mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

initial infra commit

Browse Source
This commit is contained in:
U-BASIS\dsmyda 2019-09-15 23:33:46 -04:00
parent 143007e565
commit 296f18ce3c
5 changed files with 231 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
InternalPythonModules/android/ResultSetIterator.py Normal file
View File

@ -0,0 +1,35 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
class ResultSetIterator(object):
"""
Generic base class for iterating through database recordms
"""
def __init__(self, result_set):
self.result_set = result_set
def next(self):
if self.result_set is None:
return False
return self.result_set.next()
def close(self):
if self.result_set is not None:
self.result_set.close()

64
InternalPythonModules/android/TskCallLogsParser.py Normal file
View File

@ -0,0 +1,64 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from ResultSetIterator import ResultSetIterator
from org.sleuthkit.autopsy.coreutils import AppDBParserHelper
from org.sleuthkit.datamodel import Account
class TskCallLogsParser(ResultSetIterator):
"""
Generic TSK_CALLLOG artifact template. Each of these methods
will contain the extraction and transformation logic for
converting raw database records to the expected TSK_CALLLOG
format.
A simple example of data transformation would be computing
the end time of a call when the database only supplies the start
time and duration.
"""
def __init__(self, result_set):
super(TskCallLogsParser, self).__init__(result_set)
self._DEFAULT_STRING = ""
self._DEFAULT_DIRECTION = AppDBParserHelper.CommunicationDirection.UNKNOWN
self._DEFAULT_ADDRESS = None
self._DEFAULT_CALL_TYPE = AppDBParserHelper.CallMediaType.UNKNOWN
self._DEFAULT_LONG = -1
self.INCOMING_CALL = AppDBParserHelper.CommunicationDirection.INCOMING
self.OUTGOING_CALL = AppDBParserHelper.CommunicationDirection.OUTGOING
self.AUDIO_CALL = AppDBParserHelper.CallMediaType.AUDIO
self.VIDEO_CALL = AppDBParserHelper.CallMediaType.VIDEO
def get_call_direction(self):
return self._DEFAULT_DIRECTION
def get_phone_number_from(self):
return self._DEFAULT_ADDRESS
def get_phone_number_to(self):
return self._DEFAULT_ADDRESS
def get_call_start_date_time(self):
return self._DEFAULT_LONG
def get_call_end_date_time(self):
return self._DEFAULT_LONG
def get_call_type(self):
return self._DEFAULT_CALL_TYPE

49
InternalPythonModules/android/TskContactsParser.py Normal file
View File

@ -0,0 +1,49 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from ResultSetIterator import ResultSetIterator
class TskContactsParser(ResultSetIterator):
"""
Generic TSK_CONTACT artifact template. Each of these methods
will contain the extraction and transformation logic for
converting raw database records to the expected TSK_CONTACT
format.
"""
def __init__(self, result_set):
super(TskContactsParser, self).__init__(result_set)
self._DEFAULT_VALUE = ""
def get_account_name(self):
return self._DEFAULT_VALUE
def get_contact_name(self):
return self._DEFAULT_VALUE
def get_phone(self):
return self._DEFAULT_VALUE
def get_home_phone(self):
return self._DEFAULT_VALUE
def get_mobile_phone(self):
return self._DEFAULT_VALUE
def get_email(self):
return self._DEFAULT_VALUE

72
InternalPythonModules/android/TskMessagesParser.py Normal file
View File

@ -0,0 +1,72 @@
"""
Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
"""
from ResultSetIterator import ResultSetIterator
from org.sleuthkit.datamodel import Account
from org.sleuthkit.autopsy.coreutils import AppDBParserHelper
class TskMessagesParser(ResultSetIterator):
"""
Generic TSK_MESSAGE artifact template. Each of these methods
will contain the extraction and transformation logic for
converting raw database records to the expected TSK_MESSAGE
format.
An easy example of such a transformation would be converting
message date time from milliseconds to seconds.
"""
def __init__(self, result_set):
super(TskMessagesParser, self).__init__(result_set)
self._DEFAULT_TEXT = ""
self._DEFAULT_LONG = -1L
self._DEFAULT_MSG_READ_STATUS = AppDBParserHelper.MessageReadStatusEnum.UNKNOWN
self._DEFAULT_ACCOUNT_ADDRESS = None
self._DEFAULT_COMMUNICATION_DIRECTION = AppDBParserHelper.CommunicationDirection.UNKNOWN
self.INCOMING = AppDBParserHelper.CommunicationDirection.INCOMING
self.OUTGOING = AppDBParserHelper.CommunicationDirection.OUTGOING
self.READ = AppDBParserHelper.MessageReadStatusEnum.READ
self.UNREAD = AppDBParserHelper.MessageReadStatusEnum.UNREAD
def get_message_type(self):
return self._DEFAULT_TEXT
def get_message_direction(self):
return self._DEFAULT_COMMUNICATION_DIRECTION
def get_phone_number_from(self):
return self._DEFAULT_ACCOUNT_ADDRESS
def get_phone_number_to(self):
return self._DEFAULT_ACCOUNT_ADDRESS
def get_message_date_time(self):
return self._DEFAULT_LONG
def get_message_read_status(self):
return self._DEFAULT_MSG_READ_STATUS
def get_message_subject(self):
return self._DEFAULT_TEXT
def get_message_text(self):
return self._DEFAULT_TEXT
def get_thread_id(self):
return self._DEFAULT_TEXT

11
InternalPythonModules/android/general.py
View File

@ -26,3 +26,14 @@ class AndroidComponentAnalyzer:
# The Analyzer should implement this method # The Analyzer should implement this method
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
raise NotImplementedError raise NotImplementedError
"""
A utility method to append list of attachments to msg body
"""
def appendAttachmentList(msgBody, attachmentsList):
body = msgBody
if attachmentsList:
body = body + "\n\n------------Attachments------------\n"
body = body + "\n".join(attachmentsList)
return body