mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-12 07:56:16 +00:00
3207: Update python code to use collection of attributes instead of adding addtribute one at a time
This commit is contained in:
U-BASIS\zhaohui
parent
19c7cfb704
commit
01fda811d5
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -89,14 +90,16 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
latitude = Double.valueOf(resultSet.getString("latitude"))
|
latitude = Double.valueOf(resultSet.getString("latitude"))
|
||||||
longitude = Double.valueOf(resultSet.getString("longitude"))
|
longitude = Double.valueOf(resultSet.getString("longitude"))
|
||||||
|
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
|
||||||
# NOTE: originally commented out
|
# NOTE: originally commented out
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes);
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -25,6 +25,7 @@ from java.lang import ClassNotFoundException
|
|||||||
from java.math import BigInteger
|
from java.math import BigInteger
|
||||||
from java.nio import ByteBuffer
|
from java.nio import ByteBuffer
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -120,13 +121,15 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
inputStream.read(tempBytes)
|
inputStream.read(tempBytes)
|
||||||
timestamp = BigInteger(tempBytes).longValue() / 1000
|
timestamp = BigInteger(tempBytes).longValue() / 1000
|
||||||
|
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, AndroidAnalyzer.MODULE_NAME, latitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, AndroidAnalyzer.MODULE_NAME, latitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, AndroidAnalyzer.MODULE_NAME, longitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, AndroidAnalyzer.MODULE_NAME, longitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, AndroidModuleFactorymodule.Name, timestamp))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, AndroidModuleFactorymodule.Name, timestamp))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, AndroidAnalyzer.MODULE_NAME,
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, AndroidAnalyzer.MODULE_NAME,
|
||||||
file.getName() + "Location History"))
|
file.getName() + "Location History"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
#Not storing these for now.
|
#Not storing these for now.
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -119,17 +120,19 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
name = resultSet.getString("name") # name of person dialed or called. None if unregistered
|
name = resultSet.getString("name") # name of person dialed or called. None if unregistered
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG) # create a call log and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG) # create a call log and then add attributes from result set.
|
||||||
if direction == CallLogAnalyzer.OUTGOING:
|
if direction == CallLogAnalyzer.OUTGOING:
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, number))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, number))
|
||||||
else: # Covers INCOMING and MISSED
|
else: # Covers INCOMING and MISSED
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, number))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, number))
|
||||||
|
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START, general.MODULE_NAME, date))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START, general.MODULE_NAME, date))
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END, general.MODULE_NAME, duration + date))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END, general.MODULE_NAME, duration + date))
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, directionString))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, directionString))
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
bbartifacts.append(artifact)
|
bbartifacts.append(artifact)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -27,6 +27,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -118,6 +119,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
|
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
|
||||||
+ "ORDER BY raw_contacts.display_name ASC;")
|
+ "ORDER BY raw_contacts.display_name ASC;")
|
||||||
|
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||||
oldName = ""
|
oldName = ""
|
||||||
while resultSet.next():
|
while resultSet.next():
|
||||||
@ -126,14 +128,15 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
mimetype = resultSet.getString("mimetype") # either phone or email
|
mimetype = resultSet.getString("mimetype") # either phone or email
|
||||||
if name != oldName:
|
if name != oldName:
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
||||||
if mimetype == "vnd.android.cursor.item/phone_v2":
|
if mimetype == "vnd.android.cursor.item/phone_v2":
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, general.MODULE_NAME, data1))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, general.MODULE_NAME, data1))
|
||||||
else:
|
else:
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, general.MODULE_NAME, data1))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, general.MODULE_NAME, data1))
|
||||||
|
|
||||||
oldName = name
|
oldName = name
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
bbartifacts.append(artifact)
|
bbartifacts.append(artifact)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -96,17 +97,19 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
source_lat = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lat"))
|
source_lat = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lat"))
|
||||||
source_lng = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lng"))
|
source_lng = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lng"))
|
||||||
|
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, general.MODULE_NAME, "Destination"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, general.MODULE_NAME, "Destination"))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, time))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, time))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END, general.MODULE_NAME, dest_lat))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END, general.MODULE_NAME, dest_lat))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END, general.MODULE_NAME, dest_lng))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END, general.MODULE_NAME, dest_lng))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START, general.MODULE_NAME, source_lat))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START, general.MODULE_NAME, source_lat))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START, general.MODULE_NAME, source_lng))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START, general.MODULE_NAME, source_lng))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, dest_title))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, dest_title))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION, general.MODULE_NAME, dest_address))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION, general.MODULE_NAME, dest_address))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Google Maps History"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Google Maps History"))
|
||||||
|
|
||||||
|
aritfact.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.apache.commons.codec.binary import Base64
|
from org.apache.commons.codec.binary import Base64
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
@ -94,12 +95,14 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
direction = "Outgoing"
|
direction = "Outgoing"
|
||||||
payload = resultSet.getString("payload")
|
payload = resultSet.getString("payload")
|
||||||
|
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) #create a call log and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) #create a call log and then add attributes from result set.
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, create_time))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, create_time))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, direction))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, direction))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, TangoMessageAnalyzer.decodeMessage(conv_id, payload)))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, TangoMessageAnalyzer.decodeMessage(conv_id, payload)))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Tango Message"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Tango Message"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -92,19 +93,21 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
read = resultSet.getInt("read") # may be unread = 0, read = 1
|
read = resultSet.getInt("read") # may be unread = 0, read = 1
|
||||||
subject = resultSet.getString("subject") # message subject
|
subject = resultSet.getString("subject") # message subject
|
||||||
body = resultSet.getString("body") # message body
|
body = resultSet.getString("body") # message body
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); #create Message artifact and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); #create Message artifact and then add attributes from result set.
|
||||||
if resultSet.getString("type") == "1":
|
if resultSet.getString("type") == "1":
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Incoming"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Incoming"))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, address))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, address))
|
||||||
else:
|
else:
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Outgoing"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Outgoing"))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, address))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, address))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, date))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, date))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS, general.MODULE_NAME, Integer(read)))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS, general.MODULE_NAME, Integer(read)))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, general.MODULE_NAME, subject))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, general.MODULE_NAME, subject))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, body))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, body))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "SMS Message"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "SMS Message"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
bbartifacts.append(artifact)
|
bbartifacts.append(artifact)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
|
|||||||
@ -88,13 +88,15 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
user_id = resultSet.getString("user_id") # the ID of the user who sent the message.
|
user_id = resultSet.getString("user_id") # the ID of the user who sent the message.
|
||||||
game_id = resultSet.getString("game_id") # ID of the game which the the message was sent.
|
game_id = resultSet.getString("game_id") # ID of the game which the the message was sent.
|
||||||
|
|
||||||
|
attributes = ArrayList<>()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) # create a call log and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) # create a call log and then add attributes from result set.
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, created_at))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, created_at))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, user_id))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, user_id))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID, general.MODULE_NAME, game_id))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID, general.MODULE_NAME, game_id))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, message))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, message))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Words With Friends Message"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Words With Friends Message"))
|
||||||
|
|
||||||
|
artifact.addAttrisbutes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -40,6 +40,7 @@ from java.lang import Class
|
|||||||
from java.lang import System
|
from java.lang import System
|
||||||
from java.sql import DriverManager, SQLException
|
from java.sql import DriverManager, SQLException
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from java.io import File
|
from java.io import File
|
||||||
from org.sleuthkit.datamodel import SleuthkitCase
|
from org.sleuthkit.datamodel import SleuthkitCase
|
||||||
from org.sleuthkit.datamodel import AbstractFile
|
from org.sleuthkit.datamodel import AbstractFile
|
||||||
@ -162,17 +163,18 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
|||||||
|
|
||||||
# Make an artifact on the blackboard, TSK_CONTACT and give it attributes for each of the fields
|
# Make an artifact on the blackboard, TSK_CONTACT and give it attributes for each of the fields
|
||||||
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||||
|
attributes = ArrayList<>()
|
||||||
|
|
||||||
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID(),
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, name))
|
ContactsDbIngestModuleFactory.moduleName, name))
|
||||||
|
|
||||||
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(),
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, email))
|
ContactsDbIngestModuleFactory.moduleName, email))
|
||||||
|
|
||||||
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, phone))
|
ContactsDbIngestModuleFactory.moduleName, phone))
|
||||||
|
|
||||||
|
art.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard.indexArtifact(art)
|
blackboard.indexArtifact(art)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user