mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-14 17:06:16 +00:00
Merge pull request #6992 from markmckinnon/7631-Use-Signatures-for-VHD-detection-in-VM-extractor-ingest-module
7631-Use-Signatures-for-VHD-detection-in-VM-extractor-ingest-module
This commit is contained in:
commit
d17372b8c9
@ -49,6 +49,7 @@ import org.sleuthkit.autopsy.ingest.IngestManager;
|
||||
import org.sleuthkit.autopsy.ingest.IngestMessage;
|
||||
import org.sleuthkit.autopsy.ingest.IngestModule;
|
||||
import org.sleuthkit.autopsy.ingest.IngestServices;
|
||||
import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector;
|
||||
import org.sleuthkit.datamodel.AbstractFile;
|
||||
import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.DataSource;
|
||||
@ -118,6 +119,7 @@ final class VMExtractorIngestModule extends DataSourceIngestModuleAdapter {
|
||||
try {
|
||||
// look for all VM files
|
||||
vmFiles = findVirtualMachineFiles(dataSource);
|
||||
vmFiles = removeNonVMFiles(vmFiles);
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.SEVERE, "Error querying case database", ex); //NON-NLS
|
||||
return ProcessResult.ERROR;
|
||||
@ -238,6 +240,47 @@ final class VMExtractorIngestModule extends DataSourceIngestModuleAdapter {
|
||||
return vmFiles;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check all the files and if a file is a vhd then check to make sure it is a valid vhd using the mimetype. We are not
|
||||
* checking the mimetype for VMDK's at this point in time.
|
||||
*
|
||||
* @param vmFiles List of virtual machine abstract files to look at
|
||||
*
|
||||
* @return List of abstract files of virtual machine files.
|
||||
*/
|
||||
private static List<AbstractFile> removeNonVMFiles(List<AbstractFile> vmFiles) {
|
||||
List<AbstractFile> vFile = new ArrayList<>();
|
||||
FileTypeDetector fileTypeDetector = null;
|
||||
for (AbstractFile vmFile : vmFiles) {
|
||||
if (vmFile.getNameExtension().equalsIgnoreCase("vhd")) {
|
||||
String fileMimeType = vmFile.getMIMEType();
|
||||
if (fileMimeType == null) {
|
||||
try {
|
||||
fileTypeDetector = new FileTypeDetector();
|
||||
} catch (FileTypeDetector.FileTypeDetectorInitException ex) {
|
||||
logger.log(Level.WARNING, String.format("Unable to create file type detector for determining MIME type for file %s with id of %d", vmFile.getName(), vmFile.getId()));
|
||||
vFile.add(vmFile);
|
||||
continue;
|
||||
}
|
||||
fileMimeType = fileTypeDetector.getMIMEType(vmFile);
|
||||
try {
|
||||
vmFile.setMIMEType(fileMimeType);
|
||||
vmFile.save();
|
||||
} catch (TskCoreException ex) {
|
||||
logger.log(Level.WARNING, String.format("Unable to save mimetype of %s for file %s with id of %d", fileMimeType, vmFile.getName(), vmFile.getId()));
|
||||
}
|
||||
}
|
||||
if (fileMimeType.equalsIgnoreCase("application/x-vhd")) {
|
||||
vFile.add(vmFile);
|
||||
}
|
||||
} else {
|
||||
vFile.add(vmFile);
|
||||
}
|
||||
}
|
||||
|
||||
return vFile;
|
||||
}
|
||||
|
||||
/**
|
||||
* Writes out an abstract file to a specified output folder.
|
||||
*
|
||||
|
Loading…
x
Reference in New Issue
Block a user