From b777cf88e82204a88ea22c37ba9f4865b6512ec4 Mon Sep 17 00:00:00 2001 From: momo Date: Tue, 27 Oct 2015 09:26:21 -0400 Subject: [PATCH 01/15] preliminary implimentation --- .../autopsy/modules/filetypeid/FileType.java | 55 ++++++++++++++++++- .../UserDefinedFileTypesManager.java | 6 ++ 2 files changed, 60 insertions(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index e44a3b5adc..96f7b2b8b3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -167,6 +167,49 @@ class FileType { this.offset = offset; this.type = Type.RAW; } + + /** + * Creates a file signature consisting of a sequence of bytes at a + * specific offset within a file with default offset. + * + * @param signatureBytes The signature bytes. + * @param isFooter Whether this is a footer or not + * @param type The type of data in the byte array. Impacts + * how it is displayed to the user in the UI. + */ + Signature(final byte[] signatureBytes, boolean isFooter, Type type) { + this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); + this.offset = isFooter ? -1 : 0; + this.type = type; + } + + /** + * Creates a file signature consisting of an ASCII string at a + * specific offset within a file with default offset. + * + * @param signatureString The ASCII string + * @param isFooter Whether this is a footer or not + */ + Signature(String signatureString, boolean isFooter) { + this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); + this.offset = isFooter ? -1 : 0; + this.type = Type.ASCII; + } + + /** + * Creates a file signature consisting of a sequence of bytes at a + * specific offset within a file with default offset. If bytes + * correspond to an ASCII string, use one of the other constructors + * so that the string is displayed to the user instead of the raw bytes. + * + * @param signatureBytes The signature bytes. + * @param isFooter Whether this is a footer or not + */ + Signature(final byte[] signatureBytes, boolean isFooter) { + this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); + this.offset = isFooter ? -1 : 0; + this.type = Type.RAW; + } /** * Gets the byte sequence of the signature. @@ -203,7 +246,9 @@ class FileType { * * @return True or false. */ - boolean containedIn(final AbstractFile file) { + boolean containedIn(final AbstractFile file) { + if(offset == -1) + return containedAsFooter(file); if (file.getSize() < (offset + signatureBytes.length)) { return false; /// too small, can't contain this signature } @@ -221,6 +266,14 @@ class FileType { return false; } } + + private boolean containedAsFooter(final AbstractFile file) { + if(file.getSize() < signatureBytes.length) + return false; + long newOffset = file.getSize() - signatureBytes.length; + Signature newSignature = new Signature(signatureBytes, newOffset); + return newSignature.containedIn(file); + } } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java index d5777cb281..3622cceaf6 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java @@ -224,6 +224,12 @@ final class UserDefinedFileTypesManager { // Add rule for .pfm fileType = new FileType("image/x-portable-floatmap", new Signature("PF", 0L), "", false); //NON-NLS fileTypes.put(fileType.getMimeType(), fileType); + + // Add rule for .tga + byteArray = DatatypeConverter.parseHexBinary("54525545564953494F4E2D5846494C452E00"); + fileType = new FileType("image/x-tga", new Signature(byteArray, true), "", false); // NON-NLS + fileTypes.put(fileType.getMimeType(), fileType); + } // parseHexBinary() throws this if the argument passed in is not Hex catch (IllegalArgumentException e) { From 98e43b766692f38127b58a9db111cf4f1ac511c7 Mon Sep 17 00:00:00 2001 From: momo Date: Tue, 27 Oct 2015 10:48:01 -0400 Subject: [PATCH 02/15] the -1 implementation --- .../modules/filetypeid/Bundle.properties | 2 +- .../FileTypeIdGlobalSettingsPanel.form | 116 ++++++++-------- .../FileTypeIdGlobalSettingsPanel.java | 124 +++++++++++------- 3 files changed, 143 insertions(+), 99 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties index cca8104c38..7ac6b9fc2c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties @@ -46,4 +46,4 @@ FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types: FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. - +FileTypeIdGlobalSettingsPanel.isFooterCheckBox.text=This signature is a footer diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form index 1d124ea29d..efa69fdafe 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form @@ -33,63 +33,63 @@ - - - - - - - - - - - - - - - - - - + + + + + + + + + + - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - - + @@ -108,7 +108,7 @@ - + @@ -140,6 +140,8 @@ + + @@ -351,5 +353,15 @@ + + + + + + + + + + diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index cebce19890..349b6c3cea 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -203,7 +203,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane boolean requiredFieldsPopulated = !mimeTypeTextField.getText().isEmpty() - && !offsetTextField.getText().isEmpty() + && (isFooterCheckBox.isSelected() ? true : !offsetTextField.getText().isEmpty()) && !signatureTextField.getText().isEmpty() && (postHitCheckBox.isSelected() ? !filesSetNameTextField.getText().isEmpty() : true); saveTypeButton.setEnabled(!ingestIsRunning && requiredFieldsPopulated); @@ -271,7 +271,16 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane } } signatureTextField.setText(signatureBytes); - offsetTextField.setText(Long.toString(signature.getOffset())); + if(signature.getOffset() == -1) { + isFooterCheckBox.setSelected(true); + offsetTextField.setEnabled(false); + offsetTextField.setText(""); + } + else { + isFooterCheckBox.setSelected(false); + offsetTextField.setEnabled(true); + offsetTextField.setText(Long.toString(signature.getOffset())); + } postHitCheckBox.setSelected(fileType.alertOnMatch()); filesSetNameTextField.setEnabled(postHitCheckBox.isSelected()); filesSetNameTextField.setText(fileType.getFilesSetName()); @@ -289,6 +298,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM); hexPrefixLabel.setVisible(true); signatureTextField.setText("0000"); //NON-NLS + isFooterCheckBox.setSelected(false); + offsetTextField.setEnabled(true); offsetTextField.setText(""); //NON-NLS postHitCheckBox.setSelected(false); filesSetNameTextField.setText(""); //NON-NLS @@ -360,6 +371,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane jLabel1 = new javax.swing.JLabel(); jLabel2 = new javax.swing.JLabel(); jLabel3 = new javax.swing.JLabel(); + isFooterCheckBox = new javax.swing.JCheckBox(); setMaximumSize(new java.awt.Dimension(500, 300)); setPreferredSize(new java.awt.Dimension(500, 300)); @@ -439,6 +451,13 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane org.openide.awt.Mnemonics.setLocalizedText(jLabel3, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.jLabel3.text")); // NOI18N + org.openide.awt.Mnemonics.setLocalizedText(isFooterCheckBox, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.isFooterCheckBox.text")); // NOI18N + isFooterCheckBox.addActionListener(new java.awt.event.ActionListener() { + public void actionPerformed(java.awt.event.ActionEvent evt) { + isFooterCheckBoxActionPerformed(evt); + } + }); + javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); this.setLayout(layout); layout.setHorizontalGroup( @@ -451,51 +470,51 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addGap(30, 30, 30)) .addGroup(layout.createSequentialGroup() .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addComponent(jLabel2) .addGroup(layout.createSequentialGroup() - .addGap(10, 10, 10) - .addComponent(deleteTypeButton, javax.swing.GroupLayout.PREFERRED_SIZE, 70, javax.swing.GroupLayout.PREFERRED_SIZE) - .addGap(18, 18, 18) - .addComponent(newTypeButton, javax.swing.GroupLayout.PREFERRED_SIZE, 70, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addComponent(typesScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(separator, javax.swing.GroupLayout.PREFERRED_SIZE, 7, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addComponent(mimeTypeLabel) - .addGap(30, 30, 30) - .addComponent(mimeTypeTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addComponent(postHitCheckBox) - .addGroup(layout.createSequentialGroup() - .addComponent(signatureTypeLabel) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(signatureTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(layout.createSequentialGroup() - .addComponent(signatureLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(hexPrefixLabel) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 160, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(layout.createSequentialGroup() - .addComponent(offsetLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 71, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 178, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() - .addGap(21, 21, 21) - .addComponent(filesSetNameLabel) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(filesSetNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 182, javax.swing.GroupLayout.PREFERRED_SIZE))) - .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() - .addComponent(saveTypeButton) - .addGap(8, 8, 8))) - .addContainerGap()) - .addGroup(layout.createSequentialGroup() - .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(jLabel2) + .addGroup(layout.createSequentialGroup() + .addGap(10, 10, 10) + .addComponent(deleteTypeButton, javax.swing.GroupLayout.PREFERRED_SIZE, 70, javax.swing.GroupLayout.PREFERRED_SIZE) + .addGap(18, 18, 18) + .addComponent(newTypeButton, javax.swing.GroupLayout.PREFERRED_SIZE, 70, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addComponent(typesScrollPane, javax.swing.GroupLayout.PREFERRED_SIZE, 180, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(separator, javax.swing.GroupLayout.PREFERRED_SIZE, 7, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(mimeTypeLabel) + .addGap(30, 30, 30) + .addComponent(mimeTypeTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addComponent(postHitCheckBox) + .addGroup(layout.createSequentialGroup() + .addComponent(signatureTypeLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(signatureTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(layout.createSequentialGroup() + .addComponent(signatureLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(hexPrefixLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 160, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(layout.createSequentialGroup() + .addComponent(offsetLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 71, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 178, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() + .addGap(21, 21, 21) + .addComponent(filesSetNameLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(filesSetNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 182, javax.swing.GroupLayout.PREFERRED_SIZE))) + .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() + .addComponent(saveTypeButton) + .addGap(8, 8, 8)) + .addComponent(isFooterCheckBox))) .addComponent(jLabel1) .addComponent(jLabel3)) - .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))) + .addContainerGap(50, Short.MAX_VALUE)))) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -510,7 +529,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addGroup(layout.createSequentialGroup() .addComponent(jLabel2) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(typesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 177, Short.MAX_VALUE) + .addComponent(typesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 173, Short.MAX_VALUE) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(deleteTypeButton) @@ -534,6 +553,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addComponent(signatureLabel)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(isFooterCheckBox) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(offsetLabel)) @@ -614,7 +635,12 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane */ long offset; try { - offset = Long.parseUnsignedLong(offsetTextField.getText()); + if(isFooterCheckBox.isSelected()) { + offset = -1; + } + else { + offset = Long.parseUnsignedLong(offsetTextField.getText()); + } } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), @@ -664,12 +690,18 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane // TODO add your handling code here: }//GEN-LAST:event_signatureTextFieldActionPerformed + private void isFooterCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_isFooterCheckBoxActionPerformed + offsetTextField.setEnabled(!isFooterCheckBox.isSelected()); + enableButtons(); + }//GEN-LAST:event_isFooterCheckBoxActionPerformed + // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton deleteTypeButton; private javax.swing.JLabel filesSetNameLabel; private javax.swing.JTextField filesSetNameTextField; private javax.swing.JLabel hexPrefixLabel; private javax.swing.JLabel ingestRunningWarningLabel; + private javax.swing.JCheckBox isFooterCheckBox; private javax.swing.JLabel jLabel1; private javax.swing.JLabel jLabel2; private javax.swing.JLabel jLabel3; From 14c91eb2dfd84081b03c01f65a8fde9c5278c17d Mon Sep 17 00:00:00 2001 From: momo Date: Tue, 27 Oct 2015 14:34:14 -0400 Subject: [PATCH 03/15] remove predefined sig to add to another pull request --- .../filetypeid/FileTypeIdGlobalSettingsPanel.java | 9 ++------- .../autopsy/modules/filetypeid/FileTypes.xsd | 12 +++++++++--- .../filetypeid/UserDefinedFileTypesManager.java | 6 ------ 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index 349b6c3cea..2c84789a18 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -634,13 +634,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane * Get the offset. */ long offset; - try { - if(isFooterCheckBox.isSelected()) { - offset = -1; - } - else { - offset = Long.parseUnsignedLong(offsetTextField.getText()); - } + try { + offset = isFooterCheckBox.isSelected() ? -1 : Long.parseUnsignedLong(offsetTextField.getText()); } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd index 26aa720ff1..6ae9505c76 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd @@ -13,19 +13,25 @@ - - + + + + + + + + - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java index 3622cceaf6..d5777cb281 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java @@ -224,12 +224,6 @@ final class UserDefinedFileTypesManager { // Add rule for .pfm fileType = new FileType("image/x-portable-floatmap", new Signature("PF", 0L), "", false); //NON-NLS fileTypes.put(fileType.getMimeType(), fileType); - - // Add rule for .tga - byteArray = DatatypeConverter.parseHexBinary("54525545564953494F4E2D5846494C452E00"); - fileType = new FileType("image/x-tga", new Signature(byteArray, true), "", false); // NON-NLS - fileTypes.put(fileType.getMimeType(), fileType); - } // parseHexBinary() throws this if the argument passed in is not Hex catch (IllegalArgumentException e) { From 1d63ef0559dc78b7acf38552b7ea7202ff094495 Mon Sep 17 00:00:00 2001 From: momo Date: Tue, 27 Oct 2015 14:36:12 -0400 Subject: [PATCH 04/15] remove extra white space --- .../modules/filetypeid/FileTypeIdGlobalSettingsPanel.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index 2c84789a18..a7f3a78fe4 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -634,8 +634,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane * Get the offset. */ long offset; - try { - offset = isFooterCheckBox.isSelected() ? -1 : Long.parseUnsignedLong(offsetTextField.getText()); + try { + offset = isFooterCheckBox.isSelected() ? -1 : Long.parseUnsignedLong(offsetTextField.getText()); } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), From 806b4a91b01cf14aee1d7ed0874ca49cb3c10302 Mon Sep 17 00:00:00 2001 From: momo Date: Wed, 28 Oct 2015 10:21:31 -0400 Subject: [PATCH 05/15] allow offset with footer --- .../autopsy/modules/filetypeid/FileType.java | 62 ++----------------- .../FileTypeIdGlobalSettingsPanel.java | 19 +++--- .../autopsy/modules/filetypeid/FileTypes.xsd | 8 +-- 3 files changed, 17 insertions(+), 72 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index cc12a95b5a..132f5b3317 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -191,49 +191,6 @@ class FileType { this.offset = offset; this.type = Type.RAW; } - - /** - * Creates a file signature consisting of a sequence of bytes at a - * specific offset within a file with default offset. - * - * @param signatureBytes The signature bytes. - * @param isFooter Whether this is a footer or not - * @param type The type of data in the byte array. Impacts - * how it is displayed to the user in the UI. - */ - Signature(final byte[] signatureBytes, boolean isFooter, Type type) { - this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); - this.offset = isFooter ? -1 : 0; - this.type = type; - } - - /** - * Creates a file signature consisting of an ASCII string at a - * specific offset within a file with default offset. - * - * @param signatureString The ASCII string - * @param isFooter Whether this is a footer or not - */ - Signature(String signatureString, boolean isFooter) { - this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); - this.offset = isFooter ? -1 : 0; - this.type = Type.ASCII; - } - - /** - * Creates a file signature consisting of a sequence of bytes at a - * specific offset within a file with default offset. If bytes - * correspond to an ASCII string, use one of the other constructors - * so that the string is displayed to the user instead of the raw bytes. - * - * @param signatureBytes The signature bytes. - * @param isFooter Whether this is a footer or not - */ - Signature(final byte[] signatureBytes, boolean isFooter) { - this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); - this.offset = isFooter ? -1 : 0; - this.type = Type.RAW; - } /** * Gets the byte sequence of the signature. @@ -270,15 +227,16 @@ class FileType { * * @return True or false. */ - boolean containedIn(final AbstractFile file) { - if(offset == -1) - return containedAsFooter(file); - if (file.getSize() < (offset + signatureBytes.length)) { + boolean containedIn(final AbstractFile file) { + long actualOffset = offset; + if(offset < 0) + actualOffset = file.getSize() - signatureBytes.length + offset+1; + if (file.getSize() < (actualOffset + signatureBytes.length)) { return false; /// too small, can't contain this signature } try { byte[] buffer = new byte[signatureBytes.length]; - int bytesRead = file.read(buffer, offset, signatureBytes.length); + int bytesRead = file.read(buffer, actualOffset, signatureBytes.length); return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes))); } catch (TskCoreException ex) { /** @@ -291,14 +249,6 @@ class FileType { } } - private boolean containedAsFooter(final AbstractFile file) { - if(file.getSize() < signatureBytes.length) - return false; - long newOffset = file.getSize() - signatureBytes.length; - Signature newSignature = new Signature(signatureBytes, newOffset); - return newSignature.containedIn(file); - } - @Override public boolean equals(Object other) { if (other != null && other instanceof Signature) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index f45be34df6..712c82823c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -203,7 +203,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane boolean requiredFieldsPopulated = !mimeTypeTextField.getText().isEmpty() - && (isFooterCheckBox.isSelected() ? true : !offsetTextField.getText().isEmpty()) + && !offsetTextField.getText().isEmpty() && !signatureTextField.getText().isEmpty() && (postHitCheckBox.isSelected() ? !filesSetNameTextField.getText().isEmpty() : true); saveTypeButton.setEnabled(!ingestIsRunning && requiredFieldsPopulated); @@ -270,14 +270,12 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane } } signatureTextField.setText(signatureBytes); - if(signature.getOffset() == -1) { + if(signature.getOffset() < 0) { isFooterCheckBox.setSelected(true); - offsetTextField.setEnabled(false); - offsetTextField.setText(""); + offsetTextField.setText(Long.toString(signature.getOffset()*-1 -1)); } else { isFooterCheckBox.setSelected(false); - offsetTextField.setEnabled(true); offsetTextField.setText(Long.toString(signature.getOffset())); } postHitCheckBox.setSelected(fileType.alertOnMatch()); @@ -299,7 +297,6 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane hexPrefixLabel.setVisible(true); signatureTextField.setText("0000"); //NON-NLS isFooterCheckBox.setSelected(false); - offsetTextField.setEnabled(true); offsetTextField.setText(""); //NON-NLS postHitCheckBox.setSelected(false); filesSetNameTextField.setText(""); //NON-NLS @@ -635,7 +632,12 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane */ long offset; try { - offset = isFooterCheckBox.isSelected() ? -1 : Long.parseUnsignedLong(offsetTextField.getText()); + if(isFooterCheckBox.isSelected()) { + offset = Long.parseUnsignedLong(offsetTextField.getText())*-1 -1; + } + else { + offset = Long.parseUnsignedLong(offsetTextField.getText()); + } } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), @@ -693,8 +695,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane }//GEN-LAST:event_signatureTextFieldActionPerformed private void isFooterCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_isFooterCheckBoxActionPerformed - offsetTextField.setEnabled(!isFooterCheckBox.isSelected()); - enableButtons(); + }//GEN-LAST:event_isFooterCheckBoxActionPerformed // Variables declaration - do not modify//GEN-BEGIN:variables diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd index 6ae9505c76..c923441e3d 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd @@ -21,17 +21,11 @@ - - - - - - - + From 39bf598ca92aa9325bd8036343956218135e4043 Mon Sep 17 00:00:00 2001 From: momo Date: Wed, 28 Oct 2015 15:09:44 -0400 Subject: [PATCH 06/15] change implementation to use a boolean variable --- .../autopsy/modules/filetypeid/FileType.java | 62 +++++++++++++++++-- .../FileTypeIdGlobalSettingsPanel.java | 18 ++---- .../autopsy/modules/filetypeid/FileTypes.xsd | 3 +- .../UserDefinedFileTypesManager.java | 19 +++++- 4 files changed, 81 insertions(+), 21 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index 132f5b3317..451c1d773c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -51,7 +51,7 @@ class FileType { */ FileType(String mimeType, final Signature signature, String filesSetName, boolean alert) { this.mimeType = mimeType; - this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType()); + this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isTrailing()); this.interestingFilesSetName = filesSetName; this.alert = alert; } @@ -71,7 +71,7 @@ class FileType { * @return The signature. */ Signature getSignature() { - return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType()); + return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isTrailing()); } /** @@ -148,6 +148,7 @@ class FileType { private final byte[] signatureBytes; private final long offset; private final Type type; + private final boolean trailing; /** * Creates a file signature consisting of a sequence of bytes at a @@ -162,6 +163,7 @@ class FileType { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = type; + this.trailing = false; } /** @@ -175,6 +177,7 @@ class FileType { this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); this.offset = offset; this.type = Type.ASCII; + this.trailing = false; } /** @@ -190,6 +193,53 @@ class FileType { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = Type.RAW; + this.trailing = false; + } + + /** + * Creates a file signature consisting of a sequence of bytes at a + * specific offset within a file. + * + * @param signatureBytes The signature bytes. + * @param offset The offset of the signature bytes. + * @param type The type of data in the byte array. Impacts + * how it is displayed to the user in the UI. + */ + Signature(final byte[] signatureBytes, long offset, Type type, boolean isFooter) { + this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); + this.offset = offset; + this.type = type; + this.trailing = isFooter; + } + + /** + * Creates a file signature consisting of an ASCII string at a + * specific offset within a file. + * + * @param signatureString The ASCII string + * @param offset The offset of the signature bytes. + */ + Signature(String signatureString, long offset, boolean isFooter) { + this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); + this.offset = offset; + this.type = Type.ASCII; + this.trailing = isFooter; + } + + /** + * Creates a file signature consisting of a sequence of bytes at a + * specific offset within a file. If bytes correspond to an ASCII + * string, use one of the other constructors so that the string is + * displayed to the user instead of the raw bytes. + * + * @param signatureBytes The signature bytes. + * @param offset The offset of the signature bytes. + */ + Signature(final byte[] signatureBytes, long offset, boolean isFooter) { + this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); + this.offset = offset; + this.type = Type.RAW; + this.trailing = isFooter; } /** @@ -218,6 +268,10 @@ class FileType { Type getType() { return type; } + + boolean isTrailing() { + return trailing; + } /** * Determines whether or not the signature is contained within a given @@ -229,8 +283,8 @@ class FileType { */ boolean containedIn(final AbstractFile file) { long actualOffset = offset; - if(offset < 0) - actualOffset = file.getSize() - signatureBytes.length + offset+1; + if(trailing) + actualOffset = file.getSize() - signatureBytes.length - offset; if (file.getSize() < (actualOffset + signatureBytes.length)) { return false; /// too small, can't contain this signature } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index 712c82823c..b721936057 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -270,14 +270,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane } } signatureTextField.setText(signatureBytes); - if(signature.getOffset() < 0) { - isFooterCheckBox.setSelected(true); - offsetTextField.setText(Long.toString(signature.getOffset()*-1 -1)); - } - else { - isFooterCheckBox.setSelected(false); - offsetTextField.setText(Long.toString(signature.getOffset())); - } + isFooterCheckBox.setSelected(signature.isTrailing()); + offsetTextField.setText(Long.toString(signature.getOffset())); postHitCheckBox.setSelected(fileType.alertOnMatch()); filesSetNameTextField.setEnabled(postHitCheckBox.isSelected()); filesSetNameTextField.setText(fileType.getFilesSetName()); @@ -632,12 +626,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane */ long offset; try { - if(isFooterCheckBox.isSelected()) { - offset = Long.parseUnsignedLong(offsetTextField.getText())*-1 -1; - } - else { offset = Long.parseUnsignedLong(offsetTextField.getText()); - } } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), @@ -664,7 +653,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane /** * Put it all together and reset the file types list component. */ - FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType); + boolean isTrailing = isFooterCheckBox.isSelected(); + FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isFooterCheckBox.isSelected()); FileType fileType = new FileType(typeName, signature, filesSetName, postHitCheckBox.isSelected()); FileType selected = typesList.getSelectedValue(); if (selected != null) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd index c923441e3d..63dab70d24 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd @@ -25,7 +25,8 @@ - + + diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java index 47a3a0f97b..4d801c79be 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java @@ -38,6 +38,7 @@ import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.XMLUtil; import org.sleuthkit.autopsy.modules.filetypeid.FileType.Signature; +import org.w3c.dom.Node; import org.xml.sax.SAXException; /** @@ -67,6 +68,7 @@ final class UserDefinedFileTypesManager { private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS + private static final String TRAILING_TAG_NAME = "Trailing"; private static final String INTERESTING_FILES_SET_TAG_NAME = "InterestingFileSset"; //NON-NLS private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS @@ -372,6 +374,10 @@ final class UserDefinedFileTypesManager { Element offsetElem = doc.createElement(OFFSET_TAG_NAME); offsetElem.setTextContent(DatatypeConverter.printLong(signature.getOffset())); signatureElem.appendChild(offsetElem); + + Element trailingElem = doc.createElement(TRAILING_TAG_NAME); + trailingElem.setTextContent(DatatypeConverter.printBoolean(signature.isTrailing())); + signatureElem.appendChild(trailingElem); signatureElem.setAttribute(SIGNATURE_TYPE_ATTRIBUTE, signature.getType().toString()); fileTypeElem.appendChild(signatureElem); @@ -482,8 +488,14 @@ final class UserDefinedFileTypesManager { String offsetString = getChildElementTextContent(signatureElem, OFFSET_TAG_NAME); long offset = DatatypeConverter.parseLong(offsetString); + + String trailingString = getChildElementTextContent(signatureElem, TRAILING_TAG_NAME); + if(trailingString == null) + return new Signature(signatureBytes, offset, signatureType); + + boolean trailing = DatatypeConverter.parseBoolean(trailingString); - return new Signature(signatureBytes, offset, signatureType); + return new Signature(signatureBytes, offset, signatureType, trailing); } /** @@ -525,7 +537,10 @@ final class UserDefinedFileTypesManager { */ private static String getChildElementTextContent(Element elem, String tagName) { NodeList childElems = elem.getElementsByTagName(tagName); - Element childElem = (Element) childElems.item(0); + Node childNode = childElems.item(0); + if(childNode == null) + return null; + Element childElem = (Element) childNode; return childElem.getTextContent(); } From 796e4417654e87458fa0f685da2bf4b66edf813c Mon Sep 17 00:00:00 2001 From: momo Date: Wed, 28 Oct 2015 15:11:46 -0400 Subject: [PATCH 07/15] change variable names --- .../modules/filetypeid/Bundle.properties | 2 +- .../autopsy/modules/filetypeid/FileType.java | 17 +++++++----- .../FileTypeIdGlobalSettingsPanel.form | 10 +++---- .../FileTypeIdGlobalSettingsPanel.java | 26 +++++++++---------- 4 files changed, 29 insertions(+), 26 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties index 7ac6b9fc2c..bc99ea014f 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties @@ -46,4 +46,4 @@ FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types: FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. -FileTypeIdGlobalSettingsPanel.isFooterCheckBox.text=This signature is a footer +FileTypeIdGlobalSettingsPanel.isTrailingCheckBox.text=This signature is a trailing diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index 451c1d773c..133c1c6f84 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -203,13 +203,14 @@ class FileType { * @param signatureBytes The signature bytes. * @param offset The offset of the signature bytes. * @param type The type of data in the byte array. Impacts - * how it is displayed to the user in the UI. + * how it is displayed to the user in the UI. + * @param trailing Determines whether this signature is trailing. */ - Signature(final byte[] signatureBytes, long offset, Type type, boolean isFooter) { + Signature(final byte[] signatureBytes, long offset, Type type, boolean trailing) { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = type; - this.trailing = isFooter; + this.trailing = trailing; } /** @@ -218,12 +219,13 @@ class FileType { * * @param signatureString The ASCII string * @param offset The offset of the signature bytes. + * @param trailing Determines whether this signature is trailing. */ - Signature(String signatureString, long offset, boolean isFooter) { + Signature(String signatureString, long offset, boolean trailing) { this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); this.offset = offset; this.type = Type.ASCII; - this.trailing = isFooter; + this.trailing = trailing; } /** @@ -234,12 +236,13 @@ class FileType { * * @param signatureBytes The signature bytes. * @param offset The offset of the signature bytes. + * @param trailing Determines whether this signature is trailing. */ - Signature(final byte[] signatureBytes, long offset, boolean isFooter) { + Signature(final byte[] signatureBytes, long offset, boolean trailing) { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = Type.RAW; - this.trailing = isFooter; + this.trailing = trailing; } /** diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form index 030695446f..0e51a3c6bc 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form @@ -83,7 +83,7 @@ - + @@ -140,7 +140,7 @@ - + @@ -353,14 +353,14 @@ - + - + - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index b721936057..690cef660a 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -270,7 +270,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane } } signatureTextField.setText(signatureBytes); - isFooterCheckBox.setSelected(signature.isTrailing()); + isTrailingCheckBox.setSelected(signature.isTrailing()); offsetTextField.setText(Long.toString(signature.getOffset())); postHitCheckBox.setSelected(fileType.alertOnMatch()); filesSetNameTextField.setEnabled(postHitCheckBox.isSelected()); @@ -290,7 +290,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM); hexPrefixLabel.setVisible(true); signatureTextField.setText("0000"); //NON-NLS - isFooterCheckBox.setSelected(false); + isTrailingCheckBox.setSelected(false); offsetTextField.setText(""); //NON-NLS postHitCheckBox.setSelected(false); filesSetNameTextField.setText(""); //NON-NLS @@ -362,7 +362,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane jLabel1 = new javax.swing.JLabel(); jLabel2 = new javax.swing.JLabel(); jLabel3 = new javax.swing.JLabel(); - isFooterCheckBox = new javax.swing.JCheckBox(); + isTrailingCheckBox = new javax.swing.JCheckBox(); setMaximumSize(new java.awt.Dimension(500, 300)); setPreferredSize(new java.awt.Dimension(500, 300)); @@ -442,10 +442,10 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane org.openide.awt.Mnemonics.setLocalizedText(jLabel3, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.jLabel3.text")); // NOI18N - org.openide.awt.Mnemonics.setLocalizedText(isFooterCheckBox, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.isFooterCheckBox.text")); // NOI18N - isFooterCheckBox.addActionListener(new java.awt.event.ActionListener() { + org.openide.awt.Mnemonics.setLocalizedText(isTrailingCheckBox, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.isTrailingCheckBox.text")); // NOI18N + isTrailingCheckBox.addActionListener(new java.awt.event.ActionListener() { public void actionPerformed(java.awt.event.ActionEvent evt) { - isFooterCheckBoxActionPerformed(evt); + isTrailingCheckBoxActionPerformed(evt); } }); @@ -502,7 +502,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() .addComponent(saveTypeButton) .addGap(8, 8, 8)) - .addComponent(isFooterCheckBox))) + .addComponent(isTrailingCheckBox))) .addComponent(jLabel1) .addComponent(jLabel3)) .addContainerGap(50, Short.MAX_VALUE)))) @@ -544,7 +544,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addComponent(signatureLabel)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(isFooterCheckBox) + .addComponent(isTrailingCheckBox) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) @@ -653,8 +653,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane /** * Put it all together and reset the file types list component. */ - boolean isTrailing = isFooterCheckBox.isSelected(); - FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isFooterCheckBox.isSelected()); + boolean isTrailing = isTrailingCheckBox.isSelected(); + FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isTrailingCheckBox.isSelected()); FileType fileType = new FileType(typeName, signature, filesSetName, postHitCheckBox.isSelected()); FileType selected = typesList.getSelectedValue(); if (selected != null) { @@ -684,9 +684,9 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane // TODO add your handling code here: }//GEN-LAST:event_signatureTextFieldActionPerformed - private void isFooterCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_isFooterCheckBoxActionPerformed + private void isTrailingCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_isTrailingCheckBoxActionPerformed - }//GEN-LAST:event_isFooterCheckBoxActionPerformed + }//GEN-LAST:event_isTrailingCheckBoxActionPerformed // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton deleteTypeButton; @@ -694,7 +694,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane private javax.swing.JTextField filesSetNameTextField; private javax.swing.JLabel hexPrefixLabel; private javax.swing.JLabel ingestRunningWarningLabel; - private javax.swing.JCheckBox isFooterCheckBox; + private javax.swing.JCheckBox isTrailingCheckBox; private javax.swing.JLabel jLabel1; private javax.swing.JLabel jLabel2; private javax.swing.JLabel jLabel3; From a09548f79a1ef4427bfd4cdf5652db6b763f6f6f Mon Sep 17 00:00:00 2001 From: Mohammad Yahya Date: Wed, 28 Oct 2015 15:26:51 -0400 Subject: [PATCH 08/15] remove extra indentation --- .../modules/filetypeid/FileTypeIdGlobalSettingsPanel.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index 690cef660a..b74b7e67cc 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -626,7 +626,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane */ long offset; try { - offset = Long.parseUnsignedLong(offsetTextField.getText()); + offset = Long.parseUnsignedLong(offsetTextField.getText()); } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), From b02c78bea76d392e7fb43c342a1cf579ac6d5d92 Mon Sep 17 00:00:00 2001 From: Mohammad Yahya Date: Wed, 28 Oct 2015 15:28:51 -0400 Subject: [PATCH 09/15] Delete debug line --- .../modules/filetypeid/FileTypeIdGlobalSettingsPanel.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index b74b7e67cc..58afdd266a 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -653,7 +653,6 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane /** * Put it all together and reset the file types list component. */ - boolean isTrailing = isTrailingCheckBox.isSelected(); FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isTrailingCheckBox.isSelected()); FileType fileType = new FileType(typeName, signature, filesSetName, postHitCheckBox.isSelected()); FileType selected = typesList.getSelectedValue(); From d59fcb8172d793e87712a025585e776b32940161 Mon Sep 17 00:00:00 2001 From: Mohammad Yahya Date: Wed, 28 Oct 2015 16:04:16 -0400 Subject: [PATCH 10/15] change wording --- .../org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties index bc99ea014f..4c0eca959b 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties @@ -46,4 +46,4 @@ FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types: FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. -FileTypeIdGlobalSettingsPanel.isTrailingCheckBox.text=This signature is a trailing +FileTypeIdGlobalSettingsPanel.isTrailingCheckBox.text=This is a trailing signature From c4d6c45ed9157c6c7d3dfbf334d0ea964284b34f Mon Sep 17 00:00:00 2001 From: momo Date: Mon, 9 Nov 2015 11:18:19 -0500 Subject: [PATCH 11/15] change feature layout and design --- .../modules/filetypeid/Bundle.properties | 5 +- .../autopsy/modules/filetypeid/FileType.java | 42 +++---- .../FileTypeIdGlobalSettingsPanel.form | 93 +++++++++------ .../FileTypeIdGlobalSettingsPanel.java | 110 +++++++++++------- .../autopsy/modules/filetypeid/FileTypes.xsd | 11 +- .../UserDefinedFileTypesManager.java | 18 ++- 6 files changed, 164 insertions(+), 115 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties index bc99ea014f..bf6adc0de3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties @@ -23,10 +23,13 @@ FileTypeIdGlobalSettingsPanel.mimeTypeLabel.text=MIME Type FileTypeIdGlobalSettingsPanel.saveTypeButton.text=Save FileTypeIdGlobalSettingsPanel.signatureComboBox.rawItem=Bytes (Hex) FileTypeIdGlobalSettingsPanel.signatureComboBox.asciiItem=String (ASCII) +FileTypeIdGlobalSettingsPanel.offsetComboBox.startItem=Start +FileTypeIdGlobalSettingsPanel.offsetComboBox.endItem=End FileTypeIdGlobalSettingsPanel.JOptionPane.invalidMIMEType.message=MIME type is required. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidMIMEType.title=Missing MIME Type FileTypeIdGlobalSettingsPanel.JOptionPane.invalidSignature.message=Signature is required. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidSignature.title=Missing Signature +FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.length=Offset must not be smaller than signature size. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message=Offset must be a positive integer. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.title=Invalid Offset FileTypeIdGlobalSettingsPanel.JOptionPane.invalidRawSignatureBytes.message=The signature has one or more invalid hexadecimal digits. @@ -46,4 +49,4 @@ FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types: FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. -FileTypeIdGlobalSettingsPanel.isTrailingCheckBox.text=This signature is a trailing +FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text=Offset is relative to diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index 133c1c6f84..a1f96d54d8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -51,7 +51,7 @@ class FileType { */ FileType(String mimeType, final Signature signature, String filesSetName, boolean alert) { this.mimeType = mimeType; - this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isTrailing()); + this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isRelativeToStart()); this.interestingFilesSetName = filesSetName; this.alert = alert; } @@ -71,7 +71,7 @@ class FileType { * @return The signature. */ Signature getSignature() { - return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isTrailing()); + return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isRelativeToStart()); } /** @@ -148,7 +148,7 @@ class FileType { private final byte[] signatureBytes; private final long offset; private final Type type; - private final boolean trailing; + private final boolean isRelativeToStart; /** * Creates a file signature consisting of a sequence of bytes at a @@ -163,7 +163,7 @@ class FileType { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = type; - this.trailing = false; + this.isRelativeToStart = true; } /** @@ -177,7 +177,7 @@ class FileType { this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); this.offset = offset; this.type = Type.ASCII; - this.trailing = false; + this.isRelativeToStart = true; } /** @@ -193,7 +193,7 @@ class FileType { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = Type.RAW; - this.trailing = false; + this.isRelativeToStart = true; } /** @@ -204,13 +204,13 @@ class FileType { * @param offset The offset of the signature bytes. * @param type The type of data in the byte array. Impacts * how it is displayed to the user in the UI. - * @param trailing Determines whether this signature is trailing. + * @param isRelativeToStart Determines whether this signature is relative to start. */ - Signature(final byte[] signatureBytes, long offset, Type type, boolean trailing) { + Signature(final byte[] signatureBytes, long offset, Type type, boolean isRelativeToStart) { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = type; - this.trailing = trailing; + this.isRelativeToStart = isRelativeToStart; } /** @@ -219,13 +219,13 @@ class FileType { * * @param signatureString The ASCII string * @param offset The offset of the signature bytes. - * @param trailing Determines whether this signature is trailing. + * @param isRelativeToStart Determines whether this signature is relative to start. */ - Signature(String signatureString, long offset, boolean trailing) { + Signature(String signatureString, long offset, boolean isRelativeToStart) { this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); this.offset = offset; this.type = Type.ASCII; - this.trailing = trailing; + this.isRelativeToStart = isRelativeToStart; } /** @@ -234,15 +234,15 @@ class FileType { * string, use one of the other constructors so that the string is * displayed to the user instead of the raw bytes. * - * @param signatureBytes The signature bytes. - * @param offset The offset of the signature bytes. - * @param trailing Determines whether this signature is trailing. + * @param signatureBytes The signature bytes. + * @param offset The offset of the signature bytes. + * @param isRelativeToStart Determines whether this signature is relative to start. */ - Signature(final byte[] signatureBytes, long offset, boolean trailing) { + Signature(final byte[] signatureBytes, long offset, boolean isRelativeToStart) { this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.offset = offset; this.type = Type.RAW; - this.trailing = trailing; + this.isRelativeToStart = isRelativeToStart; } /** @@ -272,8 +272,8 @@ class FileType { return type; } - boolean isTrailing() { - return trailing; + boolean isRelativeToStart() { + return isRelativeToStart; } /** @@ -286,8 +286,8 @@ class FileType { */ boolean containedIn(final AbstractFile file) { long actualOffset = offset; - if(trailing) - actualOffset = file.getSize() - signatureBytes.length - offset; + if(!isRelativeToStart) + actualOffset = file.getSize() - offset; if (file.getSize() < (actualOffset + signatureBytes.length)) { return false; /// too small, can't contain this signature } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form index 0e51a3c6bc..2b4647356c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form @@ -49,47 +49,56 @@ - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + + + + + - + @@ -108,7 +117,7 @@ - + @@ -139,14 +148,17 @@ - - + + + + + - - + + - + @@ -353,15 +365,22 @@ - + - - + + + + + + + + + + + + - - - diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index 690cef660a..42c89f3386 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -52,6 +52,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane private static final String RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.signatureComboBox.rawItem"); private static final String ASCII_SIGNATURE_TYPE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.signatureComboBox.asciiItem"); + private static final String START_OFFSET_RELATIVE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.offsetComboBox.startItem"); + private static final String END_OFFSET_RELATIVE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.offsetComboBox.endItem"); /** * The list model for the file types list component of this panel is the set * of MIME types associated with the user-defined file types. A mapping of @@ -88,6 +90,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane private void customizeComponents() { setFileTypesListModel(); setSignatureTypeComboBoxModel(); + setOffsetRealtiveToComboBoxModel(); clearTypeDetailsComponents(); addTypeListSelectionListener(); addTextFieldListeners(); @@ -111,6 +114,17 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane signatureTypeComboBox.setModel(sigTypeComboBoxModel); signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM); } + + /** + * Sets the model for the signature type combo box. + */ + private void setOffsetRealtiveToComboBoxModel() { + DefaultComboBoxModel offsetRelComboBoxModel = new DefaultComboBoxModel<>(); + offsetRelComboBoxModel.addElement(FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM); + offsetRelComboBoxModel.addElement(FileTypeIdGlobalSettingsPanel.END_OFFSET_RELATIVE_COMBO_BOX_ITEM); + offsetRelativeToComboBox.setModel(offsetRelComboBoxModel); + offsetRelativeToComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM); + } /** * Adds a listener to the types list component so that the components in the @@ -270,7 +284,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane } } signatureTextField.setText(signatureBytes); - isTrailingCheckBox.setSelected(signature.isTrailing()); + offsetRelativeToComboBox.setSelectedItem(signature.isRelativeToStart() ? FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM : FileTypeIdGlobalSettingsPanel.END_OFFSET_RELATIVE_COMBO_BOX_ITEM); offsetTextField.setText(Long.toString(signature.getOffset())); postHitCheckBox.setSelected(fileType.alertOnMatch()); filesSetNameTextField.setEnabled(postHitCheckBox.isSelected()); @@ -290,7 +304,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM); hexPrefixLabel.setVisible(true); signatureTextField.setText("0000"); //NON-NLS - isTrailingCheckBox.setSelected(false); + offsetRelativeToComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM); offsetTextField.setText(""); //NON-NLS postHitCheckBox.setSelected(false); filesSetNameTextField.setText(""); //NON-NLS @@ -362,7 +376,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane jLabel1 = new javax.swing.JLabel(); jLabel2 = new javax.swing.JLabel(); jLabel3 = new javax.swing.JLabel(); - isTrailingCheckBox = new javax.swing.JCheckBox(); + offsetRelativeToComboBox = new javax.swing.JComboBox(); + offsetRelativeToLabel = new javax.swing.JLabel(); setMaximumSize(new java.awt.Dimension(500, 300)); setPreferredSize(new java.awt.Dimension(500, 300)); @@ -442,12 +457,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane org.openide.awt.Mnemonics.setLocalizedText(jLabel3, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.jLabel3.text")); // NOI18N - org.openide.awt.Mnemonics.setLocalizedText(isTrailingCheckBox, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.isTrailingCheckBox.text")); // NOI18N - isTrailingCheckBox.addActionListener(new java.awt.event.ActionListener() { - public void actionPerformed(java.awt.event.ActionEvent evt) { - isTrailingCheckBoxActionPerformed(evt); - } - }); + org.openide.awt.Mnemonics.setLocalizedText(offsetRelativeToLabel, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text")); // NOI18N javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); this.setLayout(layout); @@ -475,37 +485,43 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) - .addGroup(layout.createSequentialGroup() - .addComponent(mimeTypeLabel) - .addGap(30, 30, 30) - .addComponent(mimeTypeTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addComponent(postHitCheckBox) - .addGroup(layout.createSequentialGroup() - .addComponent(signatureTypeLabel) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(signatureTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(layout.createSequentialGroup() - .addComponent(signatureLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(hexPrefixLabel) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 160, javax.swing.GroupLayout.PREFERRED_SIZE)) - .addGroup(layout.createSequentialGroup() - .addComponent(offsetLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 71, javax.swing.GroupLayout.PREFERRED_SIZE) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 178, javax.swing.GroupLayout.PREFERRED_SIZE)) .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() .addGap(21, 21, 21) .addComponent(filesSetNameLabel) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) - .addComponent(filesSetNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 182, javax.swing.GroupLayout.PREFERRED_SIZE))) + .addComponent(filesSetNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 182, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(layout.createSequentialGroup() + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addGroup(layout.createSequentialGroup() + .addComponent(mimeTypeLabel) + .addGap(30, 30, 30) + .addComponent(mimeTypeTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addComponent(postHitCheckBox) + .addGroup(layout.createSequentialGroup() + .addComponent(signatureTypeLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(signatureTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(layout.createSequentialGroup() + .addComponent(signatureLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(hexPrefixLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) + .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 160, javax.swing.GroupLayout.PREFERRED_SIZE)) + .addGroup(layout.createSequentialGroup() + .addComponent(offsetLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 71, javax.swing.GroupLayout.PREFERRED_SIZE) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 178, javax.swing.GroupLayout.PREFERRED_SIZE))) + .addGap(6, 6, 6))) .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() .addComponent(saveTypeButton) .addGap(8, 8, 8)) - .addComponent(isTrailingCheckBox))) + .addGroup(layout.createSequentialGroup() + .addComponent(offsetRelativeToLabel) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(offsetRelativeToComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))) .addComponent(jLabel1) .addComponent(jLabel3)) - .addContainerGap(50, Short.MAX_VALUE)))) + .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))) ); layout.setVerticalGroup( layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) @@ -520,7 +536,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addGroup(layout.createSequentialGroup() .addComponent(jLabel2) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(typesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 173, Short.MAX_VALUE) + .addComponent(typesScrollPane) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addComponent(deleteTypeButton) @@ -543,13 +559,15 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane .addComponent(hexPrefixLabel) .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addComponent(signatureLabel)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) - .addComponent(isTrailingCheckBox) + .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) + .addComponent(offsetLabel) + .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) - .addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) - .addComponent(offsetLabel)) - .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) + .addComponent(offsetRelativeToComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) + .addComponent(offsetRelativeToLabel)) + .addGap(16, 16, 16) .addComponent(postHitCheckBox) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) @@ -625,8 +643,16 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane * Get the offset. */ long offset; + boolean isRelativeToStart = offsetRelativeToComboBox.getSelectedItem() == FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM; try { offset = Long.parseUnsignedLong(offsetTextField.getText()); + if(!isRelativeToStart && sigString.length() > offset) { + JOptionPane.showMessageDialog(null, + NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.length"), + NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.title"), + JOptionPane.ERROR_MESSAGE); + return; + } } catch (NumberFormatException ex) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), @@ -653,8 +679,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane /** * Put it all together and reset the file types list component. */ - boolean isTrailing = isTrailingCheckBox.isSelected(); - FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isTrailingCheckBox.isSelected()); + FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isRelativeToStart); FileType fileType = new FileType(typeName, signature, filesSetName, postHitCheckBox.isSelected()); FileType selected = typesList.getSelectedValue(); if (selected != null) { @@ -684,17 +709,12 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane // TODO add your handling code here: }//GEN-LAST:event_signatureTextFieldActionPerformed - private void isTrailingCheckBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_isTrailingCheckBoxActionPerformed - - }//GEN-LAST:event_isTrailingCheckBoxActionPerformed - // Variables declaration - do not modify//GEN-BEGIN:variables private javax.swing.JButton deleteTypeButton; private javax.swing.JLabel filesSetNameLabel; private javax.swing.JTextField filesSetNameTextField; private javax.swing.JLabel hexPrefixLabel; private javax.swing.JLabel ingestRunningWarningLabel; - private javax.swing.JCheckBox isTrailingCheckBox; private javax.swing.JLabel jLabel1; private javax.swing.JLabel jLabel2; private javax.swing.JLabel jLabel3; @@ -702,6 +722,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane private javax.swing.JTextField mimeTypeTextField; private javax.swing.JButton newTypeButton; private javax.swing.JLabel offsetLabel; + private javax.swing.JComboBox offsetRelativeToComboBox; + private javax.swing.JLabel offsetRelativeToLabel; private javax.swing.JTextField offsetTextField; private javax.swing.JCheckBox postHitCheckBox; private javax.swing.JButton saveTypeButton; diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd index 63dab70d24..d5812bcf19 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd @@ -15,6 +15,14 @@ + + + + + + + + @@ -25,8 +33,7 @@ - - + diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java index 4d801c79be..2be7579081 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java @@ -68,7 +68,7 @@ final class UserDefinedFileTypesManager { private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS - private static final String TRAILING_TAG_NAME = "Trailing"; + private static final String RELATIVE_ATTRIBUTE = "RelativeToStart"; private static final String INTERESTING_FILES_SET_TAG_NAME = "InterestingFileSset"; //NON-NLS private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS @@ -373,11 +373,8 @@ final class UserDefinedFileTypesManager { Element offsetElem = doc.createElement(OFFSET_TAG_NAME); offsetElem.setTextContent(DatatypeConverter.printLong(signature.getOffset())); + offsetElem.setAttribute(RELATIVE_ATTRIBUTE, String.valueOf(signature.isRelativeToStart())); signatureElem.appendChild(offsetElem); - - Element trailingElem = doc.createElement(TRAILING_TAG_NAME); - trailingElem.setTextContent(DatatypeConverter.printBoolean(signature.isTrailing())); - signatureElem.appendChild(trailingElem); signatureElem.setAttribute(SIGNATURE_TYPE_ATTRIBUTE, signature.getType().toString()); fileTypeElem.appendChild(signatureElem); @@ -486,16 +483,17 @@ final class UserDefinedFileTypesManager { String sigBytesString = getChildElementTextContent(signatureElem, BYTES_TAG_NAME); byte[] signatureBytes = DatatypeConverter.parseHexBinary(sigBytesString); - String offsetString = getChildElementTextContent(signatureElem, OFFSET_TAG_NAME); + Element offsetElem = (Element) signatureElem.getElementsByTagName(OFFSET_TAG_NAME).item(0); + String offsetString = offsetElem.getTextContent(); long offset = DatatypeConverter.parseLong(offsetString); - String trailingString = getChildElementTextContent(signatureElem, TRAILING_TAG_NAME); - if(trailingString == null) + String relativeString = offsetElem.getAttribute(RELATIVE_ATTRIBUTE); + if(relativeString == null) return new Signature(signatureBytes, offset, signatureType); - boolean trailing = DatatypeConverter.parseBoolean(trailingString); + boolean isRelative = DatatypeConverter.parseBoolean(relativeString); - return new Signature(signatureBytes, offset, signatureType, trailing); + return new Signature(signatureBytes, offset, signatureType, isRelative); } /** From e19e338db61bf0db6d57cb06c0b7b18eed265435 Mon Sep 17 00:00:00 2001 From: momo Date: Mon, 9 Nov 2015 12:58:12 -0500 Subject: [PATCH 12/15] some formatting --- .../autopsy/modules/filetypeid/Bundle.properties | 2 +- .../autopsy/modules/filetypeid/FileType.java | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties index c2cb3b4765..bf6adc0de3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties @@ -49,4 +49,4 @@ FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types: FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. -FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text=Offset is relative to \ No newline at end of file +FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text=Offset is relative to diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index a1f96d54d8..9b65bcb63c 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -200,10 +200,10 @@ class FileType { * Creates a file signature consisting of a sequence of bytes at a * specific offset within a file. * - * @param signatureBytes The signature bytes. - * @param offset The offset of the signature bytes. - * @param type The type of data in the byte array. Impacts - * how it is displayed to the user in the UI. + * @param signatureBytes The signature bytes. + * @param offset The offset of the signature bytes. + * @param type The type of data in the byte array. Impacts + * how it is displayed to the user in the UI. * @param isRelativeToStart Determines whether this signature is relative to start. */ Signature(final byte[] signatureBytes, long offset, Type type, boolean isRelativeToStart) { @@ -217,8 +217,8 @@ class FileType { * Creates a file signature consisting of an ASCII string at a * specific offset within a file. * - * @param signatureString The ASCII string - * @param offset The offset of the signature bytes. + * @param signatureString The ASCII string + * @param offset The offset of the signature bytes. * @param isRelativeToStart Determines whether this signature is relative to start. */ Signature(String signatureString, long offset, boolean isRelativeToStart) { From 6601110345a17fd9fbe0d4bc8477f73863212072 Mon Sep 17 00:00:00 2001 From: momo Date: Mon, 9 Nov 2015 13:07:50 -0500 Subject: [PATCH 13/15] support old format --- .../autopsy/modules/filetypeid/UserDefinedFileTypesManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java index 2be7579081..0418f1013e 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java @@ -488,7 +488,7 @@ final class UserDefinedFileTypesManager { long offset = DatatypeConverter.parseLong(offsetString); String relativeString = offsetElem.getAttribute(RELATIVE_ATTRIBUTE); - if(relativeString == null) + if(relativeString == null || relativeString.equals("")) return new Signature(signatureBytes, offset, signatureType); boolean isRelative = DatatypeConverter.parseBoolean(relativeString); From e58987e05df99c8e71c7dcec3a1554fe20c5d501 Mon Sep 17 00:00:00 2001 From: momo Date: Mon, 9 Nov 2015 13:14:37 -0500 Subject: [PATCH 14/15] clarifying comment --- .../autopsy/modules/filetypeid/UserDefinedFileTypesManager.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java index 0418f1013e..557c14a9a5 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java @@ -531,7 +531,7 @@ final class UserDefinedFileTypesManager { * @param elem The parent element. * @param tagName The tag name of the child element. * - * @return The text content. + * @return The text content or null if the tag doesn't exist. */ private static String getChildElementTextContent(Element elem, String tagName) { NodeList childElems = elem.getElementsByTagName(tagName); From 6fdfe73afdf0dc57091f8911165097c1525992c4 Mon Sep 17 00:00:00 2001 From: momo Date: Thu, 12 Nov 2015 10:38:43 -0500 Subject: [PATCH 15/15] start from offset 0 at the end --- .../src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java | 2 +- .../modules/filetypeid/FileTypeIdGlobalSettingsPanel.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java index 9b65bcb63c..84e4186975 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java @@ -287,7 +287,7 @@ class FileType { boolean containedIn(final AbstractFile file) { long actualOffset = offset; if(!isRelativeToStart) - actualOffset = file.getSize() - offset; + actualOffset = file.getSize() - 1 - offset; if (file.getSize() < (actualOffset + signatureBytes.length)) { return false; /// too small, can't contain this signature } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java index 42c89f3386..410851b648 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java @@ -627,6 +627,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane byte[] signatureBytes; if (FileType.Signature.Type.RAW == sigType) { try { + sigString = sigString.replaceAll("\\s", ""); signatureBytes = DatatypeConverter.parseHexBinary(sigString); } catch (IllegalArgumentException ex) { JOptionPane.showMessageDialog(null, @@ -646,7 +647,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane boolean isRelativeToStart = offsetRelativeToComboBox.getSelectedItem() == FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM; try { offset = Long.parseUnsignedLong(offsetTextField.getText()); - if(!isRelativeToStart && sigString.length() > offset) { + if(!isRelativeToStart && signatureBytes.length > offset+1) { JOptionPane.showMessageDialog(null, NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.length"), NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.title"),