Autopsy  4.18.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
FileTypeIdIngestModule.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2013-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.filetypeid;
20 
21 import java.util.Arrays;
22 import java.util.HashMap;
23 import java.util.List;
24 import java.util.logging.Level;
25 import org.openide.util.NbBundle;
36 import org.sleuthkit.datamodel.AbstractFile;
37 import org.sleuthkit.datamodel.Blackboard;
38 import org.sleuthkit.datamodel.BlackboardArtifact;
39 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT;
40 import org.sleuthkit.datamodel.BlackboardAttribute;
41 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY;
42 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
43 import org.sleuthkit.datamodel.Score;
44 import org.sleuthkit.datamodel.TskCoreException;
45 
50 @NbBundle.Messages({"CannotRunFileTypeDetection=Unable to run file type detection."})
51 public class FileTypeIdIngestModule implements FileIngestModule {
52 
53  private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName());
54  private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs = new HashMap<>();
55  private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
56 
57  private long jobId;
59 
69  @Deprecated
70  public static boolean isMimeTypeDetectable(String mimeType) {
71  try {
72  return new FileTypeDetector().isDetectable(mimeType);
74  logger.log(Level.SEVERE, "Failed to create file type detector", ex); //NON-NLS
75  return false;
76  }
77  }
78 
84  }
85 
86  @Override
87  public void startUp(IngestJobContext context) throws IngestModuleException {
88  jobId = context.getJobId();
89  refCounter.incrementAndGet(jobId);
90  try {
91  fileTypeDetector = new FileTypeDetector();
93  throw new IngestModuleException(Bundle.CannotRunFileTypeDetection(), ex);
94  }
95  }
96 
97  @Override
98  public ProcessResult process(AbstractFile file) {
104  try {
105  long startTime = System.currentTimeMillis();
106  String mimeType = fileTypeDetector.getMIMEType(file);
107  file.setMIMEType(mimeType);
108  FileType fileType = detectUserDefinedFileType(file);
109  if (fileType != null && fileType.shouldCreateInterestingFileHit()) {
110  createInterestingFileHit(file, fileType);
111  }
112  addToTotals(jobId, (System.currentTimeMillis() - startTime));
113  return ProcessResult.OK;
114  } catch (Exception e) {
115  logger.log(Level.WARNING, String.format("Error while attempting to determine file type of file %d", file.getId()), e); //NON-NLS
116  return ProcessResult.ERROR;
117  }
118  }
119 
130  private FileType detectUserDefinedFileType(AbstractFile file) throws CustomFileTypesManager.CustomFileTypesException {
131 
132  if (CustomFileTypesManager.getInstance().getUserDefinedFileTypes().isEmpty()) {
133  return null;
134  }
135 
136  /*
137  * Read in the beginning of the file once.
138  */
139  byte[] buf = new byte[1024];
140  int bufLen;
141  try {
142  bufLen = file.read(buf, 0, 1024);
143  } catch (TskCoreException ex) {
144  // Proceed for now - the error will likely get logged next time the file is read.
145  bufLen = 0;
146  }
147  return detectUserDefinedFileType(file, buf, bufLen);
148  }
149 
162  private FileType detectUserDefinedFileType(AbstractFile file, byte[] startOfFileBuffer, int bufLen) throws CustomFileTypesManager.CustomFileTypesException {
163  FileType retValue = null;
164 
165  CustomFileTypesManager customFileTypesManager = CustomFileTypesManager.getInstance();
166  List<FileType> fileTypesList = customFileTypesManager.getUserDefinedFileTypes();
167  for (FileType fileType : fileTypesList) {
168  if (fileType.matches(file, startOfFileBuffer, bufLen)) {
169  retValue = fileType;
170  break;
171  }
172  }
173 
174  return retValue;
175  }
176 
183  private void createInterestingFileHit(AbstractFile file, FileType fileType) {
184 
185  List<BlackboardAttribute> attributes = Arrays.asList(
186  new BlackboardAttribute(
187  TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(),
188  fileType.getInterestingFilesSetName()),
189  new BlackboardAttribute(
190  TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(),
191  fileType.getMimeType()));
192  try {
193  Case currentCase = Case.getCurrentCaseThrows();
194 
195  Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard();
196  // Create artifact if it doesn't already exist.
197  if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
198  BlackboardArtifact artifact = file.newAnalysisResult(
199  BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
200  null, fileType.getInterestingFilesSetName(), null,
201  attributes)
202  .getAnalysisResult();
203  try {
204  /*
205  * post the artifact which will index the artifact for
206  * keyword search, and fire an event to notify UI of this
207  * new artifact
208  */
209  tskBlackboard.postArtifact(artifact, FileTypeIdModuleFactory.getModuleName());
210  } catch (Blackboard.BlackboardException ex) {
211  logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
212  }
213  }
214 
215  } catch (TskCoreException ex) {
216  logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS
217  } catch (NoCurrentCaseException ex) {
218  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
219  }
220  }
221 
222  @Override
223  public void shutDown() {
228  if (refCounter.decrementAndGet(jobId) == 0) {
229  IngestJobTotals jobTotals;
230  synchronized (this) {
231  jobTotals = totalsForIngestJobs.remove(jobId);
232  }
233  if (jobTotals != null) {
234  StringBuilder detailsSb = new StringBuilder();
235  detailsSb.append("<table border='0' cellpadding='4' width='280'>"); //NON-NLS
236  detailsSb.append("<tr><td>").append(FileTypeIdModuleFactory.getModuleName()).append("</td></tr>"); //NON-NLS
237  detailsSb.append("<tr><td>") //NON-NLS
238  .append(NbBundle.getMessage(this.getClass(), "FileTypeIdIngestModule.complete.totalProcTime"))
239  .append("</td><td>").append(jobTotals.matchTime).append("</td></tr>\n"); //NON-NLS
240  detailsSb.append("<tr><td>") //NON-NLS
241  .append(NbBundle.getMessage(this.getClass(), "FileTypeIdIngestModule.complete.totalFiles"))
242  .append("</td><td>").append(jobTotals.numFiles).append("</td></tr>\n"); //NON-NLS
243  detailsSb.append("</table>"); //NON-NLS
245  NbBundle.getMessage(this.getClass(),
246  "FileTypeIdIngestModule.complete.srvMsg.text"),
247  detailsSb.toString()));
248  }
249  }
250  }
251 
259  private static synchronized void addToTotals(long jobId, long matchTimeInc) {
260  IngestJobTotals ingestJobTotals = totalsForIngestJobs.get(jobId);
261  if (ingestJobTotals == null) {
262  ingestJobTotals = new IngestJobTotals();
263  totalsForIngestJobs.put(jobId, ingestJobTotals);
264  }
265 
266  ingestJobTotals.matchTime += matchTimeInc;
267  ingestJobTotals.numFiles++;
268  totalsForIngestJobs.put(jobId, ingestJobTotals);
269  }
270 
271  private static class IngestJobTotals {
272 
273  long matchTime = 0;
274  long numFiles = 0;
275  }
276 }
static IngestMessage createMessage(MessageType messageType, String source, String subject, String detailsHtml)
void postMessage(final IngestMessage message)
synchronized static Logger getLogger(String name)
Definition: Logger.java:124
FileType detectUserDefinedFileType(AbstractFile file, byte[] startOfFileBuffer, int bufLen)
static synchronized void addToTotals(long jobId, long matchTimeInc)
static synchronized IngestServices getInstance()

Copyright © 2012-2021 Basis Technology. Generated on: Thu Jul 8 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.