3752 clean up - make comments and names more accurate

2025-07-12 16:06:15 +00:00 · 2018-04-23 18:05:59 -04:00 · 2018-04-23 18:05:59 -04:00 · c36a1e6191
commit c36a1e6191
parent f7fad3184e
2 changed files with 30 additions and 22 deletions
--- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java
@ -42,10 +42,7 @@ import org.sleuthkit.datamodel.Volume;
 import org.sleuthkit.datamodel.VolumeSystem;

 /**
- * Sample data source ingest module that doesn't do much. Demonstrates per
- * ingest job module settings, checking for job cancellation, updating the
- * DataSourceIngestModuleProgress object, and use of a subset of the available
- * ingest services.
+ * Data source module to detect encryption.
 */
 class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModule {

@ -56,6 +53,12 @@ class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModul

    private final double minimumEntropy;
    
+    /**
+     * Create a EncryptionDetectionDataSourceIngestModule object that will detect
+     * volumes that are encrypted and create blackboard artifacts as appropriate.
+     * The supplied EncryptionDetectionIngestJobSettings object is used to
+     * configure the module.
+     */
    EncryptionDetectionDataSourceIngestModule(EncryptionDetectionIngestJobSettings settings) {
        minimumEntropy = settings.getMinimumEntropy();
    }
@ -80,7 +83,7 @@ class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModul
                for (VolumeSystem volumeSystem : volumeSystems) {
                    for (Volume volume : volumeSystem.getVolumes()) {
                        if (volume.getFileSystems().isEmpty()) {
-                            if (isDataSourceEncrypted(volume)) {
+                            if (isVolumeEncrypted(volume)) {
                                System.out.println("VOLUME ENCRYPTED");
                                return flagVolume(volume);
                            }
@ -106,9 +109,9 @@ class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModul
    /**
     * Create a blackboard artifact.
     *
-     * @param The file to be processed.
+     * @param The volume to be processed.
     *
-     * @return 'OK' if the file was processed successfully, or 'ERROR' if there
+     * @return 'OK' if the volume was processed successfully, or 'ERROR' if there
     *         was a problem.
     */
    private IngestModule.ProcessResult flagVolume(Volume volume) {
@ -157,9 +160,9 @@ class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModul
     *
     * @param file AbstractFile to be checked.
     *
-     * @return True if the AbstractFile is encrypted.
+     * @return True if the Volume is encrypted.
     */
-    private boolean isDataSourceEncrypted(Content dataSource) throws ReadContentInputStream.ReadContentInputStreamException, IOException, TskCoreException {
+    private boolean isVolumeEncrypted(Volume volume) throws ReadContentInputStream.ReadContentInputStreamException, IOException, TskCoreException {
        /*
         * Criteria for the checks in this method are partially based on
         * http://www.forensicswiki.org/wiki/TrueCrypt#Detection
@ -168,10 +171,8 @@ class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModul
        boolean possiblyEncrypted = true;

        if (possiblyEncrypted) {
-            System.out.println("CALCULATE ENTROPY");
-            calculatedEntropy = EncryptionDetectionTools.calculateEntropy(dataSource);
+            calculatedEntropy = EncryptionDetectionTools.calculateEntropy(volume);
            if (calculatedEntropy >= minimumEntropy) {
-                System.out.println("ENTROPY INDICATED ENCRYPTED DS");
                return true;
            }
        }
--- a/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionTools.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionTools.java
@ -42,12 +42,20 @@ final class EncryptionDetectionTools {
        "EncryptionDetectionTools.errorMessage.minimumEntropyInput=Minimum entropy input must be a number between 6.0 and 8.0.",
        "EncryptionDetectionTools.errorMessage.minimumFileSizeInput=Minimum file size input must be an integer (in megabytes) of 1 or greater."
    })
+    /**
+     * Check if the minimum entropy setting is in the accepted range for this
+     * module.
+     */
    static void validateMinEntropyValue(double minimumEntropy) throws IngestModule.IngestModuleException {
        if (minimumEntropy < MINIMUM_ENTROPY_INPUT_RANGE_MIN || minimumEntropy > MINIMUM_ENTROPY_INPUT_RANGE_MAX) {
            throw new IngestModule.IngestModuleException(Bundle.EncryptionDetectionTools_errorMessage_minimumEntropyInput());
        }
    }

+    /**
+     * Check if the minimum file size setting is in the accepted range for this
+     * module.
+     */
    static void validateMinFileSizeValue(int minimumFileSize) throws IngestModule.IngestModuleException {
        if (minimumFileSize < MINIMUM_FILE_SIZE_INPUT_RANGE_MIN) {
            throw new IngestModule.IngestModuleException(Bundle.EncryptionDetectionTools_errorMessage_minimumFileSizeInput());
@ -55,17 +63,17 @@ final class EncryptionDetectionTools {
    }

    /**
-     * Calculate the entropy of the file. The result is used to qualify the file
-     * as an encrypted file.
+     * Calculate the entropy of the content. The result is used to qualify the
+     * content as an encrypted content.
     *
-     * @param file The file to be calculated against.
+     * @param content The content to be calculated against.
     *
-     * @return The entropy of the file.
+     * @return The entropy of the content.
     *
     * @throws IOException If there is a failure closing or reading from the
     *                     InputStream.
     */
-    static double calculateEntropy(Content file) throws ReadContentInputStream.ReadContentInputStreamException, IOException {
+    static double calculateEntropy(Content content) throws ReadContentInputStream.ReadContentInputStreamException, IOException {
        /*
         * Logic in this method is based on
         * https://github.com/willjasen/entropy/blob/master/entropy.java
@ -75,7 +83,7 @@ final class EncryptionDetectionTools {
        BufferedInputStream bin = null;

        try {
-            in = new ReadContentInputStream(file);
+            in = new ReadContentInputStream(content);
            bin = new BufferedInputStream(in);

            /*
@ -90,7 +98,7 @@ final class EncryptionDetectionTools {
            /*
             * Calculate the entropy based on the byte occurence counts.
             */
-            long dataLength = file.getSize() - 1;
+            long dataLength = content.getSize() - 1;
            double entropyAccumulator = 0;
            for (int i = 0; i < BYTE_OCCURENCES_BUFFER_SIZE; i++) {
                if (byteOccurences[i] > 0) {
@ -98,7 +106,6 @@ final class EncryptionDetectionTools {
                    entropyAccumulator += (byteProbability * Math.log(byteProbability) * ONE_OVER_LOG2);
                }
            }
-            System.out.println("ENTROPY VALUE: " + -entropyAccumulator);
            return -entropyAccumulator;

        } finally {