diff --git a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchIngestModule.java b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchIngestModule.java index ee0e621a61..9d881f5d85 100644 --- a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchIngestModule.java +++ b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchIngestModule.java @@ -154,23 +154,28 @@ public class FileExtMismatchIngestModule extends org.sleuthkit.autopsy.ingest.In String extStr = abstractFile.getName().substring(i + 1); // find file_sig value. - ArrayList artList = abstractFile.getArtifacts(ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID()); + // getArtifacts by type doesn't seem to work, so get all artifacts + ArrayList artList = abstractFile.getAllArtifacts(); + for (BlackboardArtifact art : artList) { List atrList = art.getAttributes(); for (BlackboardAttribute att : atrList) { if (att.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()) { //get known allowed values from the map for this type - List allowedExtList = Arrays.asList(SigTypeToExtMap.get(att.getValueString())); - - // see if the filename ext is in the allowed list - if (allowedExtList != null) { - for (String e : allowedExtList) { - if (e.equals(extStr)) { - return false; + String[] slist = SigTypeToExtMap.get(att.getValueString()); + if (slist != null) { + List allowedExtList = Arrays.asList(slist); + + // see if the filename ext is in the allowed list + if (allowedExtList != null) { + for (String e : allowedExtList) { + if (e.equals(extStr)) { + return false; + } } + return true; //potential mismatch } - return true; //potential mismatch } } }