From ecf00427fa2fc35b0def9e040b1c2831e27bedc6 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Mon, 24 Feb 2014 10:04:24 -0500 Subject: [PATCH 1/6] Added special XML file type check to reduce exceptions that get thrown - Tika seems to try to fully parse the XML file --- .../filetypeid/TikaFileTypeDetector.java | 21 ++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java index 4d902037cb..8ab655e27b 100644 --- a/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java +++ b/FileTypeId/src/org/sleuthkit/autopsy/filetypeid/TikaFileTypeDetector.java @@ -38,11 +38,26 @@ class TikaFileTypeDetector implements FileTypeDetectionInterface { byte buffer[] = new byte[maxBytesInitial]; int len = abstractFile.read(buffer, 0, maxBytesInitial); + boolean found = false; try { - String mimetype = tikaInst.detect(buffer); + // the xml detection in Tika tries to parse the entire file and throws exceptions + // for files that are not complete + try { + String tagHeader = new String(buffer, 0, 5); + if (tagHeader.equals(" Date: Mon, 24 Feb 2014 11:13:10 -0500 Subject: [PATCH 2/6] sort extension config file, added extensions for text and kmz --- .../fileextmismatch/FileExtMismatchXML.java | 2 + .../fileextmismatch/mismatch_config.xml | 881 +++++++++--------- 2 files changed, 440 insertions(+), 443 deletions(-) diff --git a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java index 5283d5c04f..32a8d49ace 100644 --- a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java +++ b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java @@ -23,6 +23,7 @@ import java.io.File; import java.io.IOException; import java.util.ArrayList; import java.util.Arrays; +import java.util.Collections; import java.util.HashMap; import java.util.Iterator; import java.util.List; @@ -164,6 +165,7 @@ class FileExtMismatchXML { String[] extArray = sigTypeToExtMap.get(key); if (extArray != null) { ArrayList extList = new ArrayList<>(Arrays.asList(extArray)); + Collections.sort(extList); for (String ext : extList) { Element extEl = doc.createElement(EXT_EL); extEl.setTextContent(ext); diff --git a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml index 8c88fcb430..e41fb5f2df 100644 --- a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml +++ b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml @@ -1,444 +1,439 @@ - + - - - txt - ini - inf - url - reg - cfg - log - lo_ - dat - lst - xml - dtd - xsd - xdr - xsl - xsml - kml - wsdl - box - rdf - manifest - htm - html - shtml - shtm - xhtml - hta - css - js - jsm - vbs - vb - php - php3 - phtml - h - hpp - hxx - cpp - cxx - cc - c - java - cs - asp - aspx - axd - ashx - properties - mak - cmake - la - pl - pm - plx - py - pyw - bat - lua - tex - lsp - lisp - rb - rbw - ps - json - mof - mfl - inc - milk - acro - adm - dun - obe - pro - sam - cmd - rat - htt - iem - policy - pc - catalog - hlp - cnt - sql - rbf - rsp - wpl - dic - aff - iqy - ecf - elm - ent - gdl - gpd - isp - theme - nt - cty - icw - man - ppd - cpx - scp - ver - library-ms - winprf - winprf_backup - svg - psp - jsp - oem - map - det - ins - ph - prx - sif - idl - isl - nld - sve - ita - fra - esn - enu - deu - sep - sve - cht - chs - psm - rq0 - old - eng - dlg - org - ic - ths - sig - std - cmp - stp - rst - lng - xdc - tha - sys - - doc - docx - docm - dotm - dot - dotx - xls - xlt - xla - xlsx - xlsm - xltm - xlam - xlsb - ppt - pot - pps - ppa - pptx - potx - ppam - pptm - potm - ppsm - msi - mst - db - db.keep - wiz - gra - automaticDestinations-ms - customDestinations-ms - feed-ms - - - docx - dotx - xlsx - xlsm - xltm - xlam - xlsb - pptx - potx - ppam - pptm - potm - ppsm - - - doc - dot - - - xls - xlt - xla - - - ppt - pot - pps - ppa - - - zip - docx - dotx - xlsx - xlsm - xltm - xlam - xlsb - pptx - potx - ppam - pptm - potm - ppsm - wmz - jar - amo - xpi - - - odt - - - ods - - - odp - - - pdf - - - rtf - - - htm - html - htx - htmls - hhk - hta - wpl - htt - shtml - - - - jpg - jpeg - jpe - jif - jfif - jfi - - - psd - - - nef - - - tif - tiff - - - png - - - gif - - - bmp - - - bmp - bm - - - ico - - - - mp4 - m4r - - - mov - qt - mp4 - - - rm - - - 3gp - - - avi - - - wmv - - - wmv - asf - - - wmv - asf - wma - - - wma - asf - - - mpg - mpeg - m1v - m2v - mpe - mpv - - - flv - - - m4v - - - rm - - - rv - - - swf - - - - aif - aiff - - - aif - aiff - - - flac - - - wav - - - m4a - mp4 - - - mp2 - mp3 - mpa - m2a - - - aac - - - mp2 - mp3 - mpa - m2a - - - mp2 - mp3 - mpa - m2a - - - m3u - - - mid - midi - - - ogg - - - - rar - - - arj - - - tar - - - gz - gzip - tgz - - - bzip - bz - - - cab - - - jar - - - bzip2 - - - cpio - - - - exe - - \ No newline at end of file + + tar + + + nef + + + xla + xls + xlt + + + docx + dotx + potm + potx + ppam + ppsm + pptm + pptx + xlam + xlsb + xlsm + xlsx + xltm + + + bzip2 + + + tif + tiff + + + aif + aiff + + + arj + + + pot + ppa + pps + ppt + + + amo + docx + dotx + jar + kmz + potm + potx + ppam + ppsm + pptm + pptx + wmz + xlam + xlsb + xlsm + xlsx + xltm + xpi + zip + + + aac + + + png + + + gif + + + hhk + hta + htm + html + htmls + htt + htx + shtml + wpl + + + m2a + mp2 + mp3 + mpa + + + exe + + + mid + midi + + + ico + + + psd + + + m2a + mp2 + mp3 + mpa + + + rv + + + jfi + jfif + jif + jpe + jpeg + jpg + + + m4r + mp4 + + + doc + rtf + + + cab + + + aif + aiff + + + wav + + + jar + + + wmv + + + asf + wmv + + + asf + wma + + + odp + + + asf + wma + wmv + + + ods + + + doc + dot + + + gz + gzip + tgz + + + avi + + + flv + + + odt + + + bz + bzip + + + swf + + + m2a + mp2 + mp3 + mpa + + + ogg + + + cpio + + + 3gp + + + bmp + + + rar + + + acro + adm + aff + ashx + asp + aspx + axd + bat + box + c + catalog + cc + cfg + chs + cht + cmake + cmd + cmp + cnt + cpp + cpx + cs + css + csv + cty + cxx + dat + det + deu + dic + dlg + dtd + dun + ecf + elm + eng + ent + enu + esn + fra + gdl + gpd + h + hlp + hpp + hta + htm + html + htt + hxx + ic + icw + idl + iem + inc + inf + ini + ins + iqy + isl + isp + ita + java + js + jsm + json + jsp + kml + la + library-ms + lisp + lng + lo_ + log + lsp + lst + lua + mak + man + manifest + map + mfl + milk + mof + nld + nt + obe + oem + old + org + pc + ph + php + php3 + phtml + pl + plx + pm + policy + ppd + pro + properties + prx + ps + psm + psp + py + pyw + rat + rb + rbf + rbw + rdf + reg + rq0 + rsp + rst + sam + scp + sep + shtm + shtml + sif + sig + sql + std + stp + sve + sve + svg + tex + text + tha + theme + ths + txt + url + vb + vbs + ver + winprf + winprf_backup + wpl + wsdl + xdc + xdr + xhtml + xml + xsd + xsl + xsml + + + m3u + + + m4a + mp4 + + + mov + mp4 + qt + + + flac + + + bm + bmp + + + m1v + m2v + mpe + mpeg + mpg + mpv + + + automaticDestinations-ms + customDestinations-ms + db + db.keep + doc + docm + docx + dot + dotm + dotx + feed-ms + gra + msi + mst + pot + potm + potx + ppa + ppam + pps + ppsm + ppt + pptm + pptx + wiz + xla + xlam + xls + xlsb + xlsm + xlsx + xlt + xltm + + + rm + + + m4v + + + pdf + + From 27881f47308fa98c1fa0b8b28db1485e1fdbe2c3 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Mon, 24 Feb 2014 11:20:14 -0500 Subject: [PATCH 3/6] Sort app types too --- .../fileextmismatch/FileExtMismatchXML.java | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java index 32a8d49ace..a5cdb368e7 100644 --- a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java +++ b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/FileExtMismatchXML.java @@ -25,7 +25,6 @@ import java.util.ArrayList; import java.util.Arrays; import java.util.Collections; import java.util.HashMap; -import java.util.Iterator; import java.util.List; import java.util.logging.Level; import javax.xml.parsers.DocumentBuilder; @@ -34,7 +33,6 @@ import javax.xml.parsers.ParserConfigurationException; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.PlatformUtil; import org.sleuthkit.autopsy.coreutils.XMLUtil; -import org.sleuthkit.datamodel.BlackboardAttribute; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.NodeList; @@ -144,7 +142,7 @@ class FileExtMismatchXML { * @return Loaded hash map or null on error or null if data does not exist */ public boolean save(HashMap sigTypeToExtMap) { - boolean success = false; + boolean success; DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance(); @@ -155,14 +153,14 @@ class FileExtMismatchXML { Element rootEl = doc.createElement(ROOT_EL); doc.appendChild(rootEl); - Iterator keyIt = sigTypeToExtMap.keySet().iterator(); + ArrayList appTypeList = new ArrayList<>(sigTypeToExtMap.keySet()); + Collections.sort(appTypeList); - while (keyIt.hasNext()) { - String key = keyIt.next(); + for (String appType : appTypeList) { Element sigEl = doc.createElement(SIG_EL); - sigEl.setAttribute(SIG_MIMETYPE_ATTR, key); + sigEl.setAttribute(SIG_MIMETYPE_ATTR, appType); - String[] extArray = sigTypeToExtMap.get(key); + String[] extArray = sigTypeToExtMap.get(appType); if (extArray != null) { ArrayList extList = new ArrayList<>(Arrays.asList(extArray)); Collections.sort(extList); From 8fd66dac87e918f39a5c01eb87f147b6ed157cd9 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Mon, 24 Feb 2014 12:19:01 -0500 Subject: [PATCH 4/6] Added developers list to docs --- docs/doxygen/main.dox | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/doxygen/main.dox b/docs/doxygen/main.dox index fa1fc66cb8..42f1ffd15a 100644 --- a/docs/doxygen/main.dox +++ b/docs/doxygen/main.dox @@ -3,6 +3,8 @@

Overview

Autopsy has been designed as a platform for open source tools besides just The Sleuth Kit. This document is for developers who want to add functionality into Autopsy. This could be in the form of enhancing the existing functionality or by making a module that plugs into it and you may distribute from your own site or push it back into the base distribution. +If these pages don't answer your question, then send the question to The Sleuth Kit Developer's List (https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers). + If you want to write modules, then these pages are for you: - \subpage platform_page - \subpage mod_dev_page From 45543b7cb203b2811f3c4ac5e81a867751644a49 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Mon, 24 Feb 2014 16:41:18 -0500 Subject: [PATCH 5/6] do not try to cast the wait node to get preferred actions --- .../autopsy/directorytree/DataResultFilterNode.java | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java index b4e52a0f3c..2d1941968f 100755 --- a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java +++ b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java @@ -32,6 +32,7 @@ import javax.swing.AbstractAction; import javax.swing.Action; import org.openide.explorer.ExplorerManager; import org.openide.nodes.AbstractNode; +import org.openide.nodes.ChildFactory; import org.openide.nodes.FilterNode; import org.openide.nodes.Node; import org.openide.nodes.Sheet; @@ -130,11 +131,13 @@ public class DataResultFilterNode extends FilterNode { */ @Override public Action getPreferredAction() { - // double click action(s) for volume node or directory node - - final DisplayableItemNode originalNode; - originalNode = (DisplayableItemNode) this.getOriginal(); - + final Node original = this.getOriginal(); + // Once had a org.openide.nodes.ChildFactory$WaitFilterNode passed in + if ((original instanceof DisplayableItemNode) == false) { + return null; + } + + final DisplayableItemNode originalNode = (DisplayableItemNode) this.getOriginal(); return originalNode.accept(getPreferredActionsDIV); } From 26909d5950d08be18684fa4506ab90eb25beb666 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Mon, 24 Feb 2014 16:42:05 -0500 Subject: [PATCH 6/6] Added more app types and they are now sorted to reduce future conflicts --- .../fileextmismatch/mismatch_config.xml | 410 +++++++++--------- 1 file changed, 208 insertions(+), 202 deletions(-) diff --git a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml index e41fb5f2df..d689d2f6b9 100644 --- a/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml +++ b/FileExtMismatch/src/org/sleuthkit/autopsy/fileextmismatch/mismatch_config.xml @@ -1,16 +1,108 @@ - - tar + + jar - - nef + + doc + dot + + + pdf + + + doc + rtf + + + asf + wmv + + + cab xla xls xlt + + pot + ppa + pps + ppt + + + odp + + + ods + + + odt + + + rm + + + rv + + + arj + + + bz + bzip + + + bzip2 + + + cpio + + + exe + + + gz + gzip + tgz + + + automaticDestinations-ms + customDestinations-ms + db + db.keep + doc + docm + docx + dot + dotm + dotx + feed-ms + gra + msi + mst + pot + potm + potx + ppa + ppam + pps + ppsm + ppt + pptm + pptx + wiz + xla + xlam + xls + xlsb + xlsm + xlsx + xlt + xltm + docx dotx @@ -26,25 +118,14 @@ xlsx xltm - - bzip2 + + rar - - tif - tiff + + swf - - aif - aiff - - - arj - - - pot - ppa - pps - ppt + + tar amo @@ -67,14 +148,93 @@ xpi zip + + aif + aiff + + + mid + midi + + + m4a + mp4 + + + m2a + mp2 + mp3 + mpa + + + m2a + mp2 + mp3 + mpa + raw + + + ogg + aac + + aif + aiff + + + flac + + + m2a + mp2 + mp3 + mpa + + + m3u + + + asf + wma + + + wav + + + bm + bmp + + + gif + + + jfi + jfif + jif + jpe + jpeg + jpg + png - - gif + + tif + tiff + + + psd + + + ico + + + bmp + + + nef hhk @@ -86,141 +246,19 @@ htx shtml wpl - - - m2a - mp2 - mp3 - mpa - - - exe - - - mid - midi - - - ico - - - psd - - - m2a - mp2 - mp3 - mpa - - - rv - - - jfi - jfif - jif - jpe - jpeg - jpg - - - m4r - mp4 - - - doc - rtf - - - cab - - - aif - aiff - - - wav - - - jar - - - wmv - - - asf - wmv - - - asf - wma - - - odp - - - asf - wma - wmv - - - ods - - - doc - dot - - - gz - gzip - tgz - - - avi - - - flv - - - odt - - - bz - bzip - - - swf - - - m2a - mp2 - mp3 - mpa - - - ogg - - - cpio - - - 3gp - - - bmp - - - rar + xml acro adm aff + arff ashx asp aspx axd bat + bau box c catalog @@ -244,6 +282,7 @@ deu dic dlg + doc dtd dun ecf @@ -330,6 +369,7 @@ rq0 rsp rst + s sam scp sep @@ -365,25 +405,13 @@ xsl xsml - - m3u + + 3gp - - m4a + + m4r mp4 - - mov - mp4 - qt - - - flac - - - bm - bmp - m1v m2v @@ -392,48 +420,26 @@ mpg mpv - - automaticDestinations-ms - customDestinations-ms - db - db.keep - doc - docm - docx - dot - dotm - dotx - feed-ms - gra - msi - mst - pot - potm - potx - ppa - ppam - pps - ppsm - ppt - pptm - pptx - wiz - xla - xlam - xls - xlsb - xlsm - xlsx - xlt - xltm + + mov + mp4 + qt - - rm + + flv m4v - - pdf + + asf + wma + wmv + + + wmv + + + avi