From c4339f6e2ad0f6b86b10a18dc3565bedfde1baa3 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Wed, 15 Nov 2017 14:07:29 -0500 Subject: [PATCH 01/19] Hold off on writing md5, known status, and MIME type until the end of ingest --- .../autopsy/ingest/FileIngestPipeline.java | 11 +++++ .../modules/filetypeid/FileTypeDetector.java | 7 ++-- .../filetypeid/FileTypeIdIngestModule.java | 3 +- .../hashdatabase/HashDbIngestModule.java | 42 ++++++++++--------- 4 files changed, 39 insertions(+), 24 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java index 436418712a..2b5271fc9a 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java @@ -21,10 +21,14 @@ package org.sleuthkit.autopsy.ingest; import java.util.ArrayList; import java.util.Date; import java.util.List; +import java.util.logging.Level; import org.openide.util.NbBundle; +import org.sleuthkit.autopsy.casemodule.Case; +import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.TskCoreException; /** * This class manages a sequence of file level ingest modules for a data source @@ -136,6 +140,13 @@ final class FileIngestPipeline { break; } } + + try{ + Case.getCurrentCase().getSleuthkitCase().setKnownAndFileTypeAndMD5(file); + } catch (TskCoreException ex){ + Logger.getLogger(FileIngestPipeline.class.getName()).log(Level.SEVERE, "Failed to save data", ex); //NON-NLS + } + file.close(); if (!this.job.isCancelled()) { IngestManager.getInstance().fireFileIngestDone(file); diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index eb1ab33591..c771426109 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -187,7 +187,8 @@ public class FileTypeDetector { * writing the result to the case database. */ public String getFileType(AbstractFile file) throws TskCoreException { - return detect(file, true); + return file.getMIMEType(); + //return detect(file, true); } /** @@ -222,7 +223,7 @@ public class FileTypeDetector { * @throws TskCoreException If there is a problem writing the result to the * case database. */ - private String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { + public String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { /* * Check to see if the file has already been typed. This is the "check" * part of a check-then-act race condition (see note below). @@ -322,7 +323,7 @@ public class FileTypeDetector { /* * Add the MIME type to the files table in the case database. */ - Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); + //Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); } return mimeType; diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index ef4e0add71..4499139d1a 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -91,7 +91,8 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - fileTypeDetector.getFileType(file); + String type = fileTypeDetector.detect(file, false); + file.setMIMEType(type); addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 3dd7416872..b83c91ace5 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -204,20 +204,21 @@ public class HashDbIngestModule implements FileIngestModule { foundBad = true; totals.totalKnownBadCount.incrementAndGet(); - try { - skCase.setKnown(file, TskData.FileKnown.BAD); - } catch (TskException ex) { - logger.log(Level.WARNING, "Couldn't set notable state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS - services.postMessage(IngestMessage.createErrorMessage( - HashLookupModuleFactory.getModuleName(), - NbBundle.getMessage(this.getClass(), - "HashDbIngestModule.hashLookupErrorMsg", - name), - NbBundle.getMessage(this.getClass(), - "HashDbIngestModule.settingKnownBadStateErr", - name))); - ret = ProcessResult.ERROR; - } + //try { + file.setKnown(TskData.FileKnown.BAD); + // skCase.setKnown(file, TskData.FileKnown.BAD); + //} catch (TskException ex) { + // logger.log(Level.WARNING, "Couldn't set notable state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS + // services.postMessage(IngestMessage.createErrorMessage( + // HashLookupModuleFactory.getModuleName(), + // NbBundle.getMessage(this.getClass(), + // "HashDbIngestModule.hashLookupErrorMsg", + // name), + // NbBundle.getMessage(this.getClass(), + // "HashDbIngestModule.settingKnownBadStateErr", + // name))); + // ret = ProcessResult.ERROR; + //} String hashSetName = db.getHashSetName(); String comment = ""; @@ -261,13 +262,14 @@ public class HashDbIngestModule implements FileIngestModule { try { long lookupstart = System.currentTimeMillis(); if (db.lookupMD5Quick(file)) { - try { - skCase.setKnown(file, TskData.FileKnown.KNOWN); + //try { + file.setKnown(TskData.FileKnown.KNOWN); + //skCase.setKnown(file, TskData.FileKnown.KNOWN); break; - } catch (TskException ex) { - logger.log(Level.WARNING, "Couldn't set known state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS - ret = ProcessResult.ERROR; - } + //} catch (TskException ex) { + // logger.log(Level.WARNING, "Couldn't set known state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS + // ret = ProcessResult.ERROR; + //} } long delta = (System.currentTimeMillis() - lookupstart); totals.totalLookuptime.addAndGet(delta); From d372765ebe4ef2dec9efcc8a02393877a58300ab Mon Sep 17 00:00:00 2001 From: seannicholls Date: Sun, 10 Dec 2017 18:55:20 +0000 Subject: [PATCH 02/19] changed defunct netbeans url (deadlock.netbeans.*) to the current url (bits.netbeans.*) --- ImageGallery/nbproject/platform.properties | 2 +- ScalpelCarver/nbproject/platform.properties | 2 +- nbproject/platform.properties | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/ImageGallery/nbproject/platform.properties b/ImageGallery/nbproject/platform.properties index 9c9b60a86c..5fd3bf5cc8 100755 --- a/ImageGallery/nbproject/platform.properties +++ b/ImageGallery/nbproject/platform.properties @@ -5,7 +5,7 @@ netbeans-plat-version=8.1 suite.dir=${basedir} nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version} harness.dir=${nbplatform.active.dir}/harness -bootstrap.url=http://deadlock.netbeans.org/hudson/job/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar +bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz cluster.path=\ diff --git a/ScalpelCarver/nbproject/platform.properties b/ScalpelCarver/nbproject/platform.properties index 3be8ce5182..ed929c84c8 100755 --- a/ScalpelCarver/nbproject/platform.properties +++ b/ScalpelCarver/nbproject/platform.properties @@ -6,7 +6,7 @@ netbeans-plat-version=8.1 suite.dir=${basedir} nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version} harness.dir=${nbplatform.active.dir}/harness -bootstrap.url=http://deadlock.netbeans.org/hudson/job/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar +bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz cluster.path=\ diff --git a/nbproject/platform.properties b/nbproject/platform.properties index b18383b726..0d5bc39789 100755 --- a/nbproject/platform.properties +++ b/nbproject/platform.properties @@ -5,7 +5,7 @@ netbeans-plat-version=8.2 suite.dir=${basedir} nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version} harness.dir=${nbplatform.active.dir}/harness -bootstrap.url=http://deadlock.netbeans.org/hudson/job/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar +bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz cluster.path=\ From 17c3a923ae6034b6940455edd555fbbf03f4fba5 Mon Sep 17 00:00:00 2001 From: Ben Field Date: Wed, 13 Dec 2017 18:35:34 +0000 Subject: [PATCH 03/19] Update platform.properties --- nbproject/platform.properties | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/nbproject/platform.properties b/nbproject/platform.properties index 0d5bc39789..86a5375b54 100755 --- a/nbproject/platform.properties +++ b/nbproject/platform.properties @@ -5,7 +5,7 @@ netbeans-plat-version=8.2 suite.dir=${basedir} nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version} harness.dir=${nbplatform.active.dir}/harness -bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar +bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastSuccessfulBuild/artifact/nbbuild/netbeans/harness/tasks.jar # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz cluster.path=\ @@ -132,4 +132,4 @@ org.apache.tools.ant.module,\ org.netbeans.modules.whitelist,\ org.netbeans.modules.xml.jaxb,\ org.netbeans.modules.xml.tools.java,\ - org.netbeans.spi.java.hints \ No newline at end of file + org.netbeans.spi.java.hints From 69e42f9238e0a508bebd7a482480ce5e9d10a2ed Mon Sep 17 00:00:00 2001 From: Ben Field Date: Wed, 13 Dec 2017 18:36:26 +0000 Subject: [PATCH 04/19] Update platform.properties --- ImageGallery/nbproject/platform.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ImageGallery/nbproject/platform.properties b/ImageGallery/nbproject/platform.properties index 5fd3bf5cc8..351256334b 100755 --- a/ImageGallery/nbproject/platform.properties +++ b/ImageGallery/nbproject/platform.properties @@ -5,7 +5,7 @@ netbeans-plat-version=8.1 suite.dir=${basedir} nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version} harness.dir=${nbplatform.active.dir}/harness -bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar +bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastSuccessfulBuild/artifact/nbbuild/netbeans/harness/tasks.jar # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz cluster.path=\ From 78c6d1144f8041d61e74c9f23994e5aaedf4d8d5 Mon Sep 17 00:00:00 2001 From: Ben Field Date: Wed, 13 Dec 2017 18:37:13 +0000 Subject: [PATCH 05/19] Update platform.properties --- ScalpelCarver/nbproject/platform.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ScalpelCarver/nbproject/platform.properties b/ScalpelCarver/nbproject/platform.properties index ed929c84c8..bff2a507cf 100755 --- a/ScalpelCarver/nbproject/platform.properties +++ b/ScalpelCarver/nbproject/platform.properties @@ -6,7 +6,7 @@ netbeans-plat-version=8.1 suite.dir=${basedir} nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version} harness.dir=${nbplatform.active.dir}/harness -bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar +bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastSuccessfulBuild/artifact/nbbuild/netbeans/harness/tasks.jar # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz cluster.path=\ From 013eb34f2411cc66681283f03c83f67607f119d1 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Thu, 28 Dec 2017 14:58:43 -0500 Subject: [PATCH 06/19] Adding save to database parameter --- .../corecomponents/MediaViewVideoPanel.java | 2 +- .../autopsy/coreutils/ImageUtils.java | 2 +- .../autopsy/ingest/FileIngestPipeline.java | 3 +- .../MSOfficeEmbeddedContentExtractor.java | 2 +- .../SevenZipExtractor.java | 2 +- .../EncryptionDetectionFileIngestModule.java | 2 +- .../exif/ExifParserFileIngestModule.java | 2 +- .../FileExtMismatchIngestModule.java | 2 +- .../modules/filetypeid/FileTypeDetector.java | 47 +++++++++++++++---- .../filetypeid/FileTypeIdIngestModule.java | 3 +- .../hashdatabase/HashDbIngestModule.java | 2 +- .../autopsy/imagegallery/FileTypeUtils.java | 4 +- .../KeywordSearchIngestModule.java | 2 +- 13 files changed, 53 insertions(+), 22 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java index b9ad634ff5..d6354543d3 100755 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java @@ -153,7 +153,7 @@ public abstract class MediaViewVideoPanel extends JPanel implements FrameCapture if (AUDIO_EXTENSIONS.contains("." + extension) || getExtensionsList().contains("." + extension)) { SortedSet mimeTypes = new TreeSet<>(getMimeTypes()); try { - String mimeType = new FileTypeDetector().detect(file); + String mimeType = new FileTypeDetector().detect(file, false); if (nonNull(mimeType)) { return mimeTypes.contains(mimeType); } diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java b/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java index eabc56e3bd..e355267df4 100755 --- a/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java +++ b/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java @@ -263,7 +263,7 @@ public class ImageUtils { return true; } else { try { - String mimeType = getFileTypeDetector().detect(file); + String mimeType = getFileTypeDetector().detect(file, false); if (StringUtils.isNotBlank(mimeTypePrefix) && mimeType.startsWith(mimeTypePrefix)) { return true; } diff --git a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java index 2b5271fc9a..ad6d7a9ba3 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java @@ -141,8 +141,9 @@ final class FileIngestPipeline { } } + // Save any properties that have not already been saved to the database try{ - Case.getCurrentCase().getSleuthkitCase().setKnownAndFileTypeAndMD5(file); + file.save(Case.getCurrentCase().getSleuthkitCase()); } catch (TskCoreException ex){ Logger.getLogger(FileIngestPipeline.class.getName()).log(Level.SEVERE, "Failed to save data", ex); //NON-NLS } diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java index 61376d31f1..d40ff4701e 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java @@ -136,7 +136,7 @@ class MSOfficeEmbeddedContentExtractor { */ boolean isContentExtractionSupported(AbstractFile abstractFile) { try { - String abstractFileMimeType = fileTypeDetector.getFileType(abstractFile); + String abstractFileMimeType = fileTypeDetector.getFileType(abstractFile, false); for (SupportedExtractionFormats s : SupportedExtractionFormats.values()) { if (s.toString().equals(abstractFileMimeType)) { abstractFileExtractionFormat = s; diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 900329d3cb..cdbcaa61b8 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -142,7 +142,7 @@ class SevenZipExtractor { */ boolean isSevenZipExtractionSupported(AbstractFile abstractFile) { try { - String abstractFileMimeType = fileTypeDetector.getFileType(abstractFile); + String abstractFileMimeType = fileTypeDetector.getFileType(abstractFile, false); for (SupportedArchiveExtractionFormats s : SupportedArchiveExtractionFormats.values()) { if (s.toString().equals(abstractFileMimeType)) { return true; diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index da4e91882a..3a2792a0c2 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -189,7 +189,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter * Qualify the MIME type. */ try { - String mimeType = fileTypeDetector.getFileType(file); + String mimeType = fileTypeDetector.getFileType(file, false); if (mimeType != null && mimeType.equals("application/octet-stream")) { possiblyEncrypted = true; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java index a1d0809ae0..7540abfbd4 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java @@ -251,7 +251,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule { */ private boolean parsableFormat(AbstractFile f) { try { - String mimeType = fileTypeDetector.getFileType(f); + String mimeType = fileTypeDetector.getFileType(f, false); if (mimeType != null) { return supportedMimeTypes.contains(mimeType); } else { diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index 5d557de8bf..89cc7a8617 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -170,7 +170,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule { if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) { return false; } - String currActualSigType = detector.getFileType(abstractFile); + String currActualSigType = detector.getFileType(abstractFile, false); if (currActualSigType == null) { return false; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index afaffd3370..80ed7bbee4 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -173,16 +173,21 @@ public class FileTypeDetector { private boolean isDetectableByTika(String mimeType) { return FileTypeDetector.getTikaDetectedTypes().contains(removeOptionalParameter(mimeType)); } - + /** * Gets the MIME type of a file, detecting it if it is not already known. If - * detection is necessary, the result is added to the case database. + * detection is necessary, the result is saved to the AbstractFile object + * and optionally added to the case database. * + * In general, saveToDatabase should be set to false - the ingest process + * handles the database save. + * * IMPORTANT: This method should only be called by ingest modules. All other * clients should call AbstractFile.getMIMEType, and may call * FileTypeDetector.detect, if AbstractFile.getMIMEType returns null. * * @param file The file. + * @param saveToDatabase True if the result should be saved to the database * * @return A MIME type name. If file type could not be detected or results * were uncertain, octet-stream is returned. @@ -190,9 +195,8 @@ public class FileTypeDetector { * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. */ - public String getFileType(AbstractFile file) throws TskCoreException { - return file.getMIMEType(); - //return detect(file, true); + public String getFileType(AbstractFile file, boolean saveToDatabase) throws TskCoreException { + return detect(file, saveToDatabase); } /** @@ -207,13 +211,16 @@ public class FileTypeDetector { * @throws TskCoreException If there is a problem writing the result to the * case database. */ - public String detect(AbstractFile file) throws TskCoreException { + private String detect(AbstractFile file) throws TskCoreException { return detect(file, false); } /** * Detects the MIME type of a file. The result is saved to the case database * only if the add to case database flag is set. + * + * Ingest modules should not set addToCaseDb to true - the ingest process + * handles the database save. * * @param file The file to test. * @param addToCaseDb Whether the MIME type should be added to the case @@ -321,9 +328,10 @@ public class FileTypeDetector { /* * Add the MIME type to the files table in the case database. */ - //Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); + Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); } + file.setMIMEType(mimeType); return mimeType; } @@ -475,7 +483,30 @@ public class FileTypeDetector { */ @Deprecated public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException { - return getFileType(file); + return getFileType(file, true); + } + + /** + * Gets the MIME type of a file, detecting it if it is not already known. If + * detection is necessary, the result is added to the case database. + * + * IMPORTANT: This method should only be called by ingest modules. All other + * clients should call AbstractFile.getMIMEType, and may call + * FileTypeDetector.detect, if AbstractFile.getMIMEType returns null. + * + * @param file The file. + * + * @return A MIME type name. If file type could not be detected or results + * were uncertain, octet-stream is returned. + * + * @throws TskCoreException if detection is required and there is a problem + * writing the result to the case database. + * + * @deprecated + */ + @Deprecated + public String getFileType(AbstractFile file) throws TskCoreException { + return detect(file, true); } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 4499139d1a..69572e755c 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -91,8 +91,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - String type = fileTypeDetector.detect(file, false); - file.setMIMEType(type); + fileTypeDetector.detect(file, false); addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index c2895dec86..0d24ce0e81 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -176,7 +176,7 @@ public class HashDbIngestModule implements FileIngestModule { if (md5Hash == null || md5Hash.isEmpty()) { try { long calcstart = System.currentTimeMillis(); - md5Hash = HashUtility.calculateMd5(file); + md5Hash = HashUtility.calculateMd5(file, false); long delta = (System.currentTimeMillis() - calcstart); totals.totalCalctime.addAndGet(delta); diff --git a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java index 83966ecfe4..aedb06e2f0 100755 --- a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java +++ b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java @@ -220,7 +220,7 @@ public enum FileTypeUtils { * mimetype could not be detected. */ static boolean hasDrawableMIMEType(AbstractFile file) throws TskCoreException, FileTypeDetector.FileTypeDetectorInitException { - String mimeType = getFileTypeDetector().detect(file).toLowerCase(); + String mimeType = getFileTypeDetector().detect(file, true).toLowerCase(); return isDrawableMimeType(mimeType) || (mimeType.equals("audio/x-aiff") && "tiff".equalsIgnoreCase(file.getNameExtension())); } @@ -235,7 +235,7 @@ public enum FileTypeUtils { */ public static boolean hasVideoMIMEType(AbstractFile file) { try { - String mimeType = getFileTypeDetector().detect(file).toLowerCase(); + String mimeType = getFileTypeDetector().detect(file, true).toLowerCase(); return mimeType.startsWith("video/") || videoMimeTypes.contains(mimeType); } catch (FileTypeDetector.FileTypeDetectorInitException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error determining MIME type of " + getContentPathSafe(file), ex); diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index dbbca6394b..71e5967521 100755 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -514,7 +514,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule { if (context.fileIngestIsCancelled()) { return; } - fileType = fileTypeDetector.getFileType(aFile); + fileType = fileTypeDetector.getFileType(aFile, false); } catch (TskCoreException ex) { logger.log(Level.SEVERE, String.format("Could not detect format using fileTypeDetector for file: %s", aFile), ex); //NON-NLS return; From 083e51ca29444fcf1e5ef06a81df88a3cca9dabf Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Thu, 28 Dec 2017 15:23:21 -0500 Subject: [PATCH 07/19] Changing detect back to private --- .../sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java | 2 +- Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java | 2 +- .../autopsy/modules/filetypeid/FileTypeDetector.java | 4 ++-- .../autopsy/modules/filetypeid/FileTypeIdIngestModule.java | 2 +- .../src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java | 4 ++-- .../core/core.jar/org/netbeans/core/startup/Bundle.properties | 2 +- .../org/netbeans/core/windows/view/ui/Bundle.properties | 2 +- 7 files changed, 9 insertions(+), 9 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java index d6354543d3..b9ad634ff5 100755 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java @@ -153,7 +153,7 @@ public abstract class MediaViewVideoPanel extends JPanel implements FrameCapture if (AUDIO_EXTENSIONS.contains("." + extension) || getExtensionsList().contains("." + extension)) { SortedSet mimeTypes = new TreeSet<>(getMimeTypes()); try { - String mimeType = new FileTypeDetector().detect(file, false); + String mimeType = new FileTypeDetector().detect(file); if (nonNull(mimeType)) { return mimeTypes.contains(mimeType); } diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java b/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java index e355267df4..eabc56e3bd 100755 --- a/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java +++ b/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java @@ -263,7 +263,7 @@ public class ImageUtils { return true; } else { try { - String mimeType = getFileTypeDetector().detect(file, false); + String mimeType = getFileTypeDetector().detect(file); if (StringUtils.isNotBlank(mimeTypePrefix) && mimeType.startsWith(mimeTypePrefix)) { return true; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index 80ed7bbee4..a40d45b3e3 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -211,7 +211,7 @@ public class FileTypeDetector { * @throws TskCoreException If there is a problem writing the result to the * case database. */ - private String detect(AbstractFile file) throws TskCoreException { + public String detect(AbstractFile file) throws TskCoreException { return detect(file, false); } @@ -234,7 +234,7 @@ public class FileTypeDetector { * @throws TskCoreException If there is a problem writing the result to the * case database. */ - public String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { + private String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { /* * Check to see if the file has already been typed. This is the "check" * part of a check-then-act race condition (see note below). diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 69572e755c..ed6698bd32 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -91,7 +91,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - fileTypeDetector.detect(file, false); + fileTypeDetector.detect(file); addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { diff --git a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java index aedb06e2f0..83966ecfe4 100755 --- a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java +++ b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java @@ -220,7 +220,7 @@ public enum FileTypeUtils { * mimetype could not be detected. */ static boolean hasDrawableMIMEType(AbstractFile file) throws TskCoreException, FileTypeDetector.FileTypeDetectorInitException { - String mimeType = getFileTypeDetector().detect(file, true).toLowerCase(); + String mimeType = getFileTypeDetector().detect(file).toLowerCase(); return isDrawableMimeType(mimeType) || (mimeType.equals("audio/x-aiff") && "tiff".equalsIgnoreCase(file.getNameExtension())); } @@ -235,7 +235,7 @@ public enum FileTypeUtils { */ public static boolean hasVideoMIMEType(AbstractFile file) { try { - String mimeType = getFileTypeDetector().detect(file, true).toLowerCase(); + String mimeType = getFileTypeDetector().detect(file).toLowerCase(); return mimeType.startsWith("video/") || videoMimeTypes.contains(mimeType); } catch (FileTypeDetector.FileTypeDetectorInitException | TskCoreException ex) { LOGGER.log(Level.SEVERE, "Error determining MIME type of " + getContentPathSafe(file), ex); diff --git a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties index 0de39782ca..7d140146fa 100644 --- a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties +++ b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties @@ -1,5 +1,5 @@ #Updated by build script -#Wed, 08 Nov 2017 17:45:11 -0500 +#Mon, 18 Dec 2017 14:43:20 -0500 LBL_splash_window_title=Starting Autopsy SPLASH_HEIGHT=314 SPLASH_WIDTH=538 diff --git a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties index fa55dddb62..2196ae7af5 100644 --- a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties +++ b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties @@ -1,4 +1,4 @@ #Updated by build script -#Wed, 08 Nov 2017 17:45:11 -0500 +#Mon, 18 Dec 2017 14:43:20 -0500 CTL_MainWindow_Title=Autopsy 4.5.0 CTL_MainWindow_Title_No_Project=Autopsy 4.5.0 From 1722d20426db7333c4cc485282390e39d165869b Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Thu, 28 Dec 2017 15:27:10 -0500 Subject: [PATCH 08/19] Cleanup --- .../hashdatabase/HashDbIngestModule.java | 27 +++---------------- 1 file changed, 4 insertions(+), 23 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 0d24ce0e81..eda1830c68 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -205,21 +205,8 @@ public class HashDbIngestModule implements FileIngestModule { foundBad = true; totals.totalKnownBadCount.incrementAndGet(); - //try { - file.setKnown(TskData.FileKnown.BAD); - // skCase.setKnown(file, TskData.FileKnown.BAD); - //} catch (TskException ex) { - // logger.log(Level.WARNING, "Couldn't set notable state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS - // services.postMessage(IngestMessage.createErrorMessage( - // HashLookupModuleFactory.getModuleName(), - // NbBundle.getMessage(this.getClass(), - // "HashDbIngestModule.hashLookupErrorMsg", - // name), - // NbBundle.getMessage(this.getClass(), - // "HashDbIngestModule.settingKnownBadStateErr", - // name))); - // ret = ProcessResult.ERROR; - //} + file.setKnown(TskData.FileKnown.BAD); + String hashSetName = db.getDisplayName(); String comment = ""; @@ -263,14 +250,8 @@ public class HashDbIngestModule implements FileIngestModule { try { long lookupstart = System.currentTimeMillis(); if (db.lookupMD5Quick(file)) { - //try { - file.setKnown(TskData.FileKnown.KNOWN); - //skCase.setKnown(file, TskData.FileKnown.KNOWN); - break; - //} catch (TskException ex) { - // logger.log(Level.WARNING, "Couldn't set known state for file " + name + " - see sleuthkit log for details", ex); //NON-NLS - // ret = ProcessResult.ERROR; - //} + file.setKnown(TskData.FileKnown.KNOWN); + break; } long delta = (System.currentTimeMillis() - lookupstart); totals.totalLookuptime.addAndGet(delta); From bfffa539f7224e4873a3bd4988aacf1ddf5c44f6 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Fri, 29 Dec 2017 11:55:29 -0500 Subject: [PATCH 09/19] Addressing review comments --- .../autopsy/ingest/FileIngestPipeline.java | 15 +++++++-------- .../MSOfficeEmbeddedContentExtractor.java | 2 +- .../embeddedfileextractor/SevenZipExtractor.java | 2 +- .../EncryptionDetectionFileIngestModule.java | 2 +- .../modules/exif/ExifParserFileIngestModule.java | 2 +- .../FileExtMismatchIngestModule.java | 2 +- .../modules/filetypeid/FileTypeDetector.java | 10 +++------- .../modules/hashdatabase/HashDbIngestModule.java | 1 + .../keywordsearch/KeywordSearchIngestModule.java | 2 +- 9 files changed, 17 insertions(+), 21 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java index ad6d7a9ba3..7c0b1e58ed 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java @@ -141,17 +141,16 @@ final class FileIngestPipeline { } } - // Save any properties that have not already been saved to the database - try{ - file.save(Case.getCurrentCase().getSleuthkitCase()); - } catch (TskCoreException ex){ - Logger.getLogger(FileIngestPipeline.class.getName()).log(Level.SEVERE, "Failed to save data", ex); //NON-NLS - } - - file.close(); if (!this.job.isCancelled()) { + // Save any properties that have not already been saved to the database + try{ + file.save(Case.getCurrentCase().getSleuthkitCase()); + } catch (TskCoreException ex){ + Logger.getLogger(FileIngestPipeline.class.getName()).log(Level.SEVERE, "Failed to save data for file " + file.getId(), ex); //NON-NLS + } IngestManager.getInstance().fireFileIngestDone(file); } + file.close(); } FileIngestPipeline.ingestManager.setIngestTaskProgressCompleted(task); return errors; diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java index d40ff4701e..1844173ca0 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java @@ -136,7 +136,7 @@ class MSOfficeEmbeddedContentExtractor { */ boolean isContentExtractionSupported(AbstractFile abstractFile) { try { - String abstractFileMimeType = fileTypeDetector.getFileType(abstractFile, false); + String abstractFileMimeType = fileTypeDetector.detectFileType(abstractFile); for (SupportedExtractionFormats s : SupportedExtractionFormats.values()) { if (s.toString().equals(abstractFileMimeType)) { abstractFileExtractionFormat = s; diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index cdbcaa61b8..829b56312b 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -142,7 +142,7 @@ class SevenZipExtractor { */ boolean isSevenZipExtractionSupported(AbstractFile abstractFile) { try { - String abstractFileMimeType = fileTypeDetector.getFileType(abstractFile, false); + String abstractFileMimeType = fileTypeDetector.detectFileType(abstractFile); for (SupportedArchiveExtractionFormats s : SupportedArchiveExtractionFormats.values()) { if (s.toString().equals(abstractFileMimeType)) { return true; diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index 3a2792a0c2..928e7ccb36 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -189,7 +189,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter * Qualify the MIME type. */ try { - String mimeType = fileTypeDetector.getFileType(file, false); + String mimeType = fileTypeDetector.detectFileType(file); if (mimeType != null && mimeType.equals("application/octet-stream")) { possiblyEncrypted = true; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java index 7540abfbd4..86deac1903 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java @@ -251,7 +251,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule { */ private boolean parsableFormat(AbstractFile f) { try { - String mimeType = fileTypeDetector.getFileType(f, false); + String mimeType = fileTypeDetector.detectFileType(f); if (mimeType != null) { return supportedMimeTypes.contains(mimeType); } else { diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index 89cc7a8617..db4224a0a8 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -170,7 +170,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule { if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) { return false; } - String currActualSigType = detector.getFileType(abstractFile, false); + String currActualSigType = detector.detectFileType(abstractFile); if (currActualSigType == null) { return false; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index a40d45b3e3..b3d2b38759 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -178,16 +178,12 @@ public class FileTypeDetector { * Gets the MIME type of a file, detecting it if it is not already known. If * detection is necessary, the result is saved to the AbstractFile object * and optionally added to the case database. - * - * In general, saveToDatabase should be set to false - the ingest process - * handles the database save. * * IMPORTANT: This method should only be called by ingest modules. All other * clients should call AbstractFile.getMIMEType, and may call * FileTypeDetector.detect, if AbstractFile.getMIMEType returns null. * * @param file The file. - * @param saveToDatabase True if the result should be saved to the database * * @return A MIME type name. If file type could not be detected or results * were uncertain, octet-stream is returned. @@ -195,8 +191,8 @@ public class FileTypeDetector { * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. */ - public String getFileType(AbstractFile file, boolean saveToDatabase) throws TskCoreException { - return detect(file, saveToDatabase); + public String detectFileType(AbstractFile file) throws TskCoreException { + return detect(file, false); } /** @@ -483,7 +479,7 @@ public class FileTypeDetector { */ @Deprecated public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException { - return getFileType(file, true); + return detect(file, true); } /** diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index eda1830c68..4cd87c3648 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -177,6 +177,7 @@ public class HashDbIngestModule implements FileIngestModule { try { long calcstart = System.currentTimeMillis(); md5Hash = HashUtility.calculateMd5(file, false); + file.setMd5Hash(md5Hash); long delta = (System.currentTimeMillis() - calcstart); totals.totalCalctime.addAndGet(delta); diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 71e5967521..02968ddd56 100755 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -514,7 +514,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule { if (context.fileIngestIsCancelled()) { return; } - fileType = fileTypeDetector.getFileType(aFile, false); + fileType = fileTypeDetector.detectFileType(aFile); } catch (TskCoreException ex) { logger.log(Level.SEVERE, String.format("Could not detect format using fileTypeDetector for file: %s", aFile), ex); //NON-NLS return; From dce17a87be4dff1ce4c5bbe17fdd1f8b41b27d74 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Fri, 29 Dec 2017 12:43:09 -0500 Subject: [PATCH 10/19] Changing calculateMd5Hash --- .../autopsy/modules/hashdatabase/HashDbIngestModule.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java index 4cd87c3648..696a105416 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java @@ -176,7 +176,7 @@ public class HashDbIngestModule implements FileIngestModule { if (md5Hash == null || md5Hash.isEmpty()) { try { long calcstart = System.currentTimeMillis(); - md5Hash = HashUtility.calculateMd5(file, false); + md5Hash = HashUtility.calculateMd5Hash(file); file.setMd5Hash(md5Hash); long delta = (System.currentTimeMillis() - calcstart); totals.totalCalctime.addAndGet(delta); From a8b0c4f1bc520d38aa6108be192d8375324b73c7 Mon Sep 17 00:00:00 2001 From: Ann Priestman Date: Fri, 29 Dec 2017 12:45:31 -0500 Subject: [PATCH 11/19] Cleanup --- .../sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index b3d2b38759..dcfc75a2b3 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -177,7 +177,6 @@ public class FileTypeDetector { /** * Gets the MIME type of a file, detecting it if it is not already known. If * detection is necessary, the result is saved to the AbstractFile object - * and optionally added to the case database. * * IMPORTANT: This method should only be called by ingest modules. All other * clients should call AbstractFile.getMIMEType, and may call From 00750c10791669625ace5ead3173c3258ebe4749 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Thu, 4 Jan 2018 18:35:31 -0500 Subject: [PATCH 12/19] Remove duplicate method from FileTypeDetector --- .../MSOfficeEmbeddedContentExtractor.java | 2 +- .../SevenZipExtractor.java | 2 +- .../EncryptionDetectionFileIngestModule.java | 2 +- .../exif/ExifParserFileIngestModule.java | 2 +- .../FileExtMismatchIngestModule.java | 2 +- .../modules/filetypeid/FileTypeDetector.java | 39 ++++--------------- 6 files changed, 12 insertions(+), 37 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java index 1844173ca0..68cf1c3698 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java @@ -136,7 +136,7 @@ class MSOfficeEmbeddedContentExtractor { */ boolean isContentExtractionSupported(AbstractFile abstractFile) { try { - String abstractFileMimeType = fileTypeDetector.detectFileType(abstractFile); + String abstractFileMimeType = fileTypeDetector.detect(abstractFile); for (SupportedExtractionFormats s : SupportedExtractionFormats.values()) { if (s.toString().equals(abstractFileMimeType)) { abstractFileExtractionFormat = s; diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 829b56312b..95927091b7 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -142,7 +142,7 @@ class SevenZipExtractor { */ boolean isSevenZipExtractionSupported(AbstractFile abstractFile) { try { - String abstractFileMimeType = fileTypeDetector.detectFileType(abstractFile); + String abstractFileMimeType = fileTypeDetector.detect(abstractFile); for (SupportedArchiveExtractionFormats s : SupportedArchiveExtractionFormats.values()) { if (s.toString().equals(abstractFileMimeType)) { return true; diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index 928e7ccb36..99d6c54042 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -189,7 +189,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter * Qualify the MIME type. */ try { - String mimeType = fileTypeDetector.detectFileType(file); + String mimeType = fileTypeDetector.detect(file); if (mimeType != null && mimeType.equals("application/octet-stream")) { possiblyEncrypted = true; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java index 86deac1903..ffa4d074c8 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java @@ -251,7 +251,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule { */ private boolean parsableFormat(AbstractFile f) { try { - String mimeType = fileTypeDetector.detectFileType(f); + String mimeType = fileTypeDetector.detect(f); if (mimeType != null) { return supportedMimeTypes.contains(mimeType); } else { diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index db4224a0a8..67833077aa 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -170,7 +170,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule { if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) { return false; } - String currActualSigType = detector.detectFileType(abstractFile); + String currActualSigType = detector.detect(abstractFile); if (currActualSigType == null) { return false; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index dcfc75a2b3..b24cc3e88a 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -173,37 +173,16 @@ public class FileTypeDetector { private boolean isDetectableByTika(String mimeType) { return FileTypeDetector.getTikaDetectedTypes().contains(removeOptionalParameter(mimeType)); } - - /** - * Gets the MIME type of a file, detecting it if it is not already known. If - * detection is necessary, the result is saved to the AbstractFile object - * - * IMPORTANT: This method should only be called by ingest modules. All other - * clients should call AbstractFile.getMIMEType, and may call - * FileTypeDetector.detect, if AbstractFile.getMIMEType returns null. - * - * @param file The file. - * - * @return A MIME type name. If file type could not be detected or results - * were uncertain, octet-stream is returned. - * - * @throws TskCoreException if detection is required and there is a problem - * writing the result to the case database. - */ - public String detectFileType(AbstractFile file) throws TskCoreException { - return detect(file, false); - } /** - * Detects the MIME type of a file. The result is not added to the case - * database. + * Detects the MIME type of a file. * * @param file The file to test. * * @return A MIME type name. If file type could not be detected or results * were uncertain, octet-stream is returned. * - * @throws TskCoreException If there is a problem writing the result to the + * @throws TskCoreException if there is a problem writing the result to the * case database. */ public String detect(AbstractFile file) throws TskCoreException { @@ -213,7 +192,7 @@ public class FileTypeDetector { /** * Detects the MIME type of a file. The result is saved to the case database * only if the add to case database flag is set. - * + * * Ingest modules should not set addToCaseDb to true - the ingest process * handles the database save. * @@ -277,10 +256,10 @@ public class FileTypeDetector { */ if (null == mimeType) { ReadContentInputStream stream = new ReadContentInputStream(file); - + try (TikaInputStream tikaInputStream = TikaInputStream.get(stream)) { String tikaType = tika.detect(tikaInputStream, file.getName()); - + /* * Remove the Tika suffix from the MIME type name. */ @@ -480,15 +459,11 @@ public class FileTypeDetector { public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException { return detect(file, true); } - + /** * Gets the MIME type of a file, detecting it if it is not already known. If * detection is necessary, the result is added to the case database. * - * IMPORTANT: This method should only be called by ingest modules. All other - * clients should call AbstractFile.getMIMEType, and may call - * FileTypeDetector.detect, if AbstractFile.getMIMEType returns null. - * * @param file The file. * * @return A MIME type name. If file type could not be detected or results @@ -496,7 +471,7 @@ public class FileTypeDetector { * * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. - * + * * @deprecated */ @Deprecated From 1c1f85b358826ecb0780e2dce3637b363adf15e9 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 5 Jan 2018 08:57:18 -0500 Subject: [PATCH 13/19] Remove unnecessary parameter from AbstractFile.save --- Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java index 7c0b1e58ed..a19138bd43 100755 --- a/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java +++ b/Core/src/org/sleuthkit/autopsy/ingest/FileIngestPipeline.java @@ -144,7 +144,7 @@ final class FileIngestPipeline { if (!this.job.isCancelled()) { // Save any properties that have not already been saved to the database try{ - file.save(Case.getCurrentCase().getSleuthkitCase()); + file.save(); } catch (TskCoreException ex){ Logger.getLogger(FileIngestPipeline.class.getName()).log(Level.SEVERE, "Failed to save data for file " + file.getId(), ex); //NON-NLS } From 6bed444d249fc7304600de7acb5b273399551444 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 5 Jan 2018 09:50:49 -0500 Subject: [PATCH 14/19] Update FileTypeDetector API --- .../modules/filetypeid/FileTypeDetector.java | 154 ++++++++---------- 1 file changed, 66 insertions(+), 88 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index b24cc3e88a..79a3602cc2 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -179,39 +179,12 @@ public class FileTypeDetector { * * @param file The file to test. * - * @return A MIME type name. If file type could not be detected or results + * @return A MIME type name. If file type could not be detected, or results * were uncertain, octet-stream is returned. - * - * @throws TskCoreException if there is a problem writing the result to the - * case database. */ - public String detect(AbstractFile file) throws TskCoreException { - return detect(file, false); - } - - /** - * Detects the MIME type of a file. The result is saved to the case database - * only if the add to case database flag is set. - * - * Ingest modules should not set addToCaseDb to true - the ingest process - * handles the database save. - * - * @param file The file to test. - * @param addToCaseDb Whether the MIME type should be added to the case - * database. This flag is part of a partial workaround - * for a check-then-act-race condition (see notes in - * comments for details). - * - * @return A MIME type name. If file type could not be detected or results - * were uncertain, octet-stream is returned. - * - * @throws TskCoreException If there is a problem writing the result to the - * case database. - */ - private String detect(AbstractFile file, boolean addToCaseDb) throws TskCoreException { + public String detectMIMEType(AbstractFile file) { /* - * Check to see if the file has already been typed. This is the "check" - * part of a check-then-act race condition (see note below). + * Check to see if the file has already been typed. */ String mimeType = file.getMIMEType(); if (null != mimeType) { @@ -281,31 +254,6 @@ public class FileTypeDetector { } } - /* - * If adding the result to the case database, do so now. - * - * NOTE: This condtional is a way to deal with the check-then-act race - * condition created by the gap between querying the MIME type and - * recording it. It is not really a problem for the mime_type column of - * the tsk_files table, but it can lead to duplicate blackboard posts, - * and the posts are required to maintain backward compatibility. - * Various mitigation strategies were considered. It was decided to go - * with the policy that only ingest modules are allowed to add file - * types to the case database, at least until such time as file types - * are no longer posted to the blackboard. Of course, this is not a - * perfect solution. It's not really enforceable for community - * contributed plug ins and it does not handle the unlikely but possible - * scenario of multiple processes typing the same file for a multi-user - * case. - */ - if (addToCaseDb) { - /* - * Add the MIME type to the files table in the case database. - */ - Case.getCurrentCase().getSleuthkitCase().setFileMIMEType(file, mimeType); - } - - file.setMIMEType(mimeType); return mimeType; } @@ -327,7 +275,9 @@ public class FileTypeDetector { /** * Determines whether or not the a file matches a user-defined custom file - * type. + * type. If the file matches and corresponds to an interesting files type + * rule, this method has the side effect of creating an interesting files + * hit artifact and indexing that artifact for keyword search. * * @param file The file to test. * @@ -335,34 +285,36 @@ public class FileTypeDetector { * * @throws TskCoreException */ - private String detectUserDefinedType(AbstractFile file) throws TskCoreException { + private String detectUserDefinedType(AbstractFile file) { for (FileType fileType : userDefinedFileTypes) { if (fileType.matches(file)) { if (fileType.createInterestingFileHit()) { - BlackboardArtifact artifact; - artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); - Collection attributes = new ArrayList<>(); - BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()); - attributes.add(setNameAttribute); - - /* - * Use the MIME type as the category attribute, i.e., the - * rule that determined this file belongs to the interesting - * files set. - */ - BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); - attributes.add(ruleNameAttribute); - - artifact.addAttributes(attributes); - /* - * Index the artifact for keyword search. - */ try { - Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact); - } catch (Blackboard.BlackboardException ex) { - logger.log(Level.SEVERE, String.format("Unable to index blackboard artifact %d", artifact.getArtifactID()), ex); //NON-NLS - MessageNotifyUtil.Notify.error( - NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), artifact.getDisplayName()); + BlackboardArtifact artifact; + artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); + Collection attributes = new ArrayList<>(); + BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()); + attributes.add(setNameAttribute); + + /* + * Use the MIME type as the category attribute, i.e., + * the rule that determined this file belongs to the + * interesting files set. + */ + BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); + attributes.add(ruleNameAttribute); + + artifact.addAttributes(attributes); + try { + /* + * Index the artifact for keyword search. + */ + Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact); + } catch (Blackboard.BlackboardException ex) { + logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS + } + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS } } @@ -379,10 +331,8 @@ public class FileTypeDetector { * @param file The file to test. * * @return The file type name string or null, if no match is detected. - * - * @throws TskCoreException */ - private String detectAutopsyDefinedType(AbstractFile file) throws TskCoreException { + private String detectAutopsyDefinedType(AbstractFile file) { for (FileType fileType : autopsyDefinedFileTypes) { if (fileType.matches(file)) { return fileType.getMimeType(); @@ -452,12 +402,16 @@ public class FileTypeDetector { * * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. - * @deprecated Use getFileType instead and use AbstractFile.getMIMEType - * instead of querying the blackboard. + * @deprecated Use detectMIMEType instead, and call AbstractFile.setMIMEType + * and AbstractFile.save to save the result to the file object and the + * database. */ @Deprecated public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException { - return detect(file, true); + String fileType = detectMIMEType(file); + file.setMIMEType(fileType); + file.save(); + return fileType; } /** @@ -472,11 +426,35 @@ public class FileTypeDetector { * @throws TskCoreException if detection is required and there is a problem * writing the result to the case database. * - * @deprecated + * @deprecated Use detectMIMEType instead, and call AbstractFile.setMIMEType + * and AbstractFile.save to save the result to the file object and the + * database. */ @Deprecated public String getFileType(AbstractFile file) throws TskCoreException { - return detect(file, true); + String fileType = detectMIMEType(file); + file.setMIMEType(fileType); + file.save(); + return fileType; + } + + /** + * Detects the MIME type of a file. The result is not added to the case + * database. + * + * @param file The file to test. + * + * @return A MIME type name. If file type could not be detected or results + * were uncertain, octet-stream is returned. + * + * @throws TskCoreException + * @deprecated Use detectMIMEType instead. + */ + @Deprecated + public String detect(AbstractFile file) throws TskCoreException { + String fileType = detectMIMEType(file); + file.setMIMEType(fileType); // Retain side effect of setting value in file object. + return fileType; } } From 5d06db99b75acd22f80d5e744a8a1c78e5a79896 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 5 Jan 2018 10:04:28 -0500 Subject: [PATCH 15/19] Update FileTupeDetector API --- .../corecomponents/MediaViewVideoPanel.java | 5 ++--- .../autopsy/coreutils/ImageUtils.java | 4 ++-- .../MSOfficeEmbeddedContentExtractor.java | 22 +++++++------------ .../SevenZipExtractor.java | 13 ++++------- .../EncryptionDetectionFileIngestModule.java | 10 +++------ .../exif/ExifParserFileIngestModule.java | 17 ++++---------- .../FileExtMismatchIngestModule.java | 8 ++----- .../filetypeid/FileTypeIdIngestModule.java | 2 +- .../netbeans/core/startup/Bundle.properties | 2 +- .../core/windows/view/ui/Bundle.properties | 2 +- 10 files changed, 28 insertions(+), 57 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java index b9ad634ff5..c219021feb 100755 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java @@ -30,7 +30,6 @@ import javax.swing.JPanel; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector; import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.TskCoreException; /** * Video viewer part of the Media View layered pane. Uses different engines @@ -153,11 +152,11 @@ public abstract class MediaViewVideoPanel extends JPanel implements FrameCapture if (AUDIO_EXTENSIONS.contains("." + extension) || getExtensionsList().contains("." + extension)) { SortedSet mimeTypes = new TreeSet<>(getMimeTypes()); try { - String mimeType = new FileTypeDetector().detect(file); + String mimeType = new FileTypeDetector().detectMIMEType(file); if (nonNull(mimeType)) { return mimeTypes.contains(mimeType); } - } catch (FileTypeDetector.FileTypeDetectorInitException | TskCoreException ex) { + } catch (FileTypeDetector.FileTypeDetectorInitException ex) { logger.log(Level.WARNING, "Failed to look up mimetype for " + file.getName() + " using FileTypeDetector. Fallingback on AbstractFile.isMimeType", ex); if (!mimeTypes.isEmpty() && file.isMimeType(mimeTypes) == AbstractFile.MimeMatchEnum.TRUE) { return true; diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java b/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java index eabc56e3bd..c7a5ce997f 100755 --- a/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java +++ b/Core/src/org/sleuthkit/autopsy/coreutils/ImageUtils.java @@ -263,12 +263,12 @@ public class ImageUtils { return true; } else { try { - String mimeType = getFileTypeDetector().detect(file); + String mimeType = getFileTypeDetector().detectMIMEType(file); if (StringUtils.isNotBlank(mimeTypePrefix) && mimeType.startsWith(mimeTypePrefix)) { return true; } return supportedMimeTypes.contains(mimeType); - } catch (FileTypeDetectorInitException | TskCoreException ex) { + } catch (FileTypeDetectorInitException ex) { LOGGER.log(Level.SEVERE, "Error determining MIME type of " + getContentPathSafe(file), ex);//NON-NLS return false; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java index 68cf1c3698..4a3a20da07 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/MSOfficeEmbeddedContentExtractor.java @@ -28,7 +28,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.logging.Level; -import org.apache.commons.io.FileUtils; import org.apache.commons.io.FilenameUtils; import org.apache.commons.io.IOUtils; import org.apache.poi.hwpf.usermodel.Picture; @@ -135,27 +134,22 @@ class MSOfficeEmbeddedContentExtractor { * supported. Else it returns false. */ boolean isContentExtractionSupported(AbstractFile abstractFile) { - try { - String abstractFileMimeType = fileTypeDetector.detect(abstractFile); - for (SupportedExtractionFormats s : SupportedExtractionFormats.values()) { - if (s.toString().equals(abstractFileMimeType)) { - abstractFileExtractionFormat = s; - return true; - } + String abstractFileMimeType = fileTypeDetector.detectMIMEType(abstractFile); + for (SupportedExtractionFormats s : SupportedExtractionFormats.values()) { + if (s.toString().equals(abstractFileMimeType)) { + abstractFileExtractionFormat = s; + return true; } - return false; - } catch (TskCoreException ex) { - LOGGER.log(Level.SEVERE, "Error executing FileTypeDetector.getFileType()", ex); // NON-NLS - return false; } + return false; } /** * This method selects the appropriate process of extracting embedded * content from files using either Tika or POI classes. Once the content has * been extracted as files, the method adds them to the DB and fires a - * ModuleContentEvent. ModuleContent Event is not fired if no content - * was extracted from the processed file. + * ModuleContentEvent. ModuleContent Event is not fired if no content was + * extracted from the processed file. * * @param abstractFile The abstract file to be processed. */ diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 95927091b7..261d465e00 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -141,16 +141,11 @@ class SevenZipExtractor { * supported. Else it returns false. */ boolean isSevenZipExtractionSupported(AbstractFile abstractFile) { - try { - String abstractFileMimeType = fileTypeDetector.detect(abstractFile); - for (SupportedArchiveExtractionFormats s : SupportedArchiveExtractionFormats.values()) { - if (s.toString().equals(abstractFileMimeType)) { - return true; - } + String abstractFileMimeType = fileTypeDetector.detectMIMEType(abstractFile); + for (SupportedArchiveExtractionFormats s : SupportedArchiveExtractionFormats.values()) { + if (s.toString().equals(abstractFileMimeType)) { + return true; } - return false; - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error executing FileTypeDetector.getFileType()", ex); // NON-NLS } // attempt extension matching diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index 99d6c54042..92dceb043e 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -188,13 +188,9 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter /* * Qualify the MIME type. */ - try { - String mimeType = fileTypeDetector.detect(file); - if (mimeType != null && mimeType.equals("application/octet-stream")) { - possiblyEncrypted = true; - } - } catch (TskCoreException ex) { - throw new TskCoreException("Failed to detect the file type.", ex); + String mimeType = fileTypeDetector.detectMIMEType(file); + if (mimeType != null && mimeType.equals("application/octet-stream")) { + possiblyEncrypted = true; } } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java index ffa4d074c8..86aae82126 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java @@ -104,8 +104,8 @@ public final class ExifParserFileIngestModule implements FileIngestModule { blackboard = Case.getCurrentCase().getServices().getBlackboard(); //skip unalloc - if ((content.getType().equals(TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) || - (content.getType().equals(TSK_DB_FILES_TYPE_ENUM.SLACK)))) { + if ((content.getType().equals(TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) + || (content.getType().equals(TSK_DB_FILES_TYPE_ENUM.SLACK)))) { return ProcessResult.OK; } @@ -250,17 +250,8 @@ public final class ExifParserFileIngestModule implements FileIngestModule { * @return true if to be processed */ private boolean parsableFormat(AbstractFile f) { - try { - String mimeType = fileTypeDetector.detect(f); - if (mimeType != null) { - return supportedMimeTypes.contains(mimeType); - } else { - return false; - } - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, "Failed to detect file type", ex); //NON-NLS - return false; - } + String mimeType = fileTypeDetector.detectMIMEType(f); + return supportedMimeTypes.contains(mimeType); } @Override diff --git a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java index 67833077aa..7d50f34f6a 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java @@ -39,7 +39,6 @@ import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE; -import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData.FileKnown; import org.sleuthkit.datamodel.TskException; @@ -163,17 +162,14 @@ public class FileExtMismatchIngestModule implements FileIngestModule { * * @return false if the two match. True if there is a mismatch. */ - private boolean compareSigTypeToExt(AbstractFile abstractFile) throws TskCoreException { + private boolean compareSigTypeToExt(AbstractFile abstractFile) { String currActualExt = abstractFile.getNameExtension(); // If we are skipping names with no extension if (settings.skipFilesWithNoExtension() && currActualExt.isEmpty()) { return false; } - String currActualSigType = detector.detect(abstractFile); - if (currActualSigType == null) { - return false; - } + String currActualSigType = detector.detectMIMEType(abstractFile); if (settings.getCheckType() != CHECK_TYPE.ALL) { if (settings.getCheckType() == CHECK_TYPE.NO_TEXT_FILES) { if (!currActualExt.isEmpty() && currActualSigType.equals("text/plain")) { //NON-NLS diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index ed6698bd32..d04249b98d 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -91,7 +91,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - fileTypeDetector.detect(file); + fileTypeDetector.detectMIMEType(file); addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { diff --git a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties index 7d140146fa..4d22e8066f 100644 --- a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties +++ b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties @@ -1,5 +1,5 @@ #Updated by build script -#Mon, 18 Dec 2017 14:43:20 -0500 +#Fri, 05 Jan 2018 10:04:16 -0500 LBL_splash_window_title=Starting Autopsy SPLASH_HEIGHT=314 SPLASH_WIDTH=538 diff --git a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties index 2196ae7af5..4ddb6c092f 100644 --- a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties +++ b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties @@ -1,4 +1,4 @@ #Updated by build script -#Mon, 18 Dec 2017 14:43:20 -0500 +#Fri, 05 Jan 2018 10:04:16 -0500 CTL_MainWindow_Title=Autopsy 4.5.0 CTL_MainWindow_Title_No_Project=Autopsy 4.5.0 From 1ea14a265606eee6a3687423012baa35a312b3b0 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 5 Jan 2018 10:17:21 -0500 Subject: [PATCH 16/19] Update FileTupeDetector API --- .../embeddedfileextractor/SevenZipExtractor.java | 13 +------------ .../modules/filetypeid/FileTypeDetector.java | 4 ---- .../keywordsearch/KeywordSearchIngestModule.java | 10 ++-------- 3 files changed, 3 insertions(+), 24 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java index 261d465e00..deeb2e9ecf 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java +++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java @@ -131,9 +131,7 @@ class SevenZipExtractor { } /** - * This method returns true if the file format is currently supported. Else - * it returns false. Attempt extension based detection in case Apache Tika - * based detection fails. + * Checks whether extraction is supported for a file, based on MIME type. * * @param abstractFile The AbstractFilw whose mimetype is to be determined. * @@ -147,15 +145,6 @@ class SevenZipExtractor { return true; } } - - // attempt extension matching - final String extension = abstractFile.getNameExtension(); - for (String supportedExtension : SUPPORTED_EXTENSIONS) { - if (extension.equals(supportedExtension)) { - return true; - } - } - return false; } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index 79a3602cc2..bed2062d24 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -18,7 +18,6 @@ */ package org.sleuthkit.autopsy.modules.filetypeid; -import java.io.IOException; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -30,12 +29,9 @@ import java.util.stream.Collectors; import org.apache.tika.Tika; import org.apache.tika.io.TikaInputStream; import org.apache.tika.mime.MimeTypes; -import org.openide.util.Exceptions; -import org.openide.util.NbBundle; import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.services.Blackboard; import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 02968ddd56..6035cba383 100755 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -41,7 +41,6 @@ import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService; import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchServiceException; import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector; import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData.FileKnown; @@ -510,15 +509,10 @@ public final class KeywordSearchIngestModule implements FileIngestModule { } String fileType; - try { - if (context.fileIngestIsCancelled()) { - return; - } - fileType = fileTypeDetector.detectFileType(aFile); - } catch (TskCoreException ex) { - logger.log(Level.SEVERE, String.format("Could not detect format using fileTypeDetector for file: %s", aFile), ex); //NON-NLS + if (context.fileIngestIsCancelled()) { return; } + fileType = fileTypeDetector.detectMIMEType(aFile); // we skip archive formats that are opened by the archive module. // @@@ We could have a check here to see if the archive module was enabled though... From e13d82ee16b30982f8f5a908e3c09fde9276e783 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Fri, 5 Jan 2018 10:44:47 -0500 Subject: [PATCH 17/19] Update FileTupeDetector API --- .../autopsy/corecomponents/MediaViewVideoPanel.java | 5 +---- .../EncryptionDetectionFileIngestModule.java | 2 +- .../modules/filetypeid/FileTypeDetector.java | 13 +------------ .../autopsy/imagegallery/FileTypeUtils.java | 10 +++++----- .../imagegallery/ImageGalleryController.java | 2 +- .../keywordsearch/KeywordSearchIngestModule.java | 3 +-- .../org/netbeans/core/startup/Bundle.properties | 2 +- .../netbeans/core/windows/view/ui/Bundle.properties | 2 +- 8 files changed, 12 insertions(+), 27 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java index c219021feb..07426a3a73 100755 --- a/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java +++ b/Core/src/org/sleuthkit/autopsy/corecomponents/MediaViewVideoPanel.java @@ -21,7 +21,6 @@ package org.sleuthkit.autopsy.corecomponents; import java.awt.Dimension; import java.util.Arrays; import java.util.List; -import static java.util.Objects.nonNull; import java.util.Set; import java.util.SortedSet; import java.util.TreeSet; @@ -153,9 +152,7 @@ public abstract class MediaViewVideoPanel extends JPanel implements FrameCapture SortedSet mimeTypes = new TreeSet<>(getMimeTypes()); try { String mimeType = new FileTypeDetector().detectMIMEType(file); - if (nonNull(mimeType)) { - return mimeTypes.contains(mimeType); - } + return mimeTypes.contains(mimeType); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { logger.log(Level.WARNING, "Failed to look up mimetype for " + file.getName() + " using FileTypeDetector. Fallingback on AbstractFile.isMimeType", ex); if (!mimeTypes.isEmpty() && file.isMimeType(mimeTypes) == AbstractFile.MimeMatchEnum.TRUE) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java index 92dceb043e..882f1b4502 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java @@ -189,7 +189,7 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter * Qualify the MIME type. */ String mimeType = fileTypeDetector.detectMIMEType(file); - if (mimeType != null && mimeType.equals("application/octet-stream")) { + if (mimeType.equals("application/octet-stream")) { possiblyEncrypted = true; } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index bed2062d24..ff056efdc7 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -291,20 +291,10 @@ public class FileTypeDetector { Collection attributes = new ArrayList<>(); BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()); attributes.add(setNameAttribute); - - /* - * Use the MIME type as the category attribute, i.e., - * the rule that determined this file belongs to the - * interesting files set. - */ BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); attributes.add(ruleNameAttribute); - - artifact.addAttributes(attributes); + artifact.addAttributes(attributes); try { - /* - * Index the artifact for keyword search. - */ Case.getCurrentCase().getServices().getBlackboard().indexArtifact(artifact); } catch (Blackboard.BlackboardException ex) { logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS @@ -313,7 +303,6 @@ public class FileTypeDetector { logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS } } - return fileType.getMimeType(); } } diff --git a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java index 83966ecfe4..9e47579a46 100755 --- a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java +++ b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/FileTypeUtils.java @@ -190,7 +190,7 @@ public enum FileTypeUtils { * * @return true if this file is supported or false if not */ - public static boolean isDrawable(AbstractFile file) throws TskCoreException, FileTypeDetector.FileTypeDetectorInitException { + public static boolean isDrawable(AbstractFile file) throws FileTypeDetector.FileTypeDetectorInitException { return hasDrawableMIMEType(file); } @@ -219,8 +219,8 @@ public enum FileTypeUtils { * type. False if a non image/video mimetype. empty Optional if a * mimetype could not be detected. */ - static boolean hasDrawableMIMEType(AbstractFile file) throws TskCoreException, FileTypeDetector.FileTypeDetectorInitException { - String mimeType = getFileTypeDetector().detect(file).toLowerCase(); + static boolean hasDrawableMIMEType(AbstractFile file) throws FileTypeDetector.FileTypeDetectorInitException { + String mimeType = getFileTypeDetector().detectMIMEType(file).toLowerCase(); return isDrawableMimeType(mimeType) || (mimeType.equals("audio/x-aiff") && "tiff".equalsIgnoreCase(file.getNameExtension())); } @@ -235,9 +235,9 @@ public enum FileTypeUtils { */ public static boolean hasVideoMIMEType(AbstractFile file) { try { - String mimeType = getFileTypeDetector().detect(file).toLowerCase(); + String mimeType = getFileTypeDetector().detectMIMEType(file).toLowerCase(); return mimeType.startsWith("video/") || videoMimeTypes.contains(mimeType); - } catch (FileTypeDetector.FileTypeDetectorInitException | TskCoreException ex) { + } catch (FileTypeDetector.FileTypeDetectorInitException ex) { LOGGER.log(Level.SEVERE, "Error determining MIME type of " + getContentPathSafe(file), ex); return false; } diff --git a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/ImageGalleryController.java b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/ImageGalleryController.java index 74c28d55b8..f4e0a6959c 100755 --- a/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/ImageGalleryController.java +++ b/ImageGallery/src/org/sleuthkit/autopsy/imagegallery/ImageGalleryController.java @@ -771,7 +771,7 @@ public final class ImageGalleryController { } @Override - void processFile(AbstractFile f, DrawableDB.DrawableTransaction tr) throws TskCoreException { + void processFile(AbstractFile f, DrawableDB.DrawableTransaction tr) { final boolean known = f.getKnown() == TskData.FileKnown.KNOWN; if (known) { diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 6035cba383..ea45987a4d 100755 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -508,11 +508,10 @@ public final class KeywordSearchIngestModule implements FileIngestModule { return; } - String fileType; if (context.fileIngestIsCancelled()) { return; } - fileType = fileTypeDetector.detectMIMEType(aFile); + String fileType = fileTypeDetector.detectMIMEType(aFile); // we skip archive formats that are opened by the archive module. // @@@ We could have a check here to see if the archive module was enabled though... diff --git a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties index 4d22e8066f..e0a4c85328 100644 --- a/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties +++ b/branding/core/core.jar/org/netbeans/core/startup/Bundle.properties @@ -1,5 +1,5 @@ #Updated by build script -#Fri, 05 Jan 2018 10:04:16 -0500 +#Fri, 05 Jan 2018 10:31:22 -0500 LBL_splash_window_title=Starting Autopsy SPLASH_HEIGHT=314 SPLASH_WIDTH=538 diff --git a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties index 4ddb6c092f..8f4ccbd194 100644 --- a/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties +++ b/branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties @@ -1,4 +1,4 @@ #Updated by build script -#Fri, 05 Jan 2018 10:04:16 -0500 +#Fri, 05 Jan 2018 10:31:22 -0500 CTL_MainWindow_Title=Autopsy 4.5.0 CTL_MainWindow_Title_No_Project=Autopsy 4.5.0 From 2880234569d55e04be5df572a5f8d7aa4807f7f0 Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Sun, 7 Jan 2018 13:03:40 -0500 Subject: [PATCH 18/19] Ensure file type saved by file type module --- .../autopsy/modules/filetypeid/FileTypeIdIngestModule.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index d04249b98d..64650ed0c4 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -91,7 +91,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { */ try { long startTime = System.currentTimeMillis(); - fileTypeDetector.detectMIMEType(file); + file.setMIMEType(fileTypeDetector.detectMIMEType(file)); addToTotals(jobId, (System.currentTimeMillis() - startTime)); return ProcessResult.OK; } catch (Exception e) { From 0fa972a57280c2a6aaa4dbb1bea61fd11eb705ea Mon Sep 17 00:00:00 2001 From: Richard Cordovano Date: Sun, 7 Jan 2018 13:06:03 -0500 Subject: [PATCH 19/19] Fix behavior of deprecated FileTypeDetector.detect --- .../sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java | 1 - 1 file changed, 1 deletion(-) diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index ff056efdc7..c742110f6b 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -438,7 +438,6 @@ public class FileTypeDetector { @Deprecated public String detect(AbstractFile file) throws TskCoreException { String fileType = detectMIMEType(file); - file.setMIMEType(fileType); // Retain side effect of setting value in file object. return fileType; }