mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1693 from mhmdfy/footer-mimetypes

Browse Source 
Footer mimetypes
This commit is contained in:
Richard Cordovano 2015-11-12 11:09:03 -05:00
commit 097531f3ae
6 changed files with 224 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties
View File

@ -23,10 +23,13 @@ FileTypeIdGlobalSettingsPanel.mimeTypeLabel.text=MIME Type
FileTypeIdGlobalSettingsPanel.saveTypeButton.text=Save FileTypeIdGlobalSettingsPanel.saveTypeButton.text=Save
FileTypeIdGlobalSettingsPanel.signatureComboBox.rawItem=Bytes (Hex) FileTypeIdGlobalSettingsPanel.signatureComboBox.rawItem=Bytes (Hex)
FileTypeIdGlobalSettingsPanel.signatureComboBox.asciiItem=String (ASCII) FileTypeIdGlobalSettingsPanel.signatureComboBox.asciiItem=String (ASCII)
FileTypeIdGlobalSettingsPanel.offsetComboBox.startItem=Start
FileTypeIdGlobalSettingsPanel.offsetComboBox.endItem=End
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidMIMEType.message=MIME type is required. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidMIMEType.message=MIME type is required.
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidMIMEType.title=Missing MIME Type FileTypeIdGlobalSettingsPanel.JOptionPane.invalidMIMEType.title=Missing MIME Type
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidSignature.message=Signature is required. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidSignature.message=Signature is required.
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidSignature.title=Missing Signature FileTypeIdGlobalSettingsPanel.JOptionPane.invalidSignature.title=Missing Signature
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.length=Offset must not be smaller than signature size.
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message=Offset must be a positive integer. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message=Offset must be a positive integer.
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.title=Invalid Offset FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.title=Invalid Offset
FileTypeIdGlobalSettingsPanel.JOptionPane.invalidRawSignatureBytes.message=The signature has one or more invalid hexadecimal digits. FileTypeIdGlobalSettingsPanel.JOptionPane.invalidRawSignatureBytes.message=The signature has one or more invalid hexadecimal digits.
@ -46,4 +49,4 @@ FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types:
FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here.
FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector.
FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector.
FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text=Offset is relative to

68
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileType.java
View File

@ -51,7 +51,7 @@ class FileType {
*/ */
FileType(String mimeType, final Signature signature, String filesSetName, boolean alert) { FileType(String mimeType, final Signature signature, String filesSetName, boolean alert) {
this.mimeType = mimeType; this.mimeType = mimeType;
this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType()); this.signature = new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isRelativeToStart());
this.interestingFilesSetName = filesSetName; this.interestingFilesSetName = filesSetName;
this.alert = alert; this.alert = alert;
} }
@ -71,7 +71,7 @@ class FileType {
* @return The signature. * @return The signature.
*/ */
Signature getSignature() { Signature getSignature() {
return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType()); return new Signature(signature.getSignatureBytes(), signature.getOffset(), signature.getType(), signature.isRelativeToStart());
} }
/** /**
@ -148,6 +148,7 @@ class FileType {
private final byte[] signatureBytes; private final byte[] signatureBytes;
private final long offset; private final long offset;
private final Type type; private final Type type;
private final boolean isRelativeToStart;
/** /**
* Creates a file signature consisting of a sequence of bytes at a * Creates a file signature consisting of a sequence of bytes at a
@ -162,6 +163,7 @@ class FileType {
this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
this.offset = offset; this.offset = offset;
this.type = type; this.type = type;
this.isRelativeToStart = true;
} }
/** /**
@ -175,6 +177,7 @@ class FileType {
this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII); this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
this.offset = offset; this.offset = offset;
this.type = Type.ASCII; this.type = Type.ASCII;
this.isRelativeToStart = true;
} }
/** /**
@ -190,6 +193,56 @@ class FileType {
this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length); this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
this.offset = offset; this.offset = offset;
this.type = Type.RAW; this.type = Type.RAW;
this.isRelativeToStart = true;
}
/**
* Creates a file signature consisting of a sequence of bytes at a
* specific offset within a file.
*
* @param signatureBytes The signature bytes.
* @param offset The offset of the signature bytes.
* @param type The type of data in the byte array. Impacts
* how it is displayed to the user in the UI.
* @param isRelativeToStart Determines whether this signature is relative to start.
*/
Signature(final byte[] signatureBytes, long offset, Type type, boolean isRelativeToStart) {
this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
this.offset = offset;
this.type = type;
this.isRelativeToStart = isRelativeToStart;
}
/**
* Creates a file signature consisting of an ASCII string at a
* specific offset within a file.
*
* @param signatureString The ASCII string
* @param offset The offset of the signature bytes.
* @param isRelativeToStart Determines whether this signature is relative to start.
*/
Signature(String signatureString, long offset, boolean isRelativeToStart) {
this.signatureBytes = signatureString.getBytes(StandardCharsets.US_ASCII);
this.offset = offset;
this.type = Type.ASCII;
this.isRelativeToStart = isRelativeToStart;
}
/**
* Creates a file signature consisting of a sequence of bytes at a
* specific offset within a file. If bytes correspond to an ASCII
* string, use one of the other constructors so that the string is
* displayed to the user instead of the raw bytes.
*
* @param signatureBytes The signature bytes.
* @param offset The offset of the signature bytes.
* @param isRelativeToStart Determines whether this signature is relative to start.
*/
Signature(final byte[] signatureBytes, long offset, boolean isRelativeToStart) {
this.signatureBytes = Arrays.copyOf(signatureBytes, signatureBytes.length);
this.offset = offset;
this.type = Type.RAW;
this.isRelativeToStart = isRelativeToStart;
} }
/** /**
@ -219,6 +272,10 @@ class FileType {
return type; return type;
} }
boolean isRelativeToStart() {
return isRelativeToStart;
}
/** /**
* Determines whether or not the signature is contained within a given * Determines whether or not the signature is contained within a given
* file. * file.
@ -228,12 +285,15 @@ class FileType {
* @return True or false. * @return True or false.
*/ */
boolean containedIn(final AbstractFile file) { boolean containedIn(final AbstractFile file) {
if (file.getSize() < (offset + signatureBytes.length)) { long actualOffset = offset;
if(!isRelativeToStart)
actualOffset = file.getSize() - 1 - offset;
if (file.getSize() < (actualOffset + signatureBytes.length)) {
return false; /// too small, can't contain this signature return false; /// too small, can't contain this signature
} }
try { try {
byte[] buffer = new byte[signatureBytes.length]; byte[] buffer = new byte[signatureBytes.length];
int bytesRead = file.read(buffer, offset, signatureBytes.length); int bytesRead = file.read(buffer, actualOffset, signatureBytes.length);
return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes))); return ((bytesRead == signatureBytes.length) && (Arrays.equals(buffer, signatureBytes)));
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
/** /**

86
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.form
View File

@ -49,40 +49,50 @@
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0"> <Group type="103" groupAlignment="0" attributes="0">
<Group type="103" alignment="0" groupAlignment="0" attributes="0"> <Group type="103" alignment="0" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="mimeTypeLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="30" max="-2" attributes="0"/>
<Component id="mimeTypeTextField" min="-2" pref="176" max="-2" attributes="0"/>
</Group>
<Component id="postHitCheckBox" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Component id="signatureTypeLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="signatureTypeComboBox" min="-2" pref="176" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="signatureLabel" min="-2" pref="73" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="hexPrefixLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="signatureTextField" min="-2" pref="160" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="offsetLabel" min="-2" pref="71" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="offsetTextField" min="-2" pref="178" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="1" attributes="0"> <Group type="102" alignment="1" attributes="0">
<EmptySpace min="21" pref="21" max="-2" attributes="0"/> <EmptySpace min="21" pref="21" max="-2" attributes="0"/>
<Component id="filesSetNameLabel" min="-2" max="-2" attributes="0"/> <Component id="filesSetNameLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/> <EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="filesSetNameTextField" min="-2" pref="182" max="-2" attributes="0"/> <Component id="filesSetNameTextField" min="-2" pref="182" max="-2" attributes="0"/>
</Group> </Group>
<Group type="102" attributes="0">
<Group type="103" groupAlignment="0" attributes="0">
<Group type="102" alignment="0" attributes="0">
<Component id="mimeTypeLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="30" max="-2" attributes="0"/>
<Component id="mimeTypeTextField" min="-2" pref="176" max="-2" attributes="0"/>
</Group>
<Component id="postHitCheckBox" alignment="0" min="-2" max="-2" attributes="0"/>
<Group type="102" alignment="0" attributes="0">
<Component id="signatureTypeLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="signatureTypeComboBox" min="-2" pref="176" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="signatureLabel" min="-2" pref="73" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="hexPrefixLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/>
<Component id="signatureTextField" min="-2" pref="160" max="-2" attributes="0"/>
</Group>
<Group type="102" alignment="0" attributes="0">
<Component id="offsetLabel" min="-2" pref="71" max="-2" attributes="0"/>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Component id="offsetTextField" min="-2" pref="178" max="-2" attributes="0"/>
</Group>
</Group>
<EmptySpace min="-2" pref="6" max="-2" attributes="0"/>
</Group>
</Group> </Group>
<Group type="102" alignment="1" attributes="0"> <Group type="102" alignment="1" attributes="0">
<Component id="saveTypeButton" min="-2" max="-2" attributes="0"/> <Component id="saveTypeButton" min="-2" max="-2" attributes="0"/>
<EmptySpace min="-2" pref="8" max="-2" attributes="0"/> <EmptySpace min="-2" pref="8" max="-2" attributes="0"/>
</Group> </Group>
<Group type="102" attributes="0">
<Component id="offsetRelativeToLabel" min="-2" max="-2" attributes="0"/>
<EmptySpace type="unrelated" min="-2" max="-2" attributes="0"/>
<Component id="offsetRelativeToComboBox" min="-2" max="-2" attributes="0"/>
</Group>
</Group> </Group>
</Group> </Group>
<Component id="jLabel1" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="jLabel1" alignment="0" min="-2" max="-2" attributes="0"/>
@ -107,7 +117,7 @@
<Group type="102" attributes="0"> <Group type="102" attributes="0">
<Component id="jLabel2" min="-2" max="-2" attributes="0"/> <Component id="jLabel2" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Component id="typesScrollPane" pref="177" max="32767" attributes="0"/> <Component id="typesScrollPane" max="32767" attributes="0"/>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0"> <Group type="103" groupAlignment="3" attributes="0">
<Component id="deleteTypeButton" linkSize="2" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="deleteTypeButton" linkSize="2" alignment="3" min="-2" max="-2" attributes="0"/>
@ -138,12 +148,17 @@
</Group> </Group>
<Component id="signatureLabel" alignment="0" min="-2" max="-2" attributes="0"/> <Component id="signatureLabel" alignment="0" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace type="unrelated" max="-2" attributes="0"/>
<Group type="103" groupAlignment="0" attributes="0">
<Component id="offsetLabel" min="-2" max="-2" attributes="0"/>
<Component id="offsetTextField" alignment="0" min="-2" max="-2" attributes="0"/>
</Group>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0"> <Group type="103" groupAlignment="3" attributes="0">
<Component id="offsetTextField" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="offsetRelativeToComboBox" alignment="3" min="-2" max="-2" attributes="0"/>
<Component id="offsetLabel" alignment="3" min="-2" max="-2" attributes="0"/> <Component id="offsetRelativeToLabel" alignment="3" min="-2" max="-2" attributes="0"/>
</Group> </Group>
<EmptySpace type="unrelated" max="-2" attributes="0"/> <EmptySpace min="-2" pref="16" max="-2" attributes="0"/>
<Component id="postHitCheckBox" min="-2" max="-2" attributes="0"/> <Component id="postHitCheckBox" min="-2" max="-2" attributes="0"/>
<EmptySpace max="-2" attributes="0"/> <EmptySpace max="-2" attributes="0"/>
<Group type="103" groupAlignment="3" attributes="0"> <Group type="103" groupAlignment="3" attributes="0">
@ -350,5 +365,22 @@
</Property> </Property>
</Properties> </Properties>
</Component> </Component>
<Component class="javax.swing.JComboBox" name="offsetRelativeToComboBox">
<Properties>
<Property name="model" type="javax.swing.ComboBoxModel" editor="org.netbeans.modules.form.editors2.ComboBoxModelEditor">
<StringArray count="0"/>
</Property>
</Properties>
<AuxValues>
<AuxValue name="JavaCodeGenerator_TypeParameters" type="java.lang.String" value="&lt;String&gt;"/>
</AuxValues>
</Component>
<Component class="javax.swing.JLabel" name="offsetRelativeToLabel">
<Properties>
<Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
<ResourceString bundle="org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties" key="FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
</Property>
</Properties>
</Component>
</SubComponents> </SubComponents>
</Form> </Form>

96
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdGlobalSettingsPanel.java
View File

@ -52,6 +52,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
private static final String RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.signatureComboBox.rawItem"); private static final String RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.signatureComboBox.rawItem");
private static final String ASCII_SIGNATURE_TYPE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.signatureComboBox.asciiItem"); private static final String ASCII_SIGNATURE_TYPE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.signatureComboBox.asciiItem");
private static final String START_OFFSET_RELATIVE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.offsetComboBox.startItem");
private static final String END_OFFSET_RELATIVE_COMBO_BOX_ITEM = NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.offsetComboBox.endItem");
/** /**
* The list model for the file types list component of this panel is the set * The list model for the file types list component of this panel is the set
* of MIME types associated with the user-defined file types. A mapping of * of MIME types associated with the user-defined file types. A mapping of
@ -88,6 +90,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
private void customizeComponents() { private void customizeComponents() {
setFileTypesListModel(); setFileTypesListModel();
setSignatureTypeComboBoxModel(); setSignatureTypeComboBoxModel();
setOffsetRealtiveToComboBoxModel();
clearTypeDetailsComponents(); clearTypeDetailsComponents();
addTypeListSelectionListener(); addTypeListSelectionListener();
addTextFieldListeners(); addTextFieldListeners();
@ -112,6 +115,17 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM); signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM);
} }
/**
* Sets the model for the signature type combo box.
*/
private void setOffsetRealtiveToComboBoxModel() {
DefaultComboBoxModel<String> offsetRelComboBoxModel = new DefaultComboBoxModel<>();
offsetRelComboBoxModel.addElement(FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM);
offsetRelComboBoxModel.addElement(FileTypeIdGlobalSettingsPanel.END_OFFSET_RELATIVE_COMBO_BOX_ITEM);
offsetRelativeToComboBox.setModel(offsetRelComboBoxModel);
offsetRelativeToComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM);
}
/** /**
* Adds a listener to the types list component so that the components in the * Adds a listener to the types list component so that the components in the
* file type details section of the panel can be populated and cleared based * file type details section of the panel can be populated and cleared based
@ -270,6 +284,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
} }
} }
signatureTextField.setText(signatureBytes); signatureTextField.setText(signatureBytes);
offsetRelativeToComboBox.setSelectedItem(signature.isRelativeToStart() ? FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM : FileTypeIdGlobalSettingsPanel.END_OFFSET_RELATIVE_COMBO_BOX_ITEM);
offsetTextField.setText(Long.toString(signature.getOffset())); offsetTextField.setText(Long.toString(signature.getOffset()));
postHitCheckBox.setSelected(fileType.alertOnMatch()); postHitCheckBox.setSelected(fileType.alertOnMatch());
filesSetNameTextField.setEnabled(postHitCheckBox.isSelected()); filesSetNameTextField.setEnabled(postHitCheckBox.isSelected());
@ -289,6 +304,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM); signatureTypeComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.RAW_SIGNATURE_TYPE_COMBO_BOX_ITEM);
hexPrefixLabel.setVisible(true); hexPrefixLabel.setVisible(true);
signatureTextField.setText("0000"); //NON-NLS signatureTextField.setText("0000"); //NON-NLS
offsetRelativeToComboBox.setSelectedItem(FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM);
offsetTextField.setText(""); //NON-NLS offsetTextField.setText(""); //NON-NLS
postHitCheckBox.setSelected(false); postHitCheckBox.setSelected(false);
filesSetNameTextField.setText(""); //NON-NLS filesSetNameTextField.setText(""); //NON-NLS
@ -360,6 +376,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
jLabel1 = new javax.swing.JLabel(); jLabel1 = new javax.swing.JLabel();
jLabel2 = new javax.swing.JLabel(); jLabel2 = new javax.swing.JLabel();
jLabel3 = new javax.swing.JLabel(); jLabel3 = new javax.swing.JLabel();
offsetRelativeToComboBox = new javax.swing.JComboBox<String>();
offsetRelativeToLabel = new javax.swing.JLabel();
setMaximumSize(new java.awt.Dimension(500, 300)); setMaximumSize(new java.awt.Dimension(500, 300));
setPreferredSize(new java.awt.Dimension(500, 300)); setPreferredSize(new java.awt.Dimension(500, 300));
@ -439,6 +457,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
org.openide.awt.Mnemonics.setLocalizedText(jLabel3, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.jLabel3.text")); // NOI18N org.openide.awt.Mnemonics.setLocalizedText(jLabel3, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.jLabel3.text")); // NOI18N
org.openide.awt.Mnemonics.setLocalizedText(offsetRelativeToLabel, org.openide.util.NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.offsetRelativeToLabel.text")); // NOI18N
javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this); javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
this.setLayout(layout); this.setLayout(layout);
layout.setHorizontalGroup( layout.setHorizontalGroup(
@ -465,33 +485,40 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(mimeTypeLabel)
.addGap(30, 30, 30)
.addComponent(mimeTypeTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE))
.addComponent(postHitCheckBox)
.addGroup(layout.createSequentialGroup()
.addComponent(signatureTypeLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(signatureTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGroup(layout.createSequentialGroup()
.addComponent(signatureLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(hexPrefixLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 160, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGroup(layout.createSequentialGroup()
.addComponent(offsetLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 71, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 178, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
.addGap(21, 21, 21) .addGap(21, 21, 21)
.addComponent(filesSetNameLabel) .addComponent(filesSetNameLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(filesSetNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 182, javax.swing.GroupLayout.PREFERRED_SIZE))) .addComponent(filesSetNameTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 182, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGroup(layout.createSequentialGroup()
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addGroup(layout.createSequentialGroup()
.addComponent(mimeTypeLabel)
.addGap(30, 30, 30)
.addComponent(mimeTypeTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE))
.addComponent(postHitCheckBox)
.addGroup(layout.createSequentialGroup()
.addComponent(signatureTypeLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(signatureTypeComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, 176, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGroup(layout.createSequentialGroup()
.addComponent(signatureLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 73, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(hexPrefixLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 160, javax.swing.GroupLayout.PREFERRED_SIZE))
.addGroup(layout.createSequentialGroup()
.addComponent(offsetLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 71, javax.swing.GroupLayout.PREFERRED_SIZE)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, 178, javax.swing.GroupLayout.PREFERRED_SIZE)))
.addGap(6, 6, 6)))
.addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup() .addGroup(javax.swing.GroupLayout.Alignment.TRAILING, layout.createSequentialGroup()
.addComponent(saveTypeButton) .addComponent(saveTypeButton)
.addGap(8, 8, 8)))) .addGap(8, 8, 8))
.addGroup(layout.createSequentialGroup()
.addComponent(offsetRelativeToLabel)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addComponent(offsetRelativeToComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))))
.addComponent(jLabel1) .addComponent(jLabel1)
.addComponent(jLabel3)) .addComponent(jLabel3))
.addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)))) .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))))
@ -509,7 +536,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
.addGroup(layout.createSequentialGroup() .addGroup(layout.createSequentialGroup()
.addComponent(jLabel2) .addComponent(jLabel2)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addComponent(typesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 177, Short.MAX_VALUE) .addComponent(typesScrollPane)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(deleteTypeButton) .addComponent(deleteTypeButton)
@ -532,11 +559,15 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
.addComponent(hexPrefixLabel) .addComponent(hexPrefixLabel)
.addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)) .addComponent(signatureTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
.addComponent(signatureLabel)) .addComponent(signatureLabel))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
.addComponent(offsetLabel)
.addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
.addComponent(offsetTextField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE) .addComponent(offsetRelativeToComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
.addComponent(offsetLabel)) .addComponent(offsetRelativeToLabel))
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED) .addGap(16, 16, 16)
.addComponent(postHitCheckBox) .addComponent(postHitCheckBox)
.addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED) .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
.addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE) .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
@ -596,6 +627,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
byte[] signatureBytes; byte[] signatureBytes;
if (FileType.Signature.Type.RAW == sigType) { if (FileType.Signature.Type.RAW == sigType) {
try { try {
sigString = sigString.replaceAll("\\s", "");
signatureBytes = DatatypeConverter.parseHexBinary(sigString); signatureBytes = DatatypeConverter.parseHexBinary(sigString);
} catch (IllegalArgumentException ex) { } catch (IllegalArgumentException ex) {
JOptionPane.showMessageDialog(null, JOptionPane.showMessageDialog(null,
@ -612,8 +644,16 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
* Get the offset. * Get the offset.
*/ */
long offset; long offset;
boolean isRelativeToStart = offsetRelativeToComboBox.getSelectedItem() == FileTypeIdGlobalSettingsPanel.START_OFFSET_RELATIVE_COMBO_BOX_ITEM;
try { try {
offset = Long.parseUnsignedLong(offsetTextField.getText()); offset = Long.parseUnsignedLong(offsetTextField.getText());
if(!isRelativeToStart && signatureBytes.length > offset+1) {
JOptionPane.showMessageDialog(null,
NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.length"),
NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.title"),
JOptionPane.ERROR_MESSAGE);
return;
}
} catch (NumberFormatException ex) { } catch (NumberFormatException ex) {
JOptionPane.showMessageDialog(null, JOptionPane.showMessageDialog(null,
NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"), NbBundle.getMessage(FileTypeIdGlobalSettingsPanel.class, "FileTypeIdGlobalSettingsPanel.JOptionPane.invalidOffset.message"),
@ -640,7 +680,7 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
/** /**
* Put it all together and reset the file types list component. * Put it all together and reset the file types list component.
*/ */
FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType); FileType.Signature signature = new FileType.Signature(signatureBytes, offset, sigType, isRelativeToStart);
FileType fileType = new FileType(typeName, signature, filesSetName, postHitCheckBox.isSelected()); FileType fileType = new FileType(typeName, signature, filesSetName, postHitCheckBox.isSelected());
FileType selected = typesList.getSelectedValue(); FileType selected = typesList.getSelectedValue();
if (selected != null) { if (selected != null) {
@ -683,6 +723,8 @@ final class FileTypeIdGlobalSettingsPanel extends IngestModuleGlobalSettingsPane
private javax.swing.JTextField mimeTypeTextField; private javax.swing.JTextField mimeTypeTextField;
private javax.swing.JButton newTypeButton; private javax.swing.JButton newTypeButton;
private javax.swing.JLabel offsetLabel; private javax.swing.JLabel offsetLabel;
private javax.swing.JComboBox<String> offsetRelativeToComboBox;
private javax.swing.JLabel offsetRelativeToLabel;
private javax.swing.JTextField offsetTextField; private javax.swing.JTextField offsetTextField;
private javax.swing.JCheckBox postHitCheckBox; private javax.swing.JCheckBox postHitCheckBox;
private javax.swing.JButton saveTypeButton; private javax.swing.JButton saveTypeButton;

10
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypes.xsd
View File

@ -15,6 +15,14 @@
</xs:restriction> </xs:restriction>
</xs:simpleType> </xs:simpleType>
<xs:complexType name="offsetType">
<xs:simpleContent>
<xs:extension base="xs:nonNegativeInteger">
<xs:attribute name="RelativeToStart" type="xs:boolean" />
</xs:extension>
</xs:simpleContent>
</xs:complexType>
<xs:simpleType name="sigInterpretationType"> <xs:simpleType name="sigInterpretationType">
<xs:restriction base="xs:string"> <xs:restriction base="xs:string">
<xs:enumeration value="RAW"/> <xs:enumeration value="RAW"/>
@ -25,7 +33,7 @@
<xs:complexType name="signatureType"> <xs:complexType name="signatureType">
<xs:sequence> <xs:sequence>
<xs:element name="Bytes" type="stringType"/> <xs:element name="Bytes" type="stringType"/>
<xs:element name="Offset" type="xs:nonNegativeInteger"/> <xs:element name="Offset" type="offsetType"/>
</xs:sequence> </xs:sequence>
<xs:attribute name="type" type="sigInterpretationType" use="required"/> <xs:attribute name="type" type="sigInterpretationType" use="required"/>
</xs:complexType> </xs:complexType>

21
Core/src/org/sleuthkit/autopsy/modules/filetypeid/UserDefinedFileTypesManager.java
View File

@ -38,6 +38,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.coreutils.XMLUtil; import org.sleuthkit.autopsy.coreutils.XMLUtil;
import org.sleuthkit.autopsy.modules.filetypeid.FileType.Signature; import org.sleuthkit.autopsy.modules.filetypeid.FileType.Signature;
import org.w3c.dom.Node;
import org.xml.sax.SAXException; import org.xml.sax.SAXException;
/** /**
@ -67,6 +68,7 @@ final class UserDefinedFileTypesManager {
private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS private static final String SIGNATURE_TYPE_ATTRIBUTE = "type"; //NON-NLS
private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS private static final String BYTES_TAG_NAME = "Bytes"; //NON-NLS
private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS private static final String OFFSET_TAG_NAME = "Offset"; //NON-NLS
private static final String RELATIVE_ATTRIBUTE = "RelativeToStart";
private static final String INTERESTING_FILES_SET_TAG_NAME = "InterestingFileSset"; //NON-NLS private static final String INTERESTING_FILES_SET_TAG_NAME = "InterestingFileSset"; //NON-NLS
private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS private static final String ALERT_ATTRIBUTE = "alert"; //NON-NLS
private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS private static final String ENCODING_FOR_XML_FILE = "UTF-8"; //NON-NLS
@ -376,6 +378,7 @@ final class UserDefinedFileTypesManager {
Element offsetElem = doc.createElement(OFFSET_TAG_NAME); Element offsetElem = doc.createElement(OFFSET_TAG_NAME);
offsetElem.setTextContent(DatatypeConverter.printLong(signature.getOffset())); offsetElem.setTextContent(DatatypeConverter.printLong(signature.getOffset()));
offsetElem.setAttribute(RELATIVE_ATTRIBUTE, String.valueOf(signature.isRelativeToStart()));
signatureElem.appendChild(offsetElem); signatureElem.appendChild(offsetElem);
signatureElem.setAttribute(SIGNATURE_TYPE_ATTRIBUTE, signature.getType().toString()); signatureElem.setAttribute(SIGNATURE_TYPE_ATTRIBUTE, signature.getType().toString());
@ -485,10 +488,17 @@ final class UserDefinedFileTypesManager {
String sigBytesString = getChildElementTextContent(signatureElem, BYTES_TAG_NAME); String sigBytesString = getChildElementTextContent(signatureElem, BYTES_TAG_NAME);
byte[] signatureBytes = DatatypeConverter.parseHexBinary(sigBytesString); byte[] signatureBytes = DatatypeConverter.parseHexBinary(sigBytesString);
String offsetString = getChildElementTextContent(signatureElem, OFFSET_TAG_NAME); Element offsetElem = (Element) signatureElem.getElementsByTagName(OFFSET_TAG_NAME).item(0);
String offsetString = offsetElem.getTextContent();
long offset = DatatypeConverter.parseLong(offsetString); long offset = DatatypeConverter.parseLong(offsetString);
return new Signature(signatureBytes, offset, signatureType); String relativeString = offsetElem.getAttribute(RELATIVE_ATTRIBUTE);
if(relativeString == null || relativeString.equals(""))
return new Signature(signatureBytes, offset, signatureType);
boolean isRelative = DatatypeConverter.parseBoolean(relativeString);
return new Signature(signatureBytes, offset, signatureType, isRelative);
} }
/** /**
@ -526,11 +536,14 @@ final class UserDefinedFileTypesManager {
* @param elem The parent element. * @param elem The parent element.
* @param tagName The tag name of the child element. * @param tagName The tag name of the child element.
* *
* @return The text content. * @return The text content or null if the tag doesn't exist.
*/ */
private static String getChildElementTextContent(Element elem, String tagName) { private static String getChildElementTextContent(Element elem, String tagName) {
NodeList childElems = elem.getElementsByTagName(tagName); NodeList childElems = elem.getElementsByTagName(tagName);
Element childElem = (Element) childElems.item(0); Node childNode = childElems.item(0);
if(childNode == null)
return null;
Element childElem = (Element) childNode;
return childElem.getTextContent(); return childElem.getTextContent();
} }