From 39cd68aca65ee573b54ba6c4612889ef6b9c48eb Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Fri, 17 Nov 2017 13:38:55 -0500
Subject: [PATCH] Minor tweaks.

---
 .../crypto/CryptoDetectionFileIngestModule.java       | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/crypto/CryptoDetectionFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/crypto/CryptoDetectionFileIngestModule.java
index 93db6697e7..ea0e806b14 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/crypto/CryptoDetectionFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/crypto/CryptoDetectionFileIngestModule.java
@@ -137,6 +137,10 @@ final class CryptoDetectionFileIngestModule implements FileIngestModule {
      *                     InputStream.
      */
     private double calculateEntropy(AbstractFile file) throws IOException {
+        /*
+         * Logic in this method is based on
+         * https://github.com/willjasen/entropy/blob/master/entropy.java
+         */
         InputStream in = null;
         BufferedInputStream bin = null;
 
@@ -200,6 +204,11 @@ final class CryptoDetectionFileIngestModule implements FileIngestModule {
      */
     private boolean isFileSupported(AbstractFile file) {
         boolean supported = false;
+        
+        /*
+         * Criteria for the checks in this method are partially based on
+         * http://www.forensicswiki.org/wiki/TrueCrypt#Detection
+         */
 
         /*
          * Qualify the file type.
@@ -216,7 +225,7 @@ final class CryptoDetectionFileIngestModule implements FileIngestModule {
                  * Qualify the size.
                  */
                 long contentSize = file.getSize();
-                if (contentSize >= 0x500000 && (contentSize & 511) == 0) {
+                if (contentSize >= 5242880 && (contentSize % 512) == 0) {
                     /*
                      * Qualify the MIME type.
                      */