diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties index 391cfdac7f..d50338a4b5 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties @@ -6,4 +6,4 @@ OpenIDE-Module-Name=ExifParser OpenIDE-Module-Short-Description=Exif metadata ingest module ExifParserFileIngestModule.moduleName.text=Exif Parser ExifParserFileIngestModule.getDesc.text=Ingests JPEG files and retrieves their EXIF metadata. -ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the File Type Detector. \ No newline at end of file +ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. \ No newline at end of file diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java index f3f7ea3313..560eeefda3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java @@ -1,7 +1,7 @@ /* * Autopsy Forensic Browser * - * Copyright 2011-2014 Basis Technology Corp. + * Copyright 2011-2015 Basis Technology Corp. * Contact: carrier sleuthkit org * * Licensed under the Apache License, Version 2.0 (the "License"); @@ -60,7 +60,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule { private static final Logger logger = Logger.getLogger(ExifParserFileIngestModule.class.getName()); private final IngestServices services = IngestServices.getInstance(); - private AtomicInteger filesProcessed = new AtomicInteger(0); + private final AtomicInteger filesProcessed = new AtomicInteger(0); private volatile boolean filesToFire = false; private long jobId; private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); @@ -76,12 +76,10 @@ public final class ExifParserFileIngestModule implements FileIngestModule { try { fileTypeDetector = new FileTypeDetector(); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { - logger.log(Level.SEVERE, NbBundle.getMessage(this.getClass(), "ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg"), ex); throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "ExifParserFileIngestModule.startUp.fileTypeDetectorInitializationException.msg")); } } - - + @Override public ProcessResult process(AbstractFile content) { //skip unalloc @@ -205,7 +203,12 @@ public final class ExifParserFileIngestModule implements FileIngestModule { * @return true if to be processed */ private boolean parsableFormat(AbstractFile f) { - return fileTypeDetector.getFileType(f).equals("image/jpeg"); + try { + return fileTypeDetector.detect(f).equals("image/jpeg"); + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, "Failed to detect file type", ex); //NON-NLS + return false; + } } @Override diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties index 38dd22806b..baf9fa08c3 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/Bundle.properties @@ -44,3 +44,5 @@ FileTypeIdGlobalSettingsPanel.newTypeButton.text=New FileTypeIdGlobalSettingsPanel.jLabel1.text=Custom File Types FileTypeIdGlobalSettingsPanel.jLabel2.text=MIME Types: FileTypeIdGlobalSettingsPanel.jLabel3.text=Autopsy can automatically detect many file types. Add your custom file types here. +FileTypeIdGlobalSettingsPanel.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. + diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java index 3f0b47d7f4..0bfbc0eda2 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeDetector.java @@ -21,11 +21,9 @@ package org.sleuthkit.autopsy.modules.filetypeid; import java.util.ArrayList; import java.util.Map; import java.util.SortedSet; -import java.util.logging.Level; import org.apache.tika.Tika; import org.apache.tika.mime.MediaType; import org.apache.tika.mime.MimeTypes; -import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardAttribute; @@ -41,7 +39,6 @@ public class FileTypeDetector { private static final int BUFFER_SIZE = 64 * 1024; private final byte buffer[] = new byte[BUFFER_SIZE]; private final Map userDefinedFileTypes; - private static final Logger logger = Logger.getLogger(FileTypeDetector.class.getName()); /** * Constructs an object that detects the type of a file by an inspection of @@ -98,47 +95,6 @@ public class FileTypeDetector { return false; } - /** - * This method returns a string representing the mimetype of the provided - * abstractFile. Blackboard-lookup is performed to check if the mimetype has - * been already detected. If not, mimetype is determined using Apache Tika. - * - * @param abstractFile the file whose mimetype is to be determined. - * @return mimetype of the abstractFile is returned. Empty String returned - * in case of error. - */ - public String getFileType(AbstractFile abstractFile) { - String identifiedFileType = ""; - - // check BB - try { - ArrayList attributes = abstractFile.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG); - for (BlackboardAttribute attribute : attributes) { - identifiedFileType = attribute.getValueString(); - break; - } - if (identifiedFileType != null && !identifiedFileType.isEmpty()) { - return identifiedFileType; - } - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error performing mimetype blackboard-lookup for " + abstractFile.getName(), ex); - } - - try { - // check UDF and TDF - identifiedFileType = detectAndPostToBlackboard(abstractFile); - if (identifiedFileType != null && !identifiedFileType.isEmpty()) { - return identifiedFileType; - } - } catch (TskCoreException ex) { - logger.log(Level.WARNING, "Error determining the mimetype for " + abstractFile.getName(), ex); // NON-NLS - return ""; // NON-NLS - } - - logger.log(Level.WARNING, "Unable to determine the mimetype for {0}", abstractFile.getName()); // NON-NLS - return ""; // NON-NLS - } - /** * Detect the MIME type of a file, posting it to the blackboard if detection * succeeds. @@ -148,9 +104,11 @@ public class FileTypeDetector { * @throws TskCoreException if there is an error posting to the blackboard. */ public String detectAndPostToBlackboard(AbstractFile file) throws TskCoreException { - - String mimeType; - mimeType = detect(file); + String mimeType = lookupFileType(file); + if (null != mimeType) { + return mimeType; + } + mimeType = detectFileType(file); if (null != mimeType) { /** * Add the file type attribute to the general info artifact. Note @@ -169,10 +127,42 @@ public class FileTypeDetector { * Detect the MIME type of a file. * * @param file The file to test. - * @return The MIME type name id detection was successful, null otherwise. + * @return The MIME type name if detection was successful, null otherwise. */ public String detect(AbstractFile file) throws TskCoreException { - // Consistently mark unallocated and unused space as file type application/octet-stream + String mimeType = lookupFileType(file); + if (null != mimeType) { + return mimeType; + } + return detectFileType(file); + } + + /** + * Look up the MIME type of a file on the blackboard. + * + * @param file The file to test. + * @return The MIME type name if look up was successful, null otherwise. + */ + private String lookupFileType(AbstractFile file) throws TskCoreException { + String fileType = null; + ArrayList attributes = file.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG); + for (BlackboardAttribute attribute : attributes) { + /** + * There should be at most TSK_FILE_TYPE_SIG attribute. + */ + fileType = attribute.getValueString(); + break; + } + return fileType; + } + + /** + * Detect the MIME type of a file. + * + * @param file The file to test. + * @return The MIME type name if detection was successful, null otherwise. + */ + private String detectFileType(AbstractFile file) throws TskCoreException { if ((file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) || (file.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS) || (file.isFile() == false)) { @@ -224,17 +214,17 @@ public class FileTypeDetector { if (fileType.matches(file)) { if (fileType.alertOnMatch()) { BlackboardArtifact artifact; - artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); - BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getFilesSetName()); - artifact.addAttribute(setNameAttribute); + artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT); + BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getFilesSetName()); + artifact.addAttribute(setNameAttribute); - /** - * Use the MIME type as the category, i.e., the rule - * that determined this file belongs to the interesting - * files set. - */ - BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); - artifact.addAttribute(ruleNameAttribute); + /** + * Use the MIME type as the category, i.e., the rule that + * determined this file belongs to the interesting files + * set. + */ + BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()); + artifact.addAttribute(ruleNameAttribute); } return fileType.getMimeType(); } diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java index 6625c7c616..9c684c4af8 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java @@ -82,9 +82,7 @@ public class FileTypeIdIngestModule implements FileIngestModule { try { fileTypeDetector = new FileTypeDetector(); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { - String errorMessage = "Failed to create file type detector"; //NON-NLS - logger.log(Level.SEVERE, errorMessage, ex); - throw new IngestModuleException(errorMessage); + throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "FileTypeIdIngestModule.startUp.fileTypeDetectorInitializationException.msg")); } } diff --git a/Core/src/org/sleuthkit/autopsy/modules/sevenzip/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/sevenzip/Bundle.properties index badd35146a..8f93fde59b 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/sevenzip/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/modules/sevenzip/Bundle.properties @@ -29,4 +29,4 @@ SevenZipIngestModule.unpack.encrFileDetected.msg=Encrypted files in archive dete SevenZipIngestModule.unpack.encrFileDetected.details=Some files in archive\: {0} are encrypted. {1} extractor was unable to extract all files from this archive. SevenZipIngestModule.UnpackStream.write.exception.msg=Error writing unpacked file to\: {0} SevenZipIngestModule.UnpackedTree.exception.msg=Error adding a derived file to db\:{0} -SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the File Type Detector. +SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. diff --git a/Core/src/org/sleuthkit/autopsy/modules/sevenzip/SevenZipIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/sevenzip/SevenZipIngestModule.java index 59553ae89f..a315a1f608 100644 --- a/Core/src/org/sleuthkit/autopsy/modules/sevenzip/SevenZipIngestModule.java +++ b/Core/src/org/sleuthkit/autopsy/modules/sevenzip/SevenZipIngestModule.java @@ -103,7 +103,6 @@ public final class SevenZipIngestModule implements FileIngestModule { try { fileTypeDetector = new FileTypeDetector(); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { - logger.log(Level.SEVERE, NbBundle.getMessage(this.getClass(), "SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg"), ex); throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "SevenZipIngestModule.startUp.fileTypeDetectorInitializationException.msg")); } @@ -288,7 +287,7 @@ public final class SevenZipIngestModule implements FileIngestModule { } if (detectedFormat == null) { - logger.log(Level.WARNING, "Could not detect format for file: " + archiveFile); //NON-NLS + logger.log(Level.WARNING, "Could not detect format for file: {0}", archiveFile); //NON-NLS // if we don't have attribute info then use file extension String extension = archiveFile.getNameExtension(); @@ -661,7 +660,12 @@ public final class SevenZipIngestModule implements FileIngestModule { * @return true if zip file, false otherwise */ private boolean isZipFileHeader(AbstractFile file) { - return fileTypeDetector.getFileType(file).equals("application/zip"); //NON-NLS + try { + return fileTypeDetector.detect(file).equals("application/zip"); //NON-NLS + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, "Failed to detect file type", ex); //NON-NLS + return false; + } } /** diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties index 7e784739a7..70a2e74a7c 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Bundle.properties @@ -283,4 +283,4 @@ KeywordSearchModuleFactory.createFileIngestModule.exception.msg=Expected setting SearchRunner.Searcher.done.err.msg=Error performing keyword search KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.toolTipText=Fastest overall, but no results until the end KeywordSearchGlobalSearchSettingsPanel.timeRadioButton5.text=No periodic searches -KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the File Type Detector. +KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg=Error initializing the file type detector. diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java index 5a4931574c..ebe407ee6c 100644 --- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java +++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java @@ -24,6 +24,7 @@ import java.util.List; import java.util.Map; import java.util.concurrent.atomic.AtomicInteger; import java.util.logging.Level; +import org.openide.util.Exceptions; import org.openide.util.NbBundle; import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; @@ -37,6 +38,7 @@ import org.sleuthkit.autopsy.ingest.IngestServices; import org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException; import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector; import org.sleuthkit.datamodel.AbstractFile; +import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskData; import org.sleuthkit.datamodel.TskData.FileKnown; @@ -132,7 +134,6 @@ public final class KeywordSearchIngestModule implements FileIngestModule { try { fileTypeDetector = new FileTypeDetector(); } catch (FileTypeDetector.FileTypeDetectorInitException ex) { - logger.log(Level.SEVERE, NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg"), ex); throw new IngestModuleException(NbBundle.getMessage(this.getClass(), "KeywordSearchIngestModule.startUp.fileTypeDetectorInitializationException.msg")); } ingester = Server.getIngester(); @@ -475,9 +476,11 @@ public final class KeywordSearchIngestModule implements FileIngestModule { return; } - String detectedFormat = fileTypeDetector.getFileType(aFile); - if (detectedFormat == null) { - logger.log(Level.WARNING, "Could not detect format using fileTypeDetector for file: {0}", aFile); //NON-NLS + String detectedFormat; + try { + detectedFormat = fileTypeDetector.detectAndPostToBlackboard(aFile); + } catch (TskCoreException ex) { + logger.log(Level.SEVERE, String.format("Could not detect format using fileTypeDetector for file: %s", aFile), ex); //NON-NLS return; }