Added 'Extract Files' operation and 'Forensics' category.

2025-04-22 15:56:16 -04:00 · 2018-12-14 16:43:03 +00:00 · 2018-12-14 16:43:03 +00:00 · 6aa9d2b492
commit 6aa9d2b492
parent 15fbe5a459
5 changed files with 572 additions and 74 deletions
--- a/src/core/operations/ExtractFiles.mjs
+++ b/src/core/operations/ExtractFiles.mjs
@ -0,0 +1,91 @@
+/**
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2018
+ * @license Apache-2.0
+ */
+
+import Operation from "../Operation";
+// import OperationError from "../errors/OperationError";
+import Magic from "../lib/Magic";
+import Utils from "../Utils";
+import {extractFile} from "../lib/FileExtraction";
+
+/**
+ * Extract Files operation
+ */
+class ExtractFiles extends Operation {
+
+    /**
+     * ExtractFiles constructor
+     */
+    constructor() {
+        super();
+
+        this.name = "Extract Files";
+        this.module = "Default";
+        this.description = "TODO";
+        this.infoURL = "https://forensicswiki.org/wiki/File_Carving";
+        this.inputType = "ArrayBuffer";
+        this.outputType = "List<File>";
+        this.presentType = "html";
+        this.args = [];
+    }
+
+    /**
+     * @param {ArrayBuffer} input
+     * @param {Object[]} args
+     * @returns {List<File>}
+     */
+    run(input, args) {
+        const bytes = new Uint8Array(input);
+
+        // Scan for embedded files
+        const fileDetails = scanForEmbeddedFiles(bytes);
+
+        // Extract each file that we support
+        const files = [];
+        fileDetails.forEach(fileDetail => {
+            try {
+                files.push(extractFile(bytes, fileDetail));
+            } catch (err) {}
+        });
+
+        return files;
+    }
+
+    /**
+     * Displays the files in HTML for web apps.
+     *
+     * @param {File[]} files
+     * @returns {html}
+     */
+    async present(files) {
+        return await Utils.displayFilesAsHTML(files);
+    }
+
+}
+
+/**
+ * TODO refactor
+ * @param data
+ */
+function scanForEmbeddedFiles(data) {
+    let type;
+    const types = [];
+
+    for (let i = 0; i < data.length; i++) {
+        type = Magic.magicFileType(data.slice(i));
+        if (type) {
+            types.push({
+                offset: i,
+                ext: type.ext,
+                mime: type.mime,
+                desc: type.desc
+            });
+        }
+    }
+
+    return types;
+}
+
+export default ExtractFiles;