mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
updates for ileapp discrepancies
This commit is contained in:
Greg DiCristofaro
parent
c30c8aefef
commit
0bc7606ff4
@ -913,19 +913,15 @@ public final class LeappFileProcessor {
|
|||||||
private Collection<BlackboardAttribute> processReadLine(List<String> lineValues, Map<String, Integer> columnIndexes,
|
private Collection<BlackboardAttribute> processReadLine(List<String> lineValues, Map<String, Integer> columnIndexes,
|
||||||
List<TsvColumn> attrList, String fileName, int lineNum) throws IngestModuleException {
|
List<TsvColumn> attrList, String fileName, int lineNum) throws IngestModuleException {
|
||||||
|
|
||||||
|
// if no attributes, return an empty row
|
||||||
if (MapUtils.isEmpty(columnIndexes) || CollectionUtils.isEmpty(lineValues)
|
if (MapUtils.isEmpty(columnIndexes) || CollectionUtils.isEmpty(lineValues)
|
||||||
|| (lineValues.size() == 1 && StringUtils.isEmpty(lineValues.get(0)))) {
|
|| (lineValues.size() == 1 && StringUtils.isEmpty(lineValues.get(0)))) {
|
||||||
return Collections.emptyList();
|
return Collections.emptyList();
|
||||||
}
|
}
|
||||||
// else if (lineValues.size() < columnIndexes.size()) {
|
|
||||||
// logger.log(Level.WARNING, String.format(
|
|
||||||
// "Row at line number %d in file %s has %d columns when %d were expected based on the header row.",
|
|
||||||
// lineNum, fileName, lineValues.size(), columnIndexes.size()));
|
|
||||||
// return Collections.emptyList();
|
|
||||||
// }
|
|
||||||
|
|
||||||
List<BlackboardAttribute> attrsToRet = new ArrayList<>();
|
List<BlackboardAttribute> attrsToRet = new ArrayList<>();
|
||||||
for (TsvColumn colAttr : attrList) {
|
for (TsvColumn colAttr : attrList) {
|
||||||
|
// if no matching attribute type, keep going
|
||||||
if (colAttr.getAttributeType() == null) {
|
if (colAttr.getAttributeType() == null) {
|
||||||
// this handles columns that are currently ignored.
|
// this handles columns that are currently ignored.
|
||||||
continue;
|
continue;
|
||||||
@ -939,8 +935,15 @@ public final class LeappFileProcessor {
|
|||||||
|
|
||||||
String value = (columnIdx >= lineValues.size() || columnIdx < 0) ? null : lineValues.get(columnIdx);
|
String value = (columnIdx >= lineValues.size() || columnIdx < 0) ? null : lineValues.get(columnIdx);
|
||||||
if (value == null) {
|
if (value == null) {
|
||||||
logger.log(Level.WARNING, String.format("No value found for column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
|
// if column is required, return empty for this row if no value
|
||||||
return Collections.emptyList();
|
if (colAttr.isRequired()) {
|
||||||
|
logger.log(Level.WARNING, String.format("No value found for required column %s at line %d in file %s. Omitting row.", colAttr.getColumnName(), lineNum, fileName));
|
||||||
|
return Collections.emptyList();
|
||||||
|
} else {
|
||||||
|
// otherwise, continue to next column
|
||||||
|
logger.log(Level.WARNING, String.format("No value found for column %s at line %d in file %s. Omitting column.", colAttr.getColumnName(), lineNum, fileName));
|
||||||
|
continue;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String formattedValue = formatValueBasedOnAttrType(colAttr, value);
|
String formattedValue = formatValueBasedOnAttrType(colAttr, value);
|
||||||
|
|||||||
@ -65,24 +65,14 @@
|
|||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
<FileName filename="Bluetooth Other LE.tsv" description="Bluetooth Other LE">
|
|
||||||
<ArtifactName artifactname="TSK_BLUETOOTH_ADAPTER" comment="Bluetooth Other">
|
|
||||||
<AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
|
|
||||||
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="Address" required="yes" />
|
|
||||||
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
|
|
||||||
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
|
|
||||||
</ArtifactName>
|
|
||||||
</FileName>
|
|
||||||
|
|
||||||
<FileName filename="Bluetooth paired.tsv" description="Bluetooth Paired">
|
<FileName filename="Bluetooth paired.tsv" description="Bluetooth Paired">
|
||||||
<ArtifactName artifactname="TSK_BLUETOOTH_PAIRING" comment="Bluetooth Paired">
|
<ArtifactName artifactname="TSK_BLUETOOTH_PAIRING" comment="Bluetooth Paired">
|
||||||
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
|
|
||||||
<AttributeName attributename="TSK_DEVICE_NAME" columnName="Name" required="yes" />
|
|
||||||
<AttributeName attributename="null" columnName="Name Origin" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Address" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
|
|
||||||
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
|
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
|
||||||
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="yes" />
|
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="MAC Address" required="yes" />
|
||||||
|
<AttributeName attributename="TSK_DEVICE_NAME" columnName="Name Key" required="yes" />
|
||||||
|
<AttributeName attributename="null" columnName="Name" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Device Product ID" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Default Name" required="no" />
|
||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
@ -93,8 +83,7 @@
|
|||||||
<AttributeName attributename="null" columnName="Name Origin" required="no" />
|
<AttributeName attributename="null" columnName="Name Origin" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Address" required="no" />
|
<AttributeName attributename="null" columnName="Address" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
|
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
|
||||||
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
|
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="no" />
|
||||||
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="yes" />
|
|
||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
@ -113,7 +102,8 @@
|
|||||||
|
|
||||||
<FileName filename="Call History.tsv" description="Call Logs">
|
<FileName filename="Call History.tsv" description="Call Logs">
|
||||||
<ArtifactName artifactname="TSK_CALLLOG" comment="Call Logs">
|
<ArtifactName artifactname="TSK_CALLLOG" comment="Call Logs">
|
||||||
<AttributeName attributename="TSK_DATETIME_START" columnName="Timestamp" required="yes" />
|
<AttributeName attributename="TSK_DATETIME_START" columnName="Starting Timestamp" required="yes" />
|
||||||
|
<AttributeName attributename="TSK_DATETIME_END" columnName="Ending Timestamp" required="no" />
|
||||||
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Phone Number" required="yes" />
|
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Phone Number" required="yes" />
|
||||||
<AttributeName attributename="null" columnName="Name" required="no" />
|
<AttributeName attributename="null" columnName="Name" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Answered" required="no" />
|
<AttributeName attributename="null" columnName="Answered" required="no" />
|
||||||
@ -736,32 +726,21 @@
|
|||||||
|
|
||||||
<FileName filename="Recent WebSearches.tsv" description="Recent Web Searches">
|
<FileName filename="Recent WebSearches.tsv" description="Recent Web Searches">
|
||||||
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="null">
|
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="null">
|
||||||
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
|
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Date" required="yes" />
|
||||||
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes" />
|
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes" />
|
||||||
<AttributeName attributename="null" columnName="URL" required="yes" />
|
|
||||||
<AttributeName attributename="null" columnName="Visit Count" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Title" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="iCloud Sync" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Load Successful" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Visit ID" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Redirect Source" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="History Item ID" required="no" />
|
|
||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
<FileName filename="Safari Browser - History.tsv" description="Safari Browser">
|
<FileName filename="Safari Browser - History.tsv" description="Safari Browser">
|
||||||
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="null">
|
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="null">
|
||||||
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
|
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Timestamp" required="no" />
|
||||||
|
<AttributeName attributename="TSK_TITLE" columnName="Title" required="no" />
|
||||||
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
|
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
|
||||||
<AttributeName attributename="null" columnName="Visit Count" required="no" />
|
<AttributeName attributename="null" columnName="Visit Count" required="no" />
|
||||||
<AttributeName attributename="TSK_TITLE" columnName="Title" required="yes" />
|
<AttributeName attributename="TSK_REFERRER" columnName="Redirect Source" required="no" />
|
||||||
<AttributeName attributename="null" columnName="iCloud Sync" required="no" />
|
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Load Successful" required="no" />
|
<AttributeName attributename="null" columnName="Visit ID" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Visit ID" required="no" />
|
<AttributeName attributename="null" columnName="Origin" required="no" />
|
||||||
<AttributeName attributename="TSK_REFERRER" columnName="Redirect Source" required="yes" />
|
|
||||||
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="History Item ID" required="no" />
|
|
||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
@ -783,20 +762,26 @@
|
|||||||
|
|
||||||
<FileName filename="SMS & iMessage - Messages.tsv" description="SMS - iMessage">
|
<FileName filename="SMS & iMessage - Messages.tsv" description="SMS - iMessage">
|
||||||
<ArtifactName artifactname="TSK_MESSAGE" comment="SMS - iMessage">
|
<ArtifactName artifactname="TSK_MESSAGE" comment="SMS - iMessage">
|
||||||
<AttributeName attributename="TSK_DATETIME" columnName="Message Date" required="yes" />
|
<AttributeName attributename="TSK_DATETIME" columnName="Message Timestamp" required="yes" />
|
||||||
<AttributeName attributename="null" columnName="Date Delivered" required="no" />
|
<AttributeName attributename="null" columnName="Read Timestamp" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Date Read" required="no" />
|
|
||||||
<AttributeName attributename="TSK_TEXT" columnName="Message" required="yes" />
|
<AttributeName attributename="TSK_TEXT" columnName="Message" required="yes" />
|
||||||
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Contact ID" required="yes" />
|
|
||||||
<AttributeName attributename="null" columnName="Service" required="no" />
|
<AttributeName attributename="null" columnName="Service" required="no" />
|
||||||
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="Account" required="yes" />
|
<AttributeName attributename="TSK_DIRECTION" columnName="Message Direction" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Is Delivered" required="no" />
|
<AttributeName attributename="null" columnName="Message Sent" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Is from Me" required="no" />
|
<AttributeName attributename="null" columnName="Message Delivered" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Filename" required="no" />
|
<AttributeName attributename="TSK_READ_STATUS" columnName="Message Read" required="no" />
|
||||||
<AttributeName attributename="null" columnName="MIME Type" required="no" />
|
<AttributeName attributename="null" columnName="Account" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Transfer Type" required="no" />
|
<AttributeName attributename="null" columnName="Account Login" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Total Bytes" required="no" />
|
<AttributeName attributename="null" columnName="Chat" required="no" />
|
||||||
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
|
<AttributeName attributename="null" columnName="Contact ID" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Attachment Name" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Attachment Path" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Attachment Timestamp" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Attachment Mimetype" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Attachment Size (Bytes)" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="Message Row ID" required="no" />
|
||||||
|
<AttributeName attributename="TSK_THREAD_ID" columnName="Chat ID" required="no" />
|
||||||
|
<AttributeName attributename="null" columnName="From Me" required="no" />
|
||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
@ -834,17 +819,14 @@
|
|||||||
|
|
||||||
<FileName filename="Wifi Network Store Model - Networks.tsv" description="Wifi Network Store Model - Networks">
|
<FileName filename="Wifi Network Store Model - Networks.tsv" description="Wifi Network Store Model - Networks">
|
||||||
<ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
|
<ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
|
||||||
<AttributeName attributename="TSK_SSID" columnName="SSID" required="yes" />
|
<AttributeName attributename="TSK_DATETIME" columnName="Last Connected Timestamp" required="no" />
|
||||||
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="BSSID" required="yes" />
|
<AttributeName attributename="null" columnName="PK" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Network usage" required="no" />
|
<AttributeName attributename="TSK_SSID" columnName="SSID" required="yes" />
|
||||||
<AttributeName attributename="null" columnName="Country code" required="no" />
|
<AttributeName attributename="TSK_GEO_LATITUDE" columnName="Latitude" required="no" />
|
||||||
<AttributeName attributename="TSK_DEVICE_ID" columnName="Device name" required="yes" />
|
<AttributeName attributename="TSK_GEO_LONGITUDE" columnName="Longitude" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Manufacturer" required="no" />
|
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="BSSID" required="no" />
|
||||||
<AttributeName attributename="null" columnName="Serial number" required="no" />
|
<AttributeName attributename="null" columnName="5 GHz Network" required="no" />
|
||||||
<AttributeName attributename="TSK_DEVICE_MODEL" columnName="Model name" required="no" />
|
<AttributeName attributename="null" columnName="2.4 GHz Network" required="no" />
|
||||||
<AttributeName attributename="TSK_DATETIME" columnName="Last joined" required="yes" />
|
|
||||||
<AttributeName attributename="null" columnName="Last autojoined" required="no" />
|
|
||||||
<AttributeName attributename="null" columnName="Enabled" required="no" />
|
|
||||||
</ArtifactName>
|
</ArtifactName>
|
||||||
</FileName>
|
</FileName>
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user