mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-19 11:07:43 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added more info to the default sig types to extensions map. Also make sure to convert to lowercase before comparing.

Browse Source
This commit is contained in:
Samuel H. Kenyon 2013-12-01 20:10:56 -05:00
parent b423d0038a
commit 7d29ae3be8
1 changed files with 55 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchIngestModule.java
View File

@ -104,10 +104,36 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
}
// Set up default mapping (eventually this will be loaded from a config file)
String[] exts = {"doc", "docx", "dot", "dotx", "xls", "xlsx", "ppt", "pot", "pptx", "potx"};
SigTypeToExtMap.put("application/x-msoffice", exts);
String[] exts2 = {"jpg","jpeg"};
SigTypeToExtMap.put("image/jpeg", exts2);
// For now, since we don't detect specific MS office openxml formats, we just assume that
// those will get caught under "application/x-msoffice".
SigTypeToExtMap.put("application/x-msoffice", new String[] {"doc", "docx", "docm", "dotm", "dot", "dotx", "xls", "xlt", "xla", "xlsx", "xlsm", "xltm", "xlam", "xlsb", "ppt", "pot", "pps","ppa", "pptx", "potx", "ppam", "pptm", "potm", "ppsm"});
SigTypeToExtMap.put("application/msword", new String[]{"doc","dot"});
SigTypeToExtMap.put("application/vnd.ms-excel", new String[]{"xls","xlt","xla"});
SigTypeToExtMap.put("application/vnd.ms-powerpoint", new String[]{"ppt","pot","pps","ppa"});
SigTypeToExtMap.put("application/pdf", new String[]{"pdf"});
SigTypeToExtMap.put("application/rtf", new String[]{"rtf"});
SigTypeToExtMap.put("text/plain", new String[]{"txt"});
SigTypeToExtMap.put("text/html", new String[]{"htm", "html", "htx", "htmls"});
//todo application/xhtml+xml
SigTypeToExtMap.put("image/jpeg", new String[]{"jpg","jpeg"});
SigTypeToExtMap.put("image/tiff", new String[]{"tiff", "tif"});
SigTypeToExtMap.put("image/png", new String[]{"png"});
SigTypeToExtMap.put("image/gif", new String[]{"gif"});
SigTypeToExtMap.put("image/x-ms-bmp", new String[]{"bmp"});
SigTypeToExtMap.put("image/bmp", new String[]{"bmp", "bm"});
SigTypeToExtMap.put("image/x-icon", new String[]{"ico"});
SigTypeToExtMap.put("video/mp4", new String[]{"mp4"});
SigTypeToExtMap.put("video/quicktime", new String[]{"mov"});
SigTypeToExtMap.put("video/3gpp", new String[]{"3gp"});
SigTypeToExtMap.put("video/x-msvideo", new String[]{"avi"});
SigTypeToExtMap.put("video/x-ms-wmv", new String[]{"wmv"});
SigTypeToExtMap.put("video/mpeg", new String[]{"mpeg","mpg"});
SigTypeToExtMap.put("video/x-flv", new String[]{"flv"});
SigTypeToExtMap.put("application/zip", new String[]{"zip"});
}
@Override
@ -149,9 +175,11 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
private boolean compareSigTypeToExt(AbstractFile abstractFile) {
try {
String extStr = "";
int i = abstractFile.getName().lastIndexOf(".");
if ((i > -1) && ((i + 1) < abstractFile.getName().length())) {
String extStr = abstractFile.getName().substring(i + 1);
extStr = abstractFile.getName().substring(i + 1).toLowerCase();
}
// find file_sig value.
// getArtifacts by type doesn't seem to work, so get all artifacts
@ -180,7 +208,6 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In
}
}
}
}
} catch (TskCoreException ex) {
Exceptions.printStackTrace(ex);
}