mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

updates for ileapp discrepancies

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-06-11 15:07:06 -04:00
parent c30c8aefef
commit 0bc7606ff4
2 changed files with 54 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
View File

@ -913,19 +913,15 @@ public final class LeappFileProcessor {
private Collection<BlackboardAttribute> processReadLine(List<String> lineValues, Map<String, Integer> columnIndexes,
List<TsvColumn> attrList, String fileName, int lineNum) throws IngestModuleException {
// if no attributes, return an empty row
if (MapUtils.isEmpty(columnIndexes) || CollectionUtils.isEmpty(lineValues)
|| (lineValues.size() == 1 && StringUtils.isEmpty(lineValues.get(0)))) {
return Collections.emptyList();
}
// else if (lineValues.size() < columnIndexes.size()) {
// logger.log(Level.WARNING, String.format(
// "Row at line number %d in file %s has %d columns when %d were expected based on the header row.",
// lineNum, fileName, lineValues.size(), columnIndexes.size()));
// return Collections.emptyList();
// }
}
List<BlackboardAttribute> attrsToRet = new ArrayList<>();
for (TsvColumn colAttr : attrList) {
// if no matching attribute type, keep going
if (colAttr.getAttributeType() == null) {
// this handles columns that are currently ignored.
continue;
@ -939,8 +935,15 @@ public final class LeappFileProcessor {
String value = (columnIdx >= lineValues.size() || columnIdx < 0) ? null : lineValues.get(columnIdx);
if (value == null) {
logger.log(Level.WARNING, String.format("No value found for column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
return Collections.emptyList();
// if column is required, return empty for this row if no value
if (colAttr.isRequired()) {
logger.log(Level.WARNING, String.format("No value found for required column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
return Collections.emptyList();
} else {
// otherwise, continue to next column
logger.log(Level.WARNING, String.format("No value found for column %s at line %d in file %s. Omitting column.", colAttr.getColumnName(), lineNum, fileName));
continue;
}
}
String formattedValue = formatValueBasedOnAttrType(colAttr, value);

102
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileapp-artifact-attribute-reference.xml
View File

@ -65,24 +65,14 @@
</ArtifactName>
</FileName>
<FileName filename="Bluetooth Other LE.tsv" description="Bluetooth Other LE">
<ArtifactName artifactname="TSK_BLUETOOTH_ADAPTER" comment="Bluetooth Other">
<AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="Address" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="Bluetooth paired.tsv" description="Bluetooth Paired">
<ArtifactName artifactname="TSK_BLUETOOTH_PAIRING" comment="Bluetooth Paired">
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
<AttributeName attributename="TSK_DEVICE_NAME" columnName="Name" required="yes" />
<AttributeName attributename="null" columnName="Name Origin" required="no" />
<AttributeName attributename="null" columnName="Address" required="no" />
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="yes" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="MAC Address" required="yes" />
<AttributeName attributename="TSK_DEVICE_NAME" columnName="Name Key" required="yes" />
<AttributeName attributename="null" columnName="Name" required="no" />
<AttributeName attributename="null" columnName="Device Product ID" required="no" />
<AttributeName attributename="null" columnName="Default Name" required="no" />
</ArtifactName>
</FileName>
@ -93,8 +83,7 @@
<AttributeName attributename="null" columnName="Name Origin" required="no" />
<AttributeName attributename="null" columnName="Address" required="no" />
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="no" />
</ArtifactName>
</FileName>
@ -113,7 +102,8 @@
<FileName filename="Call History.tsv" description="Call Logs">
<ArtifactName artifactname="TSK_CALLLOG" comment="Call Logs">
<AttributeName attributename="TSK_DATETIME_START" columnName="Timestamp" required="yes" />
<AttributeName attributename="TSK_DATETIME_START" columnName="Starting Timestamp" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="Ending Timestamp" required="no" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Phone Number" required="yes" />
<AttributeName attributename="null" columnName="Name" required="no" />
<AttributeName attributename="null" columnName="Answered" required="no" />
@ -736,32 +726,21 @@
<FileName filename="Recent WebSearches.tsv" description="Recent Web Searches">
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="null">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Date" required="yes" />
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes" />
<AttributeName attributename="null" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Visit Count" required="no" />
<AttributeName attributename="null" columnName="Title" required="no" />
<AttributeName attributename="null" columnName="iCloud Sync" required="no" />
<AttributeName attributename="null" columnName="Load Successful" required="no" />
<AttributeName attributename="null" columnName="Visit ID" required="no" />
<AttributeName attributename="null" columnName="Redirect Source" required="no" />
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
<AttributeName attributename="null" columnName="History Item ID" required="no" />
</ArtifactName>
</FileName>
<FileName filename="Safari Browser - History.tsv" description="Safari Browser">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="null">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Timestamp" required="no" />
<AttributeName attributename="TSK_TITLE" columnName="Title" required="no" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Visit Count" required="no" />
<AttributeName attributename="TSK_TITLE" columnName="Title" required="yes" />
<AttributeName attributename="null" columnName="iCloud Sync" required="no" />
<AttributeName attributename="null" columnName="Load Successful" required="no" />
<AttributeName attributename="null" columnName="Visit ID" required="no" />
<AttributeName attributename="TSK_REFERRER" columnName="Redirect Source" required="yes" />
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
<AttributeName attributename="null" columnName="History Item ID" required="no" />
<AttributeName attributename="TSK_REFERRER" columnName="Redirect Source" required="no" />
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
<AttributeName attributename="null" columnName="Visit ID" required="no" />
<AttributeName attributename="null" columnName="Origin" required="no" />
</ArtifactName>
</FileName>
@ -783,20 +762,26 @@
<FileName filename="SMS &amp; iMessage - Messages.tsv" description="SMS - iMessage">
<ArtifactName artifactname="TSK_MESSAGE" comment="SMS - iMessage">
<AttributeName attributename="TSK_DATETIME" columnName="Message Date" required="yes" />
<AttributeName attributename="null" columnName="Date Delivered" required="no" />
<AttributeName attributename="null" columnName="Date Read" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Message Timestamp" required="yes" />
<AttributeName attributename="null" columnName="Read Timestamp" required="no" />
<AttributeName attributename="TSK_TEXT" columnName="Message" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Contact ID" required="yes" />
<AttributeName attributename="null" columnName="Service" required="no" />
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="Account" required="yes" />
<AttributeName attributename="null" columnName="Is Delivered" required="no" />
<AttributeName attributename="null" columnName="Is from Me" required="no" />
<AttributeName attributename="null" columnName="Filename" required="no" />
<AttributeName attributename="null" columnName="MIME Type" required="no" />
<AttributeName attributename="null" columnName="Transfer Type" required="no" />
<AttributeName attributename="null" columnName="Total Bytes" required="no" />
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
<AttributeName attributename="TSK_DIRECTION" columnName="Message Direction" required="no" />
<AttributeName attributename="null" columnName="Message Sent" required="no" />
<AttributeName attributename="null" columnName="Message Delivered" required="no" />
<AttributeName attributename="TSK_READ_STATUS" columnName="Message Read" required="no" />
<AttributeName attributename="null" columnName="Account" required="no" />
<AttributeName attributename="null" columnName="Account Login" required="no" />
<AttributeName attributename="null" columnName="Chat" required="no" />
<AttributeName attributename="null" columnName="Contact ID" required="no" />
<AttributeName attributename="null" columnName="Attachment Name" required="no" />
<AttributeName attributename="null" columnName="Attachment Path" required="no" />
<AttributeName attributename="null" columnName="Attachment Timestamp" required="no" />
<AttributeName attributename="null" columnName="Attachment Mimetype" required="no" />
<AttributeName attributename="null" columnName="Attachment Size (Bytes)" required="no" />
<AttributeName attributename="null" columnName="Message Row ID" required="no" />
<AttributeName attributename="TSK_THREAD_ID" columnName="Chat ID" required="no" />
<AttributeName attributename="null" columnName="From Me" required="no" />
</ArtifactName>
</FileName>
@ -834,17 +819,14 @@
<FileName filename="Wifi Network Store Model - Networks.tsv" description="Wifi Network Store Model - Networks">
<ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
<AttributeName attributename="TSK_SSID" columnName="SSID" required="yes" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="BSSID" required="yes" />
<AttributeName attributename="null" columnName="Network usage" required="no" />
<AttributeName attributename="null" columnName="Country code" required="no" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="Device name" required="yes" />
<AttributeName attributename="null" columnName="Manufacturer" required="no" />
<AttributeName attributename="null" columnName="Serial number" required="no" />
<AttributeName attributename="TSK_DEVICE_MODEL" columnName="Model name" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last joined" required="yes" />
<AttributeName attributename="null" columnName="Last autojoined" required="no" />
<AttributeName attributename="null" columnName="Enabled" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Connected Timestamp" required="no" />
<AttributeName attributename="null" columnName="PK" required="no" />
<AttributeName attributename="TSK_SSID" columnName="SSID" required="yes" />
<AttributeName attributename="TSK_GEO_LATITUDE" columnName="Latitude" required="no" />
<AttributeName attributename="TSK_GEO_LONGITUDE" columnName="Longitude" required="no" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="BSSID" required="no" />
<AttributeName attributename="null" columnName="5 GHz Network" required="no" />
<AttributeName attributename="null" columnName="2.4 GHz Network" required="no" />
</ArtifactName>
</FileName>