.sleuthkit.autopsy.coreutils.textutils.EncodingUtils.UNKNOWN_CHARSET.

Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), org.sleuthkit.autopsy.contentviewers.FileViewer.isPreferred(), org.sleuthkit.autopsy.textextractors.TextFileExtractor.isSupported(), org.sleuthkit.autopsy.contentviewers.FileViewer.isSupported(), org.sleuthkit.autopsy.contentviewers.MediaPlayerPanel.isSupported(), org.sleuthkit.autopsy.modules.pictureanalyzer.PictureAnalyzerIngestModule.process(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process(), org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.process(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.process(), and org.sleuthkit.autopsy.contentviewers.FileViewer.setNode().

byte [] org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getNBytes ( AbstractFile  file,
int  offset,
int  n 
) throws TskCoreException
private

Retrieves the first N bytes from a file.

Parameters
fileAbstract file to read
offsetOffset to begin reading
nNumber of bytes to read
Returns
Byte array of size n
Exceptions
TskCoreException

Definition at line 338 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType().

static SortedSet<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes ( )
staticprivate

Gets a sorted set of the MIME types detected by Tika (without optional parameters).

Returns
A list of all detectable non-custom file types.

Definition at line 99 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().

List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes ( )

Gets the names of the custom file types defined by the user or by Autopsy.

Returns
A list of the user-defined MIME types.
Deprecated:
Do not use.

Definition at line 440 of file FileTypeDetector.java.

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable ( String  mimeType)

Determines whether or not a given MIME type is detectable by this detector.

Parameters
mimeTypeThe MIME type name (e.g., "text/html").
Returns
True or false.

Definition at line 136 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType ( List< FileType >  customTypes,
String  mimeType 
)
private

Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.

Parameters
customTypes
mimeTypeThe MIME type name (e.g., "text/html").
Returns
True or false.

Definition at line 151 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().

boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika ( String  mimeType)
private

Determines whether or not a given MIME type is detectable by Tika.

Parameters
mimeTypeThe MIME type name (e.g., "text/html").
Returns
True or false.

Definition at line 167 of file FileTypeDetector.java.

References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().

String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter ( String  mimeType)
private

Removes the optional parameter from a MIME type string

Parameters
mimeType
Returns
MIME type without the optional parameter

Definition at line 351 of file FileTypeDetector.java.

Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getMIMEType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().

Member Data Documentation

final List<FileType> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.autopsyDefinedFileTypes
private

Definition at line 52 of file FileTypeDetector.java.

final int org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.defaultBufferSize = 600
private
final Logger org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.logger = Logger.getLogger(FileTypeDetector.class.getName())
staticprivate

Definition at line 48 of file FileTypeDetector.java.

final int org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.SLACK_FILE_THRESHOLD = 4096
staticprivate
final Tika org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.tika = new Tika()
staticprivate

Definition at line 49 of file FileTypeDetector.java.

SortedSet<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.tikaDetectedTypes
staticprivate

Definition at line 53 of file FileTypeDetector.java.

final List<FileType> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.userDefinedFileTypes
private

Definition at line 51 of file FileTypeDetector.java.


The documentation for this class was generated from the following file:

Copyright © 2012-2022 Basis Technology. Generated on: Sat Sep 24 2022
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.