Re: [sleuthkit-users] Autopsy Python module - read file header

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Yea, the code that Jim included here is the way to go.  Our first python module hit the same road block.  The sample module (https://github.com/sleuthkit/autopsy/blob/develop/pythonExamples/simpleingestmodule.py) has the code to read content. 

> On May 18, 2015, at 5:51 PM, James H Jr Jones <jj...@gm...> wrote:
> 
> Something like this should work (when modified for your specific needs):
> 
>  
> 
> # Read the contents of the file.
> 
> inputStream = ReadContentInputStream(file)
> 
> buffer = jarray.zeros(1024, "b")
> 
> totLen = 0
> 
> len = inputStream.read(buffer)
> 
> while (len != -1):
> 
>     totLen = totLen + len
> 
>     len = inputStream.read(buffer)
> 
>  
> 
> Also, imports include:
> 
>  
> 
> import jarray
> 
> from java.lang import System
> 
>  
> 
> --Jim
> 
>  
> 
> From: Justin Grover [mailto:jus...@gm...] 
> Sent: Monday, May 18, 2015 5:42 PM
> To: sle...@li...
> Subject: [sleuthkit-users] Autopsy Python module - read file header
> 
>  
> 
> Autopsy devs--
> 
>  
> 
> I've got a python File Ingest Module.  Let's say I need to read the first byte from each file to determine its header value.  What's the best way to do this in Python/Autopsy?
> 
>  
> 
> I've got the following function within my module, but it doesn't work. Jython doesn't seem to handle the callback to fill the buffer.
> 
>  
> 
> def process(self, abstractFile):
> 
>     buf = []
> 
>     tmp = abstractFile.read(buf, 0, 1)
> 
>  
> 
>  
> 
>  
> 
> -Justin
> 
>  
> 
>     
> 
>  
> 
>      
> 
> ------------------------------------------------------------------------------
> One dashboard for servers and applications across Physical-Virtual-Cloud 
> Widest out-of-the-box monitoring support with 50+ applications
> Performance metrics, stats and reports that give you Actionable Insights
> Deep dive visibility with transaction tracing using APM Insight.
> http://ad.doubleclick.net/ddm/clk/290420510;117567292;y_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org