diff --git a/ewfVerify/build.xml b/ewfVerify/build.xml
new file mode 100755
index 0000000000..a84a569408
--- /dev/null
+++ b/ewfVerify/build.xml
@@ -0,0 +1,8 @@
+
+
+
+
+
+ Builds, tests, and runs the project org.sleuthkit.autopsy.ewfverify.
+
+
diff --git a/ewfVerify/manifest.mf b/ewfVerify/manifest.mf
new file mode 100755
index 0000000000..bcbc512e12
--- /dev/null
+++ b/ewfVerify/manifest.mf
@@ -0,0 +1,5 @@
+Manifest-Version: 1.0
+OpenIDE-Module: org.sleuthkit.autopsy.ewfverify
+OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/ewfverify/Bundle.properties
+OpenIDE-Module-Specification-Version: 1.0
+
diff --git a/ewfVerify/nbproject/build-impl.xml b/ewfVerify/nbproject/build-impl.xml
new file mode 100755
index 0000000000..98ad2ccc3b
--- /dev/null
+++ b/ewfVerify/nbproject/build-impl.xml
@@ -0,0 +1,45 @@
+
+
+
+
+
+
+
+
+
+
+
+
+ You must set 'suite.dir' to point to your containing module suite
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/ewfVerify/nbproject/platform.properties b/ewfVerify/nbproject/platform.properties
new file mode 100755
index 0000000000..e0bdd68b73
--- /dev/null
+++ b/ewfVerify/nbproject/platform.properties
@@ -0,0 +1,120 @@
+branding.token=autopsy
+netbeans-plat-version=7.3.1
+suite.dir=${basedir}
+nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version}
+harness.dir=${nbplatform.active.dir}/harness
+bootstrap.url=http://deadlock.netbeans.org/hudson/job/nbms-and-javadoc/lastStableBuild/artifact/nbbuild/netbeans/harness/tasks.jar
+autoupdate.catalog.url=http://dlc.sun.com.edgesuite.net/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
+cluster.path=\
+ ${nbplatform.active.dir}/harness:\
+ ${nbplatform.active.dir}/java:\
+ ${nbplatform.active.dir}/platform
+disabled.modules=\
+ org.apache.tools.ant.module,\
+ org.netbeans.api.debugger.jpda,\
+ org.netbeans.api.java,\
+ org.netbeans.lib.nbjavac,\
+ org.netbeans.libs.cglib,\
+ org.netbeans.libs.javacapi,\
+ org.netbeans.libs.javacimpl,\
+ org.netbeans.libs.springframework,\
+ org.netbeans.modules.ant.browsetask,\
+ org.netbeans.modules.ant.debugger,\
+ org.netbeans.modules.ant.freeform,\
+ org.netbeans.modules.ant.grammar,\
+ org.netbeans.modules.ant.kit,\
+ org.netbeans.modules.beans,\
+ org.netbeans.modules.classfile,\
+ org.netbeans.modules.dbschema,\
+ org.netbeans.modules.debugger.jpda,\
+ org.netbeans.modules.debugger.jpda.ant,\
+ org.netbeans.modules.debugger.jpda.kit,\
+ org.netbeans.modules.debugger.jpda.projects,\
+ org.netbeans.modules.debugger.jpda.ui,\
+ org.netbeans.modules.debugger.jpda.visual,\
+ org.netbeans.modules.findbugs.installer,\
+ org.netbeans.modules.form,\
+ org.netbeans.modules.form.binding,\
+ org.netbeans.modules.form.j2ee,\
+ org.netbeans.modules.form.kit,\
+ org.netbeans.modules.form.nb,\
+ org.netbeans.modules.form.refactoring,\
+ org.netbeans.modules.hibernate,\
+ org.netbeans.modules.hibernatelib,\
+ org.netbeans.modules.hudson.ant,\
+ org.netbeans.modules.hudson.maven,\
+ org.netbeans.modules.i18n,\
+ org.netbeans.modules.i18n.form,\
+ org.netbeans.modules.j2ee.core.utilities,\
+ org.netbeans.modules.j2ee.eclipselink,\
+ org.netbeans.modules.j2ee.eclipselinkmodelgen,\
+ org.netbeans.modules.j2ee.jpa.refactoring,\
+ org.netbeans.modules.j2ee.jpa.verification,\
+ org.netbeans.modules.j2ee.metadata,\
+ org.netbeans.modules.j2ee.metadata.model.support,\
+ org.netbeans.modules.j2ee.persistence,\
+ org.netbeans.modules.j2ee.persistence.kit,\
+ org.netbeans.modules.j2ee.persistenceapi,\
+ org.netbeans.modules.java.api.common,\
+ org.netbeans.modules.java.debug,\
+ org.netbeans.modules.java.editor,\
+ org.netbeans.modules.java.editor.lib,\
+ org.netbeans.modules.java.examples,\
+ org.netbeans.modules.java.freeform,\
+ org.netbeans.modules.java.guards,\
+ org.netbeans.modules.java.helpset,\
+ org.netbeans.modules.java.hints,\
+ org.netbeans.modules.java.hints.declarative,\
+ org.netbeans.modules.java.hints.declarative.test,\
+ org.netbeans.modules.java.hints.legacy.spi,\
+ org.netbeans.modules.java.hints.test,\
+ org.netbeans.modules.java.hints.ui,\
+ org.netbeans.modules.java.j2seplatform,\
+ org.netbeans.modules.java.j2seproject,\
+ org.netbeans.modules.java.kit,\
+ org.netbeans.modules.java.lexer,\
+ org.netbeans.modules.java.navigation,\
+ org.netbeans.modules.java.platform,\
+ org.netbeans.modules.java.preprocessorbridge,\
+ org.netbeans.modules.java.project,\
+ org.netbeans.modules.java.source,\
+ org.netbeans.modules.java.source.ant,\
+ org.netbeans.modules.java.source.queries,\
+ org.netbeans.modules.java.source.queriesimpl,\
+ org.netbeans.modules.java.sourceui,\
+ org.netbeans.modules.java.testrunner,\
+ org.netbeans.modules.javadoc,\
+ org.netbeans.modules.javawebstart,\
+ org.netbeans.modules.junit,\
+ org.netbeans.modules.maven,\
+ org.netbeans.modules.maven.checkstyle,\
+ org.netbeans.modules.maven.coverage,\
+ org.netbeans.modules.maven.embedder,\
+ org.netbeans.modules.maven.grammar,\
+ org.netbeans.modules.maven.graph,\
+ org.netbeans.modules.maven.hints,\
+ org.netbeans.modules.maven.indexer,\
+ org.netbeans.modules.maven.junit,\
+ org.netbeans.modules.maven.kit,\
+ org.netbeans.modules.maven.model,\
+ org.netbeans.modules.maven.osgi,\
+ org.netbeans.modules.maven.persistence,\
+ org.netbeans.modules.maven.refactoring,\
+ org.netbeans.modules.maven.repository,\
+ org.netbeans.modules.maven.search,\
+ org.netbeans.modules.maven.spring,\
+ org.netbeans.modules.projectimport.eclipse.core,\
+ org.netbeans.modules.projectimport.eclipse.j2se,\
+ org.netbeans.modules.refactoring.java,\
+ org.netbeans.modules.spellchecker.bindings.java,\
+ org.netbeans.modules.spring.beans,\
+ org.netbeans.modules.testng,\
+ org.netbeans.modules.testng.ant,\
+ org.netbeans.modules.testng.maven,\
+ org.netbeans.modules.websvc.jaxws21,\
+ org.netbeans.modules.websvc.jaxws21api,\
+ org.netbeans.modules.websvc.saas.codegen.java,\
+ org.netbeans.modules.xml.jaxb,\
+ org.netbeans.modules.xml.tools.java,\
+ org.netbeans.spi.java.hints
+
diff --git a/ewfVerify/nbproject/project.properties b/ewfVerify/nbproject/project.properties
new file mode 100755
index 0000000000..b0194c4977
--- /dev/null
+++ b/ewfVerify/nbproject/project.properties
@@ -0,0 +1,2 @@
+javac.source=1.7
+javac.compilerargs=-Xlint -Xlint:-serial
diff --git a/ewfVerify/nbproject/project.xml b/ewfVerify/nbproject/project.xml
new file mode 100755
index 0000000000..ae8089cea0
--- /dev/null
+++ b/ewfVerify/nbproject/project.xml
@@ -0,0 +1,31 @@
+
+
+ org.netbeans.modules.apisupport.project
+
+
+ org.sleuthkit.autopsy.ewfverify
+
+
+
+ org.sleuthkit.autopsy.core
+
+
+
+ 9
+ 7.0
+
+
+
+ org.sleuthkit.autopsy.corelibs
+
+
+
+ 3
+ 1.1
+
+
+
+
+
+
+
diff --git a/ewfVerify/nbproject/suite.properties b/ewfVerify/nbproject/suite.properties
new file mode 100755
index 0000000000..364e160e16
--- /dev/null
+++ b/ewfVerify/nbproject/suite.properties
@@ -0,0 +1 @@
+suite.dir=${basedir}/..
diff --git a/ewfVerify/src/org/sleuthkit/autopsy/ewfverify/Bundle.properties b/ewfVerify/src/org/sleuthkit/autopsy/ewfverify/Bundle.properties
new file mode 100755
index 0000000000..3f1d100810
--- /dev/null
+++ b/ewfVerify/src/org/sleuthkit/autopsy/ewfverify/Bundle.properties
@@ -0,0 +1 @@
+OpenIDE-Module-Name=ewfVerify
diff --git a/ewfVerify/src/org/sleuthkit/autopsy/ewfverify/EwfVerifyIngestModule.java b/ewfVerify/src/org/sleuthkit/autopsy/ewfverify/EwfVerifyIngestModule.java
new file mode 100755
index 0000000000..891f6ae9ca
--- /dev/null
+++ b/ewfVerify/src/org/sleuthkit/autopsy/ewfverify/EwfVerifyIngestModule.java
@@ -0,0 +1,173 @@
+/*
+ * Autopsy Forensic Browser
+ *
+ * Copyright 2013 Basis Technology Corp.
+ * Contact: carrier sleuthkit org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.ewfverify;
+
+
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+import java.util.logging.Level;
+import java.util.logging.Logger;
+import org.sleuthkit.autopsy.coreutils.StopWatch;
+import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
+import org.sleuthkit.autopsy.ingest.IngestMessage;
+import org.sleuthkit.autopsy.ingest.IngestMessage.MessageType;
+import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
+import org.sleuthkit.autopsy.ingest.IngestModuleInit;
+import org.sleuthkit.autopsy.ingest.IngestServices;
+import org.sleuthkit.autopsy.ingest.PipelineContext;
+import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.Image;
+import org.sleuthkit.datamodel.TskCoreException;
+import org.sleuthkit.datamodel.TskData;
+
+/**
+ *
+ * @author jwallace
+ */
+public class EwfVerifyIngestModule extends IngestModuleDataSource {
+ private static final String MODULE_NAME = "ewf Verify";
+ private static final String MODULE_VERSION = "1.0";
+ private static final String MODULE_DESCRIPTION = "Validates the integrity of E01 files.";
+ private static final long CHUNK_SIZE = 16 * 1024;
+ private IngestServices services;
+ private volatile boolean running = false;
+ private Image img;
+ private MessageDigest md;
+ private Logger logger;
+ private static int messageId = 0;
+ private volatile boolean cancelled = false;
+ private boolean verified = false;
+
+ public EwfVerifyIngestModule() {
+ }
+
+ @Override
+ public void process(PipelineContext pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
+ try {
+ img = dataSource.getImage();
+ } catch (TskCoreException ex) {
+ img = null;
+ logger.log(Level.SEVERE, "Failed to get image from Content.", ex);
+ services.postMessage(IngestMessage.createMessage(++messageId, MessageType.ERROR, this, "Error processing " + dataSource.getName()));
+ }
+
+ if (img.getType() != TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF) {
+ img = null;
+ // TODO notify?
+ logger.log(Level.INFO, "Skipping non-ewf image " + img.getName());
+ return;
+ }
+
+ services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, "Starting " + dataSource.getName()));
+ long size = img.getSize(); // size of the image
+
+ // TODO handle size = 0
+
+ int totalChunks = (int) Math.ceil(size / CHUNK_SIZE);
+ System.out.println("TOTAL CHUNKS = " + totalChunks);
+ int read;
+
+ // TODO find an appropriate size for this.
+ byte[] data;
+ controller.switchToDeterminate(totalChunks);
+
+ running = true;
+ StopWatch timer = new StopWatch();
+ timer.start();
+ for (int i = 0; i < totalChunks; i++) {
+ if (cancelled) {
+ timer.stop();
+ running = false;
+ return;
+ }
+ data = new byte[ (int) CHUNK_SIZE ];
+ try {
+ read = img.read(data, i * CHUNK_SIZE, CHUNK_SIZE);
+ } catch (TskCoreException ex) {
+ services.postMessage(IngestMessage.createMessage(++messageId, MessageType.ERROR, this, "Error processing " + img.getName()));
+ logger.log(Level.SEVERE, "Error reading from image: " + img.getName(), ex);
+ }
+ md.update(data);
+ controller.progress(i);
+ }
+ timer.stop();
+ byte[] byteHash = md.digest();
+ String hash = bytesToString(byteHash);
+ System.out.println("MD5 HASH: " + hash);
+ System.out.println("GENERATING HASH TOOK " + timer.getElapsedTimeSecs() + " SECONDS");
+ running = false;
+ // TODO logic to check if it is verified.
+ verified = true;
+ }
+
+ @Override
+ public void init(IngestModuleInit initContext) {
+ services = IngestServices.getDefault();
+ logger = services.getLogger(this);
+ try {
+ md = MessageDigest.getInstance("MD5");
+ } catch (NoSuchAlgorithmException ex) {
+ logger.log(Level.WARNING, "Error getting md5 algorithm", ex);
+ throw new RuntimeException("Failed to get MD5 algorithm");
+ }
+ cancelled = false;
+ running = false;
+ img = null;
+ }
+
+ @Override
+ public void complete() {
+ logger.info("complete() " + this.getName());
+ String msg = verified ? " verified." : " not verified.";
+ services.postMessage(IngestMessage.createMessage(++messageId, MessageType.INFO, this, img.getName() + msg));
+ }
+
+ @Override
+ public void stop() {
+ cancelled = true;
+ }
+
+ @Override
+ public String getName() {
+ return MODULE_NAME;
+ }
+
+ @Override
+ public String getVersion() {
+ return MODULE_VERSION;
+ }
+
+ @Override
+ public String getDescription() {
+ return MODULE_DESCRIPTION;
+ }
+
+ @Override
+ public boolean hasBackgroundJobsRunning() {
+ return running;
+ }
+
+ private String bytesToString(byte[] byteHash) {
+ StringBuilder sb = new StringBuilder();
+ for (byte b : byteHash) {
+ sb.append(String.format("%02x", b&0xff));
+ }
+ return sb.toString();
+ }
+}
diff --git a/nbproject/project.properties b/nbproject/project.properties
index e70fffba4b..c9722d329b 100644
--- a/nbproject/project.properties
+++ b/nbproject/project.properties
@@ -1,46 +1,49 @@
-app.icon=branding/core/core.jar/org/netbeans/core/startup/frame48.gif
-### Title of the application
-app.title=Autopsy
-### lowercase version of above
-app.name=autopsy
-### if left unset, version will default to today's date
-app.version=3.0.7
-### Build type isn't used at this point, but it may be useful
-### Must be one of: DEVELOPMENT, RELEASE
-build.type=RELEASE
-#build.type=DEVELOPMENT
-update_versions=false
-#custom JVM options
-#Note: can be higher on 64 bit systems, should be in sync with build.xml
-run.args.extra=-J-Xms24m -J-XX:MaxPermSize=128M -J-Xverify:none
-auxiliary.org-netbeans-modules-apisupport-installer.license-type=apache.v2
-auxiliary.org-netbeans-modules-apisupport-installer.os-linux=false
-auxiliary.org-netbeans-modules-apisupport-installer.os-macosx=false
-auxiliary.org-netbeans-modules-apisupport-installer.os-solaris=false
-auxiliary.org-netbeans-modules-apisupport-installer.os-windows=true
-auxiliary.org-netbeans-modules-apisupport-installer.pack200-enabled=false
-branding.token=${app.name}
-modules=\
- ${project.org.sleuthkit.autopsy.keywordsearch}:\
- ${project.org.sleuthkit.autopsy.hashdatabase}:\
- ${project.org.sleuthkit.autopsy.recentactivity}:\
- ${project.org.sleuthkit.autopsy.testing}:\
- ${project.org.sleuthkit.autopsy.thunderbirdparser}:\
- ${project.org.sleuthkit.autopsy.exifparser}:\
- ${project.org.sleuthkit.autopsy.core}:\
- ${project.org.sleuthkit.autopsy.corelibs}:\
- ${project.org.sleuthkit.autopsy.sevenzip}:\
- ${project.org.sleuthkit.autopsy.scalpel}:\
- ${project.org.sleuthkit.autopsy.timeline}
-project.org.sleuthkit.autopsy.core=Core
-project.org.sleuthkit.autopsy.corelibs=CoreLibs
-project.org.sleuthkit.autopsy.hashdatabase=HashDatabase
-project.org.sleuthkit.autopsy.keywordsearch=KeywordSearch
-project.org.sleuthkit.autopsy.recentactivity=RecentActivity
-project.org.sleuthkit.autopsy.testing=Testing
-project.org.sleuthkit.autopsy.thunderbirdparser=thunderbirdparser
-project.org.sleuthkit.autopsy.exifparser=ExifParser
-project.org.sleuthkit.autopsy.sevenzip=SevenZip
-project.org.sleuthkit.autopsy.scalpel=ScalpelCarver
-project.org.sleuthkit.autopsy.timeline=Timeline
-
+app.icon=branding/core/core.jar/org/netbeans/core/startup/frame48.gif
+### Title of the application
+app.title=Autopsy
+### lowercase version of above
+app.name=autopsy
+### if left unset, version will default to today's date
+app.version=3.0.7
+### Build type isn't used at this point, but it may be useful
+### Must be one of: DEVELOPMENT, RELEASE
+build.type=RELEASE
+project.org.sleuthkit.autopsy.ewfverify=EWFVerify
+#build.type=DEVELOPMENT
+update_versions=false
+#custom JVM options
+#Note: can be higher on 64 bit systems, should be in sync with build.xml
+run.args.extra=-J-Xms24m -J-XX:MaxPermSize=128M -J-Xverify:none
+auxiliary.org-netbeans-modules-apisupport-installer.license-type=apache.v2
+auxiliary.org-netbeans-modules-apisupport-installer.os-linux=false
+auxiliary.org-netbeans-modules-apisupport-installer.os-macosx=false
+auxiliary.org-netbeans-modules-apisupport-installer.os-solaris=false
+auxiliary.org-netbeans-modules-apisupport-installer.os-windows=true
+auxiliary.org-netbeans-modules-apisupport-installer.pack200-enabled=false
+branding.token=${app.name}
+modules=\
+ ${project.org.sleuthkit.autopsy.keywordsearch}:\
+ ${project.org.sleuthkit.autopsy.hashdatabase}:\
+ ${project.org.sleuthkit.autopsy.recentactivity}:\
+ ${project.org.sleuthkit.autopsy.testing}:\
+ ${project.org.sleuthkit.autopsy.thunderbirdparser}:\
+ ${project.org.sleuthkit.autopsy.exifparser}:\
+ ${project.org.sleuthkit.autopsy.core}:\
+ ${project.org.sleuthkit.autopsy.corelibs}:\
+ ${project.org.sleuthkit.autopsy.sevenzip}:\
+ ${project.org.sleuthkit.autopsy.scalpel}:\
+ ${project.org.sleuthkit.autopsy.timeline}:\
+ ${project.org.sleuthkit.autopsy.ewfverify}
+project.org.sleuthkit.autopsy.core=Core
+project.org.sleuthkit.autopsy.corelibs=CoreLibs
+project.org.sleuthkit.autopsy.hashdatabase=HashDatabase
+project.org.sleuthkit.autopsy.keywordsearch=KeywordSearch
+project.org.sleuthkit.autopsy.recentactivity=RecentActivity
+project.org.sleuthkit.autopsy.testing=Testing
+project.org.sleuthkit.autopsy.thunderbirdparser=thunderbirdparser
+project.org.sleuthkit.autopsy.exifparser=ExifParser
+project.org.sleuthkit.autopsy.sevenzip=SevenZip
+project.org.sleuthkit.autopsy.scalpel=ScalpelCarver
+project.org.sleuthkit.autopsy.timeline=Timeline
+project.org.sleuthkit.autopsy.ewfverify=ewfVerify
+