Re: [sleuthkit-developers] How to query file mimetype in Autopsy 3.1-beta

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I don't know if the BlackboardArtifacts will be in the node for lookup.  Typically, we get them from the file object itself (Node -> Content -> Artifacts). 

This is the code that we use in several modules (this one is from the 7zip module):

	ArrayList<BlackboardAttribute> attributes = file.getGenInfoAttributes(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG);
            for (BlackboardAttribute attribute : attributes) {
                attributeFound = true;
                String fileType = attribute.getValueString();
                if (!fileType.isEmpty() && fileType.equals("application/zip")) { //NON-NLS
                    return true;
                }
            }

On Jul 15, 2014, at 11:11 PM, Luís Filipe Nassif <lfc...@gm...> wrote:

> After running File Type Id. and File Ext Mismatch modules, I see the generated artifacts and attributes into sqlite. But I am not being able to get the mimetype from a file with the code below:
> 
> Collection<? extends BlackboardArtifact> artifacts = node.getLookup().lookupAll(BlackboardArtifact.class);
>             for(BlackboardArtifact artifact : artifacts)
>                 if(artifact.getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO.getTypeID())
>                 try {
>                     for(BlackboardAttribute attr : artifact.getAttributes()){
>                         if(attr.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG.getTypeID()){
>                             String mimeType = attr.getValueString();
>                             //System.out.println(artifact.getArtifactTypeName() + "-" +attr.getAttributeTypeName() + ": " + mimeType);
>                             return mimeType;
>                         }    
>                     }
>                 } catch (TskCoreException ex) {
>                     Exceptions.printStackTrace(ex);
>                 }
> 
> Is there something wrong with the code?
> 
> Regards,
> Luis
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds_______________________________________________
> sleuthkit-developers mailing list
> sle...@li...
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers