Autopsy
4.4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
|
Classes | |
class | FileTypeDetectorInitException |
Public Member Functions | |
FileTypeDetector () throws FileTypeDetectorInitException | |
String | detect (AbstractFile file) throws TskCoreException |
String | detectAndPostToBlackboard (AbstractFile file) throws TskCoreException |
String | getFileType (AbstractFile file) throws TskCoreException |
List< String > | getUserDefinedTypes () |
boolean | isDetectable (String mimeType) |
Static Public Member Functions | |
static synchronized SortedSet< String > | getDetectedTypes () throws FileTypeDetectorInitException |
Private Member Functions | |
String | detect (AbstractFile file, boolean addToCaseDb) throws TskCoreException |
String | detectAutopsyDefinedType (AbstractFile file) throws TskCoreException |
String | detectUserDefinedType (AbstractFile file) throws TskCoreException |
boolean | isDetectableAsCustomType (List< FileType > customTypes, String mimeType) |
boolean | isDetectableByTika (String mimeType) |
String | removeOptionalParameter (String mimeType) |
Static Private Member Functions | |
static SortedSet< String > | getTikaDetectedTypes () |
Private Attributes | |
final List< FileType > | autopsyDefinedFileTypes |
final byte | buffer [] = new byte[BUFFER_SIZE] |
final List< FileType > | userDefinedFileTypes |
Static Private Attributes | |
static final int | BUFFER_SIZE = 64 * 1024 |
static final Logger | logger = Logger.getLogger(FileTypeDetector.class.getName()) |
static final Tika | tika = new Tika() |
static SortedSet< String > | tikaDetectedTypes |
Detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.
Definition at line 48 of file FileTypeDetector.java.
org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.FileTypeDetector | ( | ) | throws FileTypeDetectorInitException |
Constructs an object that detects the MIME type of a file by an inspection of its contents, using custom file type definitions by users, custom file type definitions by Autopsy, and Tika. User file type definitions take precedence over both Autopsy file type definitions and Tika, and Autopsy file type definitions take precendence over Tika.
FileTypeDetectorInitException | If an initialization error occurs, e.g., user-defined file type definitions exist but cannot be loaded. |
Definition at line 121 of file FileTypeDetector.java.
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect | ( | AbstractFile | file | ) | throws TskCoreException |
Detects the MIME type of a file. The result is not added to the case database.
file | The file to test. |
TskCoreException | If there is a problem writing the result to the case database. |
Definition at line 205 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType(), and org.sleuthkit.autopsy.corecomponents.MediaViewVideoPanel.isSupported().
|
private |
Detects the MIME type of a file. The result is saved to the case database only if the add to case database flag is set.
file | The file to test. |
addToCaseDb | Whether the MIME type should be added to the case database. This flag is part of a partial workaround for a check-then-act-race condition (see notes in comments for details). |
TskCoreException | If there is a problem writing the result to the case database. |
Definition at line 225 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.buffer, org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAutopsyDefinedType(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectUserDefinedType(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getSleuthkitCase(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 476 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType().
|
private |
Determines whether or not the a file matches a custom file type defined by Autopsy.
file | The file to test. |
TskCoreException |
Definition at line 402 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
private |
Determines whether or not the a file matches a user-defined custom file type.
file | The file to test. |
TskCoreException |
Definition at line 357 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error(), org.sleuthkit.autopsy.casemodule.services.Services.getBlackboard(), org.sleuthkit.autopsy.casemodule.Case.getCurrentCase(), org.sleuthkit.autopsy.casemodule.Case.getServices(), and org.sleuthkit.autopsy.casemodule.services.Blackboard.indexArtifact().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
static |
Gets a sorted set of the file types that can be detected: the MIME types detected by Tika (without optional parameters), the custom MIME types defined by Autopsy, and any custom MIME types defined by the user.
FileTypeDetectorInitException | If an error occurs while assembling the list of types |
Definition at line 68 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes().
Referenced by org.sleuthkit.autopsy.modules.interestingitems.FilesSetDefsPanel.customInit(), and org.sleuthkit.autopsy.filesearch.MimeTypePanel.getMimeTypeArray().
String org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getFileType | ( | AbstractFile | file | ) | throws TskCoreException |
Gets the MIME type of a file, detecting it if it is not already known. If detection is necessary, the result is added to the case database.
IMPORTANT: This method should only be called by ingest modules. All other clients should call AbstractFile.getMIMEType, and may call FileTypeDetector.detect, if AbstractFile.getMIMEType returns null.
file | The file. |
TskCoreException | if detection is required and there is a problem writing the result to the case database. |
Definition at line 189 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
Referenced by org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchIngestModule.compareSigTypeToExt(), org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detectAndPostToBlackboard(), org.sleuthkit.autopsy.keywordsearch.KeywordSearchIngestModule.Indexer.indexFile(), org.sleuthkit.autopsy.modules.exif.ExifParserFileIngestModule.parsableFormat(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.process().
|
staticprivate |
Gets a sorted set of the MIME types detected by Tika (without optional parameters).
Definition at line 101 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
List<String> org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getUserDefinedTypes | ( | ) |
Gets the names of the custom file types defined by the user or by Autopsy.
Definition at line 451 of file FileTypeDetector.java.
boolean org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable | ( | String | mimeType | ) |
Determines whether or not a given MIME type is detectable by this detector.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 138 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableAsCustomType(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdIngestModule.isMimeTypeDetectable().
|
private |
Determines whether or not a given MIME type is detectable as a user-defined MIME type by this detector.
customTypes | |
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 153 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Determines whether or not a given MIME type is detectable by Tika.
mimeType | The MIME type name (e.g., "text/html"). |
Definition at line 169 of file FileTypeDetector.java.
References org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.getTikaDetectedTypes(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.removeOptionalParameter().
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectable().
|
private |
Removes the optional parameter from a MIME type string
mimeType |
Definition at line 338 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect(), and org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.isDetectableByTika().
|
private |
Definition at line 55 of file FileTypeDetector.java.
|
private |
Definition at line 53 of file FileTypeDetector.java.
Referenced by org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector.detect().
|
staticprivate |
Definition at line 52 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 50 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 51 of file FileTypeDetector.java.
|
staticprivate |
Definition at line 56 of file FileTypeDetector.java.
|
private |
Definition at line 54 of file FileTypeDetector.java.
Copyright © 2012-2016 Basis Technology. Generated on: Fri Sep 29 2017
This work is licensed under a
Creative Commons Attribution-Share Alike 3.0 United States License.