mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-17 10:17:41 +00:00
Merge pull request #3217 from zhhl/3207-addArtifactsToAttributesAsACollection
3207 add artifacts to attributes as a collection
This commit is contained in:
Richard Cordovano
GitHub
commit
056a3a6e39
@ -130,17 +130,18 @@ public class IngestEventsListener {
|
|||||||
|
|
||||||
try {
|
try {
|
||||||
AbstractFile af = bbArtifact.getSleuthkitCase().getAbstractFileById(bbArtifact.getObjectID());
|
AbstractFile af = bbArtifact.getSleuthkitCase().getAbstractFileById(bbArtifact.getObjectID());
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
String MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name();
|
String MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name();
|
||||||
BlackboardArtifact tifArtifact = af.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
|
BlackboardArtifact tifArtifact = af.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
|
||||||
BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
|
BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
|
||||||
Bundle.IngestEventsListener_prevTaggedSet_text());
|
Bundle.IngestEventsListener_prevTaggedSet_text());
|
||||||
BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
|
BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
|
||||||
Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", "")));
|
Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", "")));
|
||||||
tifArtifact.addAttribute(att);
|
attributes.add(att);
|
||||||
tifArtifact.addAttribute(att2);
|
attributes.add(att2);
|
||||||
tifArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, bbArtifact.getArtifactID()));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, bbArtifact.getArtifactID()));
|
||||||
|
|
||||||
|
tifArtifact.addAttributes(attributes);
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
|
Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
|
||||||
|
|||||||
@ -19,6 +19,7 @@
|
|||||||
package org.sleuthkit.autopsy.modules.filetypeid;
|
package org.sleuthkit.autopsy.modules.filetypeid;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.SortedSet;
|
import java.util.SortedSet;
|
||||||
@ -360,8 +361,9 @@ public class FileTypeDetector {
|
|||||||
if (fileType.createInterestingFileHit()) {
|
if (fileType.createInterestingFileHit()) {
|
||||||
BlackboardArtifact artifact;
|
BlackboardArtifact artifact;
|
||||||
artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
|
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
|
||||||
artifact.addAttribute(setNameAttribute);
|
attributes.add(setNameAttribute);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Use the MIME type as the category attribute, i.e., the
|
* Use the MIME type as the category attribute, i.e., the
|
||||||
@ -369,8 +371,9 @@ public class FileTypeDetector {
|
|||||||
* files set.
|
* files set.
|
||||||
*/
|
*/
|
||||||
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
|
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
|
||||||
artifact.addAttribute(ruleNameAttribute);
|
attributes.add(ruleNameAttribute);
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes);
|
||||||
/*
|
/*
|
||||||
* Index the artifact for keyword search.
|
* Index the artifact for keyword search.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.modules.hashdatabase;
|
|||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
@ -296,14 +297,14 @@ public class HashDbIngestModule implements FileIngestModule {
|
|||||||
String MODULE_NAME = NbBundle.getMessage(HashDbIngestModule.class, "HashDbIngestModule.moduleName");
|
String MODULE_NAME = NbBundle.getMessage(HashDbIngestModule.class, "HashDbIngestModule.moduleName");
|
||||||
|
|
||||||
BlackboardArtifact badFile = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_HASHSET_HIT);
|
BlackboardArtifact badFile = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_HASHSET_HIT);
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
//TODO Revisit usage of deprecated constructor as per TSK-583
|
//TODO Revisit usage of deprecated constructor as per TSK-583
|
||||||
//BlackboardAttribute att2 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), MODULE_NAME, "Known Bad", hashSetName);
|
//BlackboardAttribute att2 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), MODULE_NAME, "Known Bad", hashSetName);
|
||||||
BlackboardAttribute att2 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, hashSetName);
|
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, hashSetName));
|
||||||
badFile.addAttribute(att2);
|
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5, MODULE_NAME, md5Hash));
|
||||||
BlackboardAttribute att3 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5, MODULE_NAME, md5Hash);
|
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, comment));
|
||||||
badFile.addAttribute(att3);
|
|
||||||
BlackboardAttribute att4 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, comment);
|
badFile.addAttributes(attributes);
|
||||||
badFile.addAttribute(att4);
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
|
|||||||
@ -23,6 +23,8 @@ import java.sql.DriverManager;
|
|||||||
import java.sql.ResultSet;
|
import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Statement;
|
import java.sql.Statement;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.openide.util.NbBundle.Messages;
|
import org.openide.util.NbBundle.Messages;
|
||||||
@ -116,16 +118,18 @@ class CallLogAnalyzer {
|
|||||||
type = resultSet.getString("type"); //NON-NLS
|
type = resultSet.getString("type"); //NON-NLS
|
||||||
|
|
||||||
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
|
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
if (type.equalsIgnoreCase("outgoing")) { //NON-NLS
|
if (type.equalsIgnoreCase("outgoing")) { //NON-NLS
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, number));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, number));
|
||||||
} else { /// Covers INCOMING and MISSED
|
} else { /// Covers INCOMING and MISSED
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, number));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, number));
|
||||||
}
|
}
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, moduleName, date)); // RC: Should be long!
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, moduleName, date)); // RC: Should be long!
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, moduleName, duration + date)); // RC: Should be long!
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, moduleName, duration + date)); // RC: Should be long!
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
|
||||||
|
|
||||||
|
bba.addAttributes(attributes);
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.indexArtifact(bba);
|
blackboard.indexArtifact(bba);
|
||||||
|
|||||||
@ -28,6 +28,8 @@ import java.sql.DriverManager;
|
|||||||
import java.sql.ResultSet;
|
import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Statement;
|
import java.sql.Statement;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.openide.util.NbBundle.Messages;
|
import org.openide.util.NbBundle.Messages;
|
||||||
@ -128,6 +130,7 @@ class ContactAnalyzer {
|
|||||||
|
|
||||||
BlackboardArtifact bba;
|
BlackboardArtifact bba;
|
||||||
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
|
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
String name;
|
String name;
|
||||||
String oldName = "";
|
String oldName = "";
|
||||||
String mimetype; // either phone or email
|
String mimetype; // either phone or email
|
||||||
@ -137,16 +140,16 @@ class ContactAnalyzer {
|
|||||||
data1 = resultSet.getString("data1"); //NON-NLS
|
data1 = resultSet.getString("data1"); //NON-NLS
|
||||||
mimetype = resultSet.getString("mimetype"); //NON-NLS
|
mimetype = resultSet.getString("mimetype"); //NON-NLS
|
||||||
if (name.equals(oldName) == false) {
|
if (name.equals(oldName) == false) {
|
||||||
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
|
|
||||||
}
|
}
|
||||||
if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS
|
if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, moduleName, data1));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, moduleName, data1));
|
||||||
} else {
|
} else {
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, moduleName, data1));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, moduleName, data1));
|
||||||
}
|
}
|
||||||
oldName = name;
|
oldName = name;
|
||||||
|
|
||||||
|
bba.addAttributes(attributes);
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.indexArtifact(bba);
|
blackboard.indexArtifact(bba);
|
||||||
|
|||||||
@ -23,6 +23,8 @@ import java.sql.DriverManager;
|
|||||||
import java.sql.ResultSet;
|
import java.sql.ResultSet;
|
||||||
import java.sql.SQLException;
|
import java.sql.SQLException;
|
||||||
import java.sql.Statement;
|
import java.sql.Statement;
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.openide.util.NbBundle;
|
import org.openide.util.NbBundle;
|
||||||
@ -116,21 +118,22 @@ class TextMessageAnalyzer {
|
|||||||
body = resultSet.getString("body"); //NON-NLS
|
body = resultSet.getString("body"); //NON-NLS
|
||||||
|
|
||||||
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
|
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
// @@@ NEed to put into more specific TO or FROM
|
// @@@ NEed to put into more specific TO or FROM
|
||||||
if (type.equals("1")) {
|
if (type.equals("1")) {
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.incoming")));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.incoming")));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, address));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, address));
|
||||||
} else {
|
} else {
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.outgoing")));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.outgoing")));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, address));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, address));
|
||||||
}
|
}
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, moduleName, date));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, moduleName, date));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, moduleName, subject));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, moduleName, subject));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, moduleName, body));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, moduleName, body));
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.smsMessage")));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.smsMessage")));
|
||||||
|
|
||||||
|
bba.addAttributes(attributes);
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.indexArtifact(bba);
|
blackboard.indexArtifact(bba);
|
||||||
|
|||||||
@ -19,6 +19,7 @@
|
|||||||
package org.sleuthkit.autopsy.modules.interestingitems;
|
package org.sleuthkit.autopsy.modules.interestingitems;
|
||||||
|
|
||||||
import java.util.ArrayList;
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
@ -121,6 +122,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
|
|||||||
// blackboard.
|
// blackboard.
|
||||||
String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
|
String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
|
||||||
BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
|
|
||||||
// Add a set name attribute to the artifact. This adds a
|
// Add a set name attribute to the artifact. This adds a
|
||||||
// fair amount of redundant data to the attributes table
|
// fair amount of redundant data to the attributes table
|
||||||
@ -128,13 +130,14 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
|
|||||||
// otherwise would requires reworking the interesting files
|
// otherwise would requires reworking the interesting files
|
||||||
// set hit artifact.
|
// set hit artifact.
|
||||||
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, filesSet.getName());
|
BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, filesSet.getName());
|
||||||
artifact.addAttribute(setNameAttribute);
|
attributes.add(setNameAttribute);
|
||||||
|
|
||||||
// Add a category attribute to the artifact to record the
|
// Add a category attribute to the artifact to record the
|
||||||
// interesting files set membership rule that was satisfied.
|
// interesting files set membership rule that was satisfied.
|
||||||
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, moduleName, ruleSatisfied);
|
BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, moduleName, ruleSatisfied);
|
||||||
artifact.addAttribute(ruleNameAttribute);
|
attributes.add(ruleNameAttribute);
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes);
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.indexArtifact(artifact);
|
blackboard.indexArtifact(artifact);
|
||||||
|
|||||||
@ -18,6 +18,8 @@
|
|||||||
*/
|
*/
|
||||||
package org.sleuthkit.autopsy.modules.stix;
|
package org.sleuthkit.autopsy.modules.stix;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
import org.openide.util.NbBundle.Messages;
|
import org.openide.util.NbBundle.Messages;
|
||||||
import org.sleuthkit.autopsy.casemodule.Case;
|
import org.sleuthkit.autopsy.casemodule.Case;
|
||||||
@ -70,10 +72,12 @@ class StixArtifactData {
|
|||||||
}
|
}
|
||||||
|
|
||||||
BlackboardArtifact bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
BlackboardArtifact bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Stix", setName)); //NON-NLS
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE, "Stix", observableId)); //NON-NLS
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Stix", setName)); //NON-NLS
|
||||||
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, "Stix", objType)); //NON-NLS
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE, "Stix", observableId)); //NON-NLS
|
||||||
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, "Stix", objType)); //NON-NLS
|
||||||
|
|
||||||
|
bba.addAttributes(attributes);
|
||||||
try {
|
try {
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
blackboard.indexArtifact(bba);
|
blackboard.indexArtifact(bba);
|
||||||
|
|||||||
@ -18,6 +18,8 @@
|
|||||||
*/
|
*/
|
||||||
package org.sleuthkit.autopsy.test;
|
package org.sleuthkit.autopsy.test;
|
||||||
|
|
||||||
|
import java.util.ArrayList;
|
||||||
|
import java.util.Collection;
|
||||||
import java.util.logging.Level;
|
import java.util.logging.Level;
|
||||||
|
|
||||||
import org.openide.util.Exceptions;
|
import org.openide.util.Exceptions;
|
||||||
@ -77,6 +79,7 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
|
|||||||
Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
|
Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
|
||||||
BlackboardArtifact.Type artifactTypeBase = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAMES[randomArtIndex], ARTIFACT_DISPLAY_NAMES[randomArtIndex]);
|
BlackboardArtifact.Type artifactTypeBase = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAMES[randomArtIndex], ARTIFACT_DISPLAY_NAMES[randomArtIndex]);
|
||||||
BlackboardArtifact artifactBase = file.newArtifact(artifactTypeBase.getTypeID());
|
BlackboardArtifact artifactBase = file.newArtifact(artifactTypeBase.getTypeID());
|
||||||
|
Collection<BlackboardAttribute> baseAttributes = new ArrayList<>();
|
||||||
String commentTxt;
|
String commentTxt;
|
||||||
BlackboardAttribute baseAttr;
|
BlackboardAttribute baseAttr;
|
||||||
switch (artifactBase.getArtifactTypeID()) {
|
switch (artifactBase.getArtifactTypeID()) {
|
||||||
@ -84,7 +87,7 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
|
|||||||
commentTxt = "www.placeholderWebsiteDOTCOM";
|
commentTxt = "www.placeholderWebsiteDOTCOM";
|
||||||
baseAttr = new BlackboardAttribute(
|
baseAttr = new BlackboardAttribute(
|
||||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL, "Fake Web BookMark", "www.thisWebsiteIsStillFake.com");
|
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_URL, "Fake Web BookMark", "www.thisWebsiteIsStillFake.com");
|
||||||
artifactBase.addAttribute(baseAttr);
|
baseAttributes.add(baseAttr);
|
||||||
break;
|
break;
|
||||||
case 9:
|
case 9:
|
||||||
commentTxt = "fakeKeyword";
|
commentTxt = "fakeKeyword";
|
||||||
@ -94,29 +97,32 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
|
|||||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Fake Keyword Search", "Fake");
|
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Fake Keyword Search", "Fake");
|
||||||
BlackboardAttribute keyword = new BlackboardAttribute(
|
BlackboardAttribute keyword = new BlackboardAttribute(
|
||||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD, "Fake Keyword Search", "FakeKeyword");
|
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_KEYWORD, "Fake Keyword Search", "FakeKeyword");
|
||||||
artifactBase.addAttribute(baseAttr);
|
baseAttributes.add(baseAttr);
|
||||||
artifactBase.addAttribute(set);
|
baseAttributes.add(set);
|
||||||
artifactBase.addAttribute(keyword);
|
baseAttributes.add(keyword);
|
||||||
break;
|
break;
|
||||||
case 25:
|
case 25:
|
||||||
commentTxt = "fake phone number from";
|
commentTxt = "fake phone number from";
|
||||||
baseAttr = new BlackboardAttribute(
|
baseAttr = new BlackboardAttribute(
|
||||||
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, "Fake Call Log Whatever", "555-555-5555");
|
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, "Fake Call Log Whatever", "555-555-5555");
|
||||||
artifactBase.addAttribute(baseAttr);
|
baseAttributes.add(baseAttr);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
commentTxt = "DEPENDENT ON ARTIFACT TYPE";
|
commentTxt = "DEPENDENT ON ARTIFACT TYPE";
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
artifactBase.addAttributes(baseAttributes);
|
||||||
BlackboardArtifact artifact = file.newArtifact(artifactType.getTypeID());
|
BlackboardArtifact artifact = file.newArtifact(artifactType.getTypeID());
|
||||||
|
Collection<BlackboardAttribute> attributes = new ArrayList<>();
|
||||||
BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, "ArtifactsAndTxt");
|
BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, "ArtifactsAndTxt");
|
||||||
|
|
||||||
BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, commentTxt);
|
BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, commentTxt);
|
||||||
BlackboardAttribute att3 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, "");
|
BlackboardAttribute att3 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, "");
|
||||||
artifact.addAttribute(att);
|
attributes.add(att);
|
||||||
artifact.addAttribute(att2);
|
attributes.add(att2);
|
||||||
artifact.addAttribute(att3);
|
attributes.add(att3);
|
||||||
artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactBase.getArtifactID()));
|
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactBase.getArtifactID()));
|
||||||
|
artifact.addAttributes(attributes);
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
|
logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
|
||||||
return ProcessResult.ERROR;
|
return ProcessResult.ERROR;
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -89,14 +90,16 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
latitude = Double.valueOf(resultSet.getString("latitude"))
|
latitude = Double.valueOf(resultSet.getString("latitude"))
|
||||||
longitude = Double.valueOf(resultSet.getString("longitude"))
|
longitude = Double.valueOf(resultSet.getString("longitude"))
|
||||||
|
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
|
||||||
# NOTE: originally commented out
|
# NOTE: originally commented out
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes);
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -25,6 +25,7 @@ from java.lang import ClassNotFoundException
|
|||||||
from java.math import BigInteger
|
from java.math import BigInteger
|
||||||
from java.nio import ByteBuffer
|
from java.nio import ByteBuffer
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -120,13 +121,15 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
inputStream.read(tempBytes)
|
inputStream.read(tempBytes)
|
||||||
timestamp = BigInteger(tempBytes).longValue() / 1000
|
timestamp = BigInteger(tempBytes).longValue() / 1000
|
||||||
|
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, AndroidAnalyzer.MODULE_NAME, latitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, AndroidAnalyzer.MODULE_NAME, latitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, AndroidAnalyzer.MODULE_NAME, longitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, AndroidAnalyzer.MODULE_NAME, longitude))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, AndroidModuleFactorymodule.Name, timestamp))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, AndroidModuleFactorymodule.Name, timestamp))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, AndroidAnalyzer.MODULE_NAME,
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, AndroidAnalyzer.MODULE_NAME,
|
||||||
file.getName() + "Location History"))
|
file.getName() + "Location History"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
#Not storing these for now.
|
#Not storing these for now.
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
||||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -119,17 +120,19 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
name = resultSet.getString("name") # name of person dialed or called. None if unregistered
|
name = resultSet.getString("name") # name of person dialed or called. None if unregistered
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG) # create a call log and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG) # create a call log and then add attributes from result set.
|
||||||
if direction == CallLogAnalyzer.OUTGOING:
|
if direction == CallLogAnalyzer.OUTGOING:
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, number))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, number))
|
||||||
else: # Covers INCOMING and MISSED
|
else: # Covers INCOMING and MISSED
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, number))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, number))
|
||||||
|
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START, general.MODULE_NAME, date))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START, general.MODULE_NAME, date))
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END, general.MODULE_NAME, duration + date))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END, general.MODULE_NAME, duration + date))
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, directionString))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, directionString))
|
||||||
artifact.addAttribute(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
attributes.add(BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
bbartifacts.append(artifact)
|
bbartifacts.append(artifact)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -27,6 +27,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -118,6 +119,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
|
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
|
||||||
+ "ORDER BY raw_contacts.display_name ASC;")
|
+ "ORDER BY raw_contacts.display_name ASC;")
|
||||||
|
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||||
oldName = ""
|
oldName = ""
|
||||||
while resultSet.next():
|
while resultSet.next():
|
||||||
@ -126,14 +128,15 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
mimetype = resultSet.getString("mimetype") # either phone or email
|
mimetype = resultSet.getString("mimetype") # either phone or email
|
||||||
if name != oldName:
|
if name != oldName:
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, name))
|
||||||
if mimetype == "vnd.android.cursor.item/phone_v2":
|
if mimetype == "vnd.android.cursor.item/phone_v2":
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, general.MODULE_NAME, data1))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, general.MODULE_NAME, data1))
|
||||||
else:
|
else:
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, general.MODULE_NAME, data1))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, general.MODULE_NAME, data1))
|
||||||
|
|
||||||
oldName = name
|
oldName = name
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
bbartifacts.append(artifact)
|
bbartifacts.append(artifact)
|
||||||
|
|
||||||
try:
|
try:
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -96,17 +97,19 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
source_lat = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lat"))
|
source_lat = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lat"))
|
||||||
source_lng = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lng"))
|
source_lng = GoogleMapLocationAnalyzer.convertGeo(resultSet.getString("source_lng"))
|
||||||
|
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE)
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, general.MODULE_NAME, "Destination"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, general.MODULE_NAME, "Destination"))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, time))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, time))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END, general.MODULE_NAME, dest_lat))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END, general.MODULE_NAME, dest_lat))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END, general.MODULE_NAME, dest_lng))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END, general.MODULE_NAME, dest_lng))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START, general.MODULE_NAME, source_lat))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START, general.MODULE_NAME, source_lat))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START, general.MODULE_NAME, source_lng))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START, general.MODULE_NAME, source_lng))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, dest_title))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, dest_title))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION, general.MODULE_NAME, dest_address))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION, general.MODULE_NAME, dest_address))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Google Maps History"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Google Maps History"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.apache.commons.codec.binary import Base64
|
from org.apache.commons.codec.binary import Base64
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
@ -94,12 +95,14 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
direction = "Outgoing"
|
direction = "Outgoing"
|
||||||
payload = resultSet.getString("payload")
|
payload = resultSet.getString("payload")
|
||||||
|
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) #create a call log and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) #create a call log and then add attributes from result set.
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, create_time))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, create_time))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, direction))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, direction))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, TangoMessageAnalyzer.decodeMessage(conv_id, payload)))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, TangoMessageAnalyzer.decodeMessage(conv_id, payload)))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Tango Message"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Tango Message"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -28,6 +28,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -92,19 +93,21 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
read = resultSet.getInt("read") # may be unread = 0, read = 1
|
read = resultSet.getInt("read") # may be unread = 0, read = 1
|
||||||
subject = resultSet.getString("subject") # message subject
|
subject = resultSet.getString("subject") # message subject
|
||||||
body = resultSet.getString("body") # message body
|
body = resultSet.getString("body") # message body
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); #create Message artifact and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); #create Message artifact and then add attributes from result set.
|
||||||
if resultSet.getString("type") == "1":
|
if resultSet.getString("type") == "1":
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Incoming"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Incoming"))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, address))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, general.MODULE_NAME, address))
|
||||||
else:
|
else:
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Outgoing"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, general.MODULE_NAME, "Outgoing"))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, address))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, general.MODULE_NAME, address))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, date))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, date))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS, general.MODULE_NAME, Integer(read)))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS, general.MODULE_NAME, Integer(read)))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, general.MODULE_NAME, subject))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, general.MODULE_NAME, subject))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, body))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, body))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "SMS Message"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "SMS Message"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
bbartifacts.append(artifact)
|
bbartifacts.append(artifact)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
|
|||||||
@ -26,6 +26,7 @@ from java.sql import ResultSet
|
|||||||
from java.sql import SQLException
|
from java.sql import SQLException
|
||||||
from java.sql import Statement
|
from java.sql import Statement
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from org.sleuthkit.autopsy.casemodule import Case
|
from org.sleuthkit.autopsy.casemodule import Case
|
||||||
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
from org.sleuthkit.autopsy.casemodule.services import Blackboard
|
||||||
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
from org.sleuthkit.autopsy.casemodule.services import FileManager
|
||||||
@ -88,13 +89,15 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
user_id = resultSet.getString("user_id") # the ID of the user who sent the message.
|
user_id = resultSet.getString("user_id") # the ID of the user who sent the message.
|
||||||
game_id = resultSet.getString("game_id") # ID of the game which the the message was sent.
|
game_id = resultSet.getString("game_id") # ID of the game which the the message was sent.
|
||||||
|
|
||||||
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) # create a call log and then add attributes from result set.
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE) # create a call log and then add attributes from result set.
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, created_at))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, created_at))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, user_id))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, general.MODULE_NAME, user_id))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID, general.MODULE_NAME, game_id))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID, general.MODULE_NAME, game_id))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, message))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, message))
|
||||||
artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Words With Friends Message"))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "Words With Friends Message"))
|
||||||
|
|
||||||
|
artifact.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
blackboard = Case.getCurrentCase().getServices().getBlackboard()
|
||||||
|
|||||||
@ -649,14 +649,15 @@ class ExtractRegistry extends Extract {
|
|||||||
String homeDir = value;
|
String homeDir = value;
|
||||||
String sid = artnode.getAttribute("sid"); //NON-NLS
|
String sid = artnode.getAttribute("sid"); //NON-NLS
|
||||||
String username = artnode.getAttribute("username"); //NON-NLS
|
String username = artnode.getAttribute("username"); //NON-NLS
|
||||||
|
|
||||||
BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT);
|
BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_OS_ACCOUNT);
|
||||||
bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_NAME,
|
||||||
parentModuleName, username));
|
parentModuleName, username));
|
||||||
bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_ID,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_USER_ID,
|
||||||
parentModuleName, sid));
|
parentModuleName, sid));
|
||||||
bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PATH,
|
||||||
parentModuleName, homeDir));
|
parentModuleName, homeDir));
|
||||||
|
|
||||||
|
bbart.addAttributes(bbattributes);
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
this.indexArtifact(bbart);
|
this.indexArtifact(bbart);
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
@ -669,10 +670,11 @@ class ExtractRegistry extends Extract {
|
|||||||
String localPath = artnode.getAttribute("localPath"); //NON-NLS
|
String localPath = artnode.getAttribute("localPath"); //NON-NLS
|
||||||
String remoteName = value;
|
String remoteName = value;
|
||||||
BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_REMOTE_DRIVE);
|
BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_REMOTE_DRIVE);
|
||||||
bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LOCAL_PATH,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LOCAL_PATH,
|
||||||
parentModuleName, localPath));
|
parentModuleName, localPath));
|
||||||
bbart.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REMOTE_PATH,
|
bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REMOTE_PATH,
|
||||||
parentModuleName, remoteName));
|
parentModuleName, remoteName));
|
||||||
|
bbart.addAttributes(bbattributes);
|
||||||
// index the artifact for keyword search
|
// index the artifact for keyword search
|
||||||
this.indexArtifact(bbart);
|
this.indexArtifact(bbart);
|
||||||
} catch (TskCoreException ex) {
|
} catch (TskCoreException ex) {
|
||||||
|
|||||||
@ -40,6 +40,7 @@ from java.lang import Class
|
|||||||
from java.lang import System
|
from java.lang import System
|
||||||
from java.sql import DriverManager, SQLException
|
from java.sql import DriverManager, SQLException
|
||||||
from java.util.logging import Level
|
from java.util.logging import Level
|
||||||
|
from java.util import ArrayList
|
||||||
from java.io import File
|
from java.io import File
|
||||||
from org.sleuthkit.datamodel import SleuthkitCase
|
from org.sleuthkit.datamodel import SleuthkitCase
|
||||||
from org.sleuthkit.datamodel import AbstractFile
|
from org.sleuthkit.datamodel import AbstractFile
|
||||||
@ -162,17 +163,18 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
|||||||
|
|
||||||
# Make an artifact on the blackboard, TSK_CONTACT and give it attributes for each of the fields
|
# Make an artifact on the blackboard, TSK_CONTACT and give it attributes for each of the fields
|
||||||
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
|
||||||
|
attributes = ArrayList()
|
||||||
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID(),
|
|
||||||
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, name))
|
ContactsDbIngestModuleFactory.moduleName, name))
|
||||||
|
|
||||||
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(),
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, email))
|
ContactsDbIngestModuleFactory.moduleName, email))
|
||||||
|
|
||||||
art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),
|
||||||
ContactsDbIngestModuleFactory.moduleName, phone))
|
ContactsDbIngestModuleFactory.moduleName, phone))
|
||||||
|
|
||||||
|
art.addAttributes(attributes)
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
# index the artifact for keyword search
|
||||||
blackboard.indexArtifact(art)
|
blackboard.indexArtifact(art)
|
||||||
@ -195,4 +197,4 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
|||||||
"ContactsDb Analyzer", "Found %d files" % fileCount)
|
"ContactsDb Analyzer", "Found %d files" % fileCount)
|
||||||
IngestServices.getInstance().postMessage(message)
|
IngestServices.getInstance().postMessage(message)
|
||||||
|
|
||||||
return IngestModule.ProcessResult.OK
|
return IngestModule.ProcessResult.OK
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user