Merge pull request #6992 from markmckinnon/7631-Use-Signatures-for-VHD-detection-in-VM-extractor-ingest-module

7631-Use-Signatures-for-VHD-detection-in-VM-extractor-ingest-module

Core/src/org/sleuthkit/autopsy/modules/vmextractor/VMExtractorIngestModule.java

@@ -49,6 +49,7 @@ import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.autopsy.ingest.IngestMessage;
 import org.sleuthkit.autopsy.ingest.IngestModule;
 import org.sleuthkit.autopsy.ingest.IngestServices;
+import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.DataSource;
@@ -118,6 +119,7 @@ final class VMExtractorIngestModule extends DataSourceIngestModuleAdapter {
         try {
             // look for all VM files
             vmFiles = findVirtualMachineFiles(dataSource);
+            vmFiles = removeNonVMFiles(vmFiles);
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Error querying case database", ex); //NON-NLS
             return ProcessResult.ERROR;
@@ -237,6 +239,47 @@ final class VMExtractorIngestModule extends DataSourceIngestModuleAdapter {
         }
         return vmFiles;
     }
+    
+    /**
+     * Check all the files and if a file is a vhd then check to make sure it is a valid vhd using the mimetype. We are not
+     * checking the mimetype for VMDK's at this point in time.
+     * 
+     * @param vmFiles List of virtual machine abstract files to look at
+     * 
+     * @return List of abstract files of virtual machine files.
+     */
+    private static List<AbstractFile> removeNonVMFiles(List<AbstractFile> vmFiles) {
+        List<AbstractFile> vFile = new ArrayList<>();
+        FileTypeDetector fileTypeDetector = null;
+        for (AbstractFile vmFile : vmFiles) {
+            if (vmFile.getNameExtension().equalsIgnoreCase("vhd")) {
+                String fileMimeType = vmFile.getMIMEType();
+                if (fileMimeType == null) {
+                    try {
+                        fileTypeDetector = new FileTypeDetector();
+                    } catch (FileTypeDetector.FileTypeDetectorInitException ex) {
+                        logger.log(Level.WARNING, String.format("Unable to create file type detector for determining MIME type for file %s with id of %d", vmFile.getName(), vmFile.getId()));
+                        vFile.add(vmFile);
+                        continue;
+                    }
+                    fileMimeType = fileTypeDetector.getMIMEType(vmFile);
+                    try {
+                        vmFile.setMIMEType(fileMimeType);
+                        vmFile.save();
+                    } catch (TskCoreException ex) {
+                        logger.log(Level.WARNING, String.format("Unable to save mimetype of %s for file %s with id of %d", fileMimeType, vmFile.getName(), vmFile.getId()));                    
+                    }
+                }               
+                if (fileMimeType.equalsIgnoreCase("application/x-vhd")) {
+                    vFile.add(vmFile);
+                }
+            } else {
+                vFile.add(vmFile);
+            }
+        }
+
+        return vFile;
+    }
 
     /**
      * Writes out an abstract file to a specified output folder.