Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
EmbeddedFileExtractorIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013-2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.embeddedfileextractor;
20 
21 import java.io.File;
22 import java.util.logging.Level;
23 import org.openide.util.NbBundle;
36 import net.sf.sevenzipjbinding.SevenZipNativeInitializationException;
37 
43 @NbBundle.Messages({
44  "CannotCreateOutputFolder=Unable to create output folder.",
45  "CannotRunFileTypeDetection=Unable to run file type detection.",
46  "UnableToInitializeLibraries=Unable to initialize 7Zip libraries."
47 })
48 public final class EmbeddedFileExtractorIngestModule implements FileIngestModule {
49 
50  private static final Logger logger = Logger.getLogger(EmbeddedFileExtractorIngestModule.class.getName());
51  private final IngestServices services = IngestServices.getInstance();
52  static final String[] SUPPORTED_EXTENSIONS = {"zip", "rar", "arj", "7z", "7zip", "gzip", "gz", "bzip2", "tar", "tgz",}; // "iso"}; NON-NLS
53 
55  private long jobId;
56  private final static IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
57 
58  private String moduleDirRelative;
59  private String moduleDirAbsolute;
60 
61  private boolean archivextraction;
62  private boolean imageExtraction;
63  private ImageExtractor imageExtractor;
64  private SevenZipExtractor archiveExtractor;
65  SupportedImageExtractionFormats abstractFileExtractionFormat;
66  FileTypeDetector fileTypeDetector;
67 
69  }
70 
71  @Override
72  public void startUp(IngestJobContext context) throws IngestModuleException {
73  this.context = context;
74  jobId = context.getJobId();
75 
76  final Case currentCase = Case.getCurrentCase();
77 
78  moduleDirRelative = currentCase.getModuleOutputDirectoryRelativePath() + File.separator + EmbeddedFileExtractorModuleFactory.getModuleName(); //relative to the case, to store in db
79  moduleDirAbsolute = currentCase.getModuleDirectory() + File.separator + EmbeddedFileExtractorModuleFactory.getModuleName(); //absolute, to extract to
80 
81  // initialize the folder where the embedded files are extracted.
82  File extractionDirectory = new File(moduleDirAbsolute);
83  if (!extractionDirectory.exists()) {
84  try {
85  extractionDirectory.mkdirs();
86  } catch (SecurityException ex) {
87  throw new IngestModuleException(Bundle.CannotCreateOutputFolder(), ex);
88  }
89  }
90 
91  // initialize the filetypedetector
92  try {
93  fileTypeDetector = new FileTypeDetector();
95  throw new IngestModuleException(Bundle.CannotRunFileTypeDetection(), ex);
96  }
97 
98  // initialize the extraction modules.
99  try {
100  this.archiveExtractor = new SevenZipExtractor(context, fileTypeDetector, moduleDirRelative, moduleDirAbsolute);
101  } catch (SevenZipNativeInitializationException ex) {
102  throw new IngestModuleException(Bundle.UnableToInitializeLibraries(), ex);
103  }
104 
105  this.imageExtractor = new ImageExtractor(context, fileTypeDetector, moduleDirRelative, moduleDirAbsolute);
106  }
107 
108  @Override
109  public ProcessResult process(AbstractFile abstractFile) {
110  // skip the unallocated blocks
111  if ((abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS)) ||
112  (abstractFile.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK))) {
113  return ProcessResult.OK;
114  }
115 
116  // skip known files
117  if (abstractFile.getKnown().equals(TskData.FileKnown.KNOWN)) {
118  return ProcessResult.OK;
119  }
120 
121  // check if the file is supported by either of the two embedded file extractors.
122  this.archivextraction = archiveExtractor.isSevenZipExtractionSupported(abstractFile);
123  this.imageExtraction = imageExtractor.isImageExtractionSupported(abstractFile);
124 
125  if (!abstractFile.isFile() && (!this.archivextraction || !this.imageExtraction)) {
126  return ProcessResult.OK;
127  }
128 
129  // call the archive extractor if archiveExtraction flag is set.
130  if (this.archivextraction) {
131  archiveExtractor.unpack(abstractFile);
132  }
133 
134  // calling the image extractor if imageExtraction flag set.
135  if (this.imageExtraction) {
136  imageExtractor.extractImage(abstractFile);
137  }
138 
139  return ProcessResult.OK;
140  }
141 
142  @Override
143  public void shutDown() {
144  // We don't need the value, but for cleanliness and consistency
145  refCounter.decrementAndGet(jobId);
146  }
147 
155  static String getUniqueName(AbstractFile archiveFile) {
156  return archiveFile.getName() + "_" + archiveFile.getId();
157  }
158 }
TskData.TSK_DB_FILES_TYPE_ENUM getType()
synchronized static Logger getLogger(String name)
Definition: Logger.java:161
static synchronized IngestServices getInstance()

Copyright © 2012-2016 Basis Technology. Generated on: Mon Apr 24 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.