mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5233 from kellykelly3/1335-vcard-dups

Browse Source 
1335 & 1354 vcard dups
This commit is contained in:
Richard Cordovano 2019-09-24 11:30:45 -04:00 committed by GitHub
commit 0954245106
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 77 additions and 74 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
Core/src/org/sleuthkit/autopsy/communications/relationships/ContactNode.java
View File

@ -18,9 +18,8 @@
*/ */
package org.sleuthkit.autopsy.communications.relationships; package org.sleuthkit.autopsy.communications.relationships;
import java.util.HashMap; import java.util.ArrayList;
import java.util.List; import java.util.List;
import java.util.Map;
import java.util.TimeZone; import java.util.TimeZone;
import java.util.logging.Level; import java.util.logging.Level;
import org.openide.nodes.Sheet; import org.openide.nodes.Sheet;
@ -89,30 +88,30 @@ final class ContactNode extends BlackboardArtifactNode {
// are used so that all attributed of that type are found, including // are used so that all attributed of that type are found, including
// ones that are not predefined as part of BlackboardAttributes // ones that are not predefined as part of BlackboardAttributes
try { try {
HashMap<String, BlackboardAttribute> phoneNumMap = new HashMap<>(); List<BlackboardAttribute> phoneNumList = new ArrayList<>();
HashMap<String, BlackboardAttribute> emailMap = new HashMap<>(); List<BlackboardAttribute> emailList = new ArrayList<>();
HashMap<String, BlackboardAttribute> nameMap = new HashMap<>(); List<BlackboardAttribute> nameList = new ArrayList<>();
HashMap<String, BlackboardAttribute> otherMap = new HashMap<>(); List<BlackboardAttribute> otherList = new ArrayList<>();
for (BlackboardAttribute bba : artifact.getAttributes()) { for (BlackboardAttribute bba : artifact.getAttributes()) {
if (bba.getAttributeType().getTypeName().startsWith("TSK_PHONE")) { if (bba.getAttributeType().getTypeName().startsWith("TSK_PHONE")) {
phoneNumMap.put(bba.getDisplayString(), bba); phoneNumList.add(bba);
} else if (bba.getAttributeType().getTypeName().startsWith("TSK_EMAIL")) { } else if (bba.getAttributeType().getTypeName().startsWith("TSK_EMAIL")) {
emailMap.put(bba.getDisplayString(), bba); emailList.add(bba);
} else if (bba.getAttributeType().getTypeName().startsWith("TSK_NAME")) { } else if (bba.getAttributeType().getTypeName().startsWith("TSK_NAME")) {
nameMap.put(bba.getDisplayString(), bba); nameList.add(bba);
} else { } else {
otherMap.put(bba.getDisplayString(), bba); otherList.add(bba);
} }
} }
addPropertiesToSheet(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getLabel(), addPropertiesToSheet(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getLabel(),
sheetSet, nameMap); sheetSet, nameList);
addPropertiesToSheet(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getLabel(), addPropertiesToSheet(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getLabel(),
sheetSet, phoneNumMap); sheetSet, phoneNumList);
addPropertiesToSheet(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getLabel(), addPropertiesToSheet(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getLabel(),
sheetSet, emailMap); sheetSet, emailList);
for (BlackboardAttribute bba : otherMap.values()) { for (BlackboardAttribute bba : otherList) {
sheetSet.put(new NodeProperty<>(bba.getAttributeType().getTypeName(), bba.getAttributeType().getDisplayName(), "", bba.getDisplayString())); sheetSet.put(new NodeProperty<>(bba.getAttributeType().getTypeName(), bba.getAttributeType().getDisplayName(), "", bba.getDisplayString()));
} }
@ -138,9 +137,9 @@ final class ContactNode extends BlackboardArtifactNode {
return sheet; return sheet;
} }
private void addPropertiesToSheet(String propertyID, Sheet.Set sheetSet, Map<String, BlackboardAttribute> attributeMap) { private void addPropertiesToSheet(String propertyID, Sheet.Set sheetSet, List<BlackboardAttribute> attributeList) {
int count = 0; int count = 0;
for (BlackboardAttribute bba : attributeMap.values()) { for (BlackboardAttribute bba : attributeList) {
if (count++ > 0) { if (count++ > 0) {
sheetSet.put(new NodeProperty<>(propertyID + "_" + count, bba.getAttributeType().getDisplayName(), "", bba.getDisplayString())); sheetSet.put(new NodeProperty<>(propertyID + "_" + count, bba.getAttributeType().getDisplayName(), "", bba.getDisplayString()));
} else { } else {

1
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/Bundle.properties-MERGED
View File

@ -1,3 +1,4 @@
MboxParser.handleAttch.noOpenCase.errMsg=Exception while getting open case.
MimeJ4MessageParser.handleAttch.noOpenCase.errMsg=Exception while getting open case. MimeJ4MessageParser.handleAttch.noOpenCase.errMsg=Exception while getting open case.
OpenIDE-Module-Display-Category=Ingest Module OpenIDE-Module-Display-Category=Ingest Module
OpenIDE-Module-Long-Description=Email Parser ingest module.\n\nThe module extracts MBOX and PST e-mail files and posts the results to the blackboard.\nIt knows about the Thunderbird folder structure for MBOX files. OpenIDE-Module-Long-Description=Email Parser ingest module.\n\nThe module extracts MBOX and PST e-mail files and posts the results to the blackboard.\nIt knows about the Thunderbird folder structure for MBOX files.

109
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java
View File

@ -399,37 +399,38 @@ final class VcardParser {
if (telephoneTypes.isEmpty()) { if (telephoneTypes.isEmpty()) {
ThunderbirdMboxFileIngestModule.addArtifactAttribute(telephone.getText(), BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, attributes); ThunderbirdMboxFileIngestModule.addArtifactAttribute(telephone.getText(), BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, attributes);
} else { } else {
for (TelephoneType type : telephoneTypes) { TelephoneType type = telephoneTypes.get(0);
/* /*
* Unfortunately, if the types are lower-case, they don't * Unfortunately, if the types are lower-case, they don't
* get separated correctly into individual TelephoneTypes by * get separated correctly into individual TelephoneTypes by
* ez-vcard. Therefore, we must read them manually * ez-vcard. Therefore, we must read them manually
* ourselves. * ourselves.
*/ */
List<String> splitTelephoneTypes = Arrays.asList( List<String> splitTelephoneTypes = Arrays.asList(
type.getValue().toUpperCase().replaceAll("\\s+","").split(",")); type.getValue().toUpperCase().replaceAll("\\s+","").split(","));
for (String splitType : splitTelephoneTypes) { if (splitTelephoneTypes.size() > 0) {
String attributeTypeName = "TSK_PHONE_NUMBER"; String splitType = splitTelephoneTypes.get(0);
if(splitType != null && !splitType.isEmpty()) { String attributeTypeName = "TSK_PHONE_NUMBER";
attributeTypeName = "TSK_PHONE_NUMBER_" + splitType; if (splitType != null && !splitType.isEmpty()) {
} attributeTypeName = "TSK_PHONE_NUMBER_" + splitType;
}
try { try {
BlackboardAttribute.Type attributeType = tskCase.getAttributeType(attributeTypeName); BlackboardAttribute.Type attributeType = tskCase.getAttributeType(attributeTypeName);
if (attributeType == null) { if (attributeType == null) {
try{
// Add this attribute type to the case database. // Add this attribute type to the case database.
attributeType = tskCase.addArtifactAttributeType(attributeTypeName, attributeType = tskCase.addArtifactAttributeType(attributeTypeName,
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING,
String.format("Phone Number (%s)", StringUtils.capitalize(splitType.toLowerCase()))); String.format("Phone Number (%s)", StringUtils.capitalize(splitType.toLowerCase())));
}catch (TskDataException ex) {
attributeType = tskCase.getAttributeType(attributeTypeName);
} }
ThunderbirdMboxFileIngestModule.addArtifactAttribute(telephoneText, attributeType, attributes);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
} catch (TskDataException ex) {
logger.log(Level.WARNING, String.format("Unable to add custom attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
} }
ThunderbirdMboxFileIngestModule.addArtifactAttribute(telephoneText, attributeType, attributes);
} catch (TskCoreException ex) {
logger.log(Level.WARNING, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
} }
} }
} }
@ -454,34 +455,36 @@ final class VcardParser {
if (emailTypes.isEmpty()) { if (emailTypes.isEmpty()) {
ThunderbirdMboxFileIngestModule.addArtifactAttribute(email.getValue(), BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, attributes); ThunderbirdMboxFileIngestModule.addArtifactAttribute(email.getValue(), BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, attributes);
} else { } else {
for (EmailType type : emailTypes) { EmailType type = emailTypes.get(0); /*
/* * Unfortunately, if the types are lower-case, they don't
* Unfortunately, if the types are lower-case, they don't * get separated correctly into individual EmailTypes by
* get separated correctly into individual EmailTypes by * ez-vcard. Therefore, we must read them manually
* ez-vcard. Therefore, we must read them manually * ourselves.
* ourselves. */
*/ List<String> splitEmailTypes = Arrays.asList(
List<String> splitEmailTypes = Arrays.asList( type.getValue().toUpperCase().replaceAll("\\s+","").split(","));
type.getValue().toUpperCase().replaceAll("\\s+","").split(","));
for (String splitType : splitEmailTypes) { if (splitEmailTypes.size() > 0) {
String attributeTypeName = "TSK_EMAIL_" + splitType; String splitType = splitEmailTypes.get(0);
try { String attributeTypeName = "TSK_EMAIL_" + splitType;
BlackboardAttribute.Type attributeType = tskCase.getAttributeType(attributeTypeName); if(splitType.isEmpty()) {
if (attributeType == null) { attributeTypeName = "TSK_EMAIL";
// Add this attribute type to the case database. }
attributeType = tskCase.addArtifactAttributeType(attributeTypeName, try {
BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, BlackboardAttribute.Type attributeType = tskCase.getAttributeType(attributeTypeName);
String.format("Email (%s)", StringUtils.capitalize(splitType.toLowerCase()))); if (attributeType == null) {
} // Add this attribute type to the case database.
ThunderbirdMboxFileIngestModule.addArtifactAttribute(email.getValue(), attributeType, attributes); attributeType = tskCase.addArtifactAttributeType(attributeTypeName,
} catch (TskCoreException ex) { BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING,
logger.log(Level.SEVERE, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex); String.format("Email (%s)", StringUtils.capitalize(splitType.toLowerCase())));
} catch (TskDataException ex) { }
logger.log(Level.SEVERE, String.format("Unable to add custom attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex); ThunderbirdMboxFileIngestModule.addArtifactAttribute(email.getValue(), attributeType, attributes);
} } catch (TskCoreException ex) {
} logger.log(Level.SEVERE, String.format("Unable to retrieve attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
} } catch (TskDataException ex) {
logger.log(Level.SEVERE, String.format("Unable to add custom attribute type '%s' for file '%s' (id=%d).", attributeTypeName, abstractFile.getName(), abstractFile.getId()), ex);
}
}
} }
} }