mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
7673 Allow helpers to call correct Blackboard.postArtifacts() API
This commit is contained in:
Richard Cordovano
parent
ebb759cca7
commit
356eec1d90
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule):
|
||||
|
||||
# Create a GeoArtifactsHelper for this file.
|
||||
geoArtifactHelper = GeoArtifactsHelper(
|
||||
self.skCase, self.moduleName, None, file)
|
||||
self.skCase, self.moduleName, None, file, context.getJobId())
|
||||
|
||||
if self.writeDebugMsgs:
|
||||
self.log(Level.INFO, "Processing " + file.getUniquePath() +
|
||||
@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule):
|
||||
|
||||
art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
|
||||
|
||||
self.blackboard.postArtifact(art, self.moduleName)
|
||||
self.blackboard.postArtifact(art, self.moduleName, context.getJobId())
|
||||
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " +
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2018 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
|
||||
# NOTE: originally commented out
|
||||
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
||||
blackboard.postArtifact(artifact, general.MODULE_NAME)
|
||||
blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId())
|
||||
except Blackboard.BlackboardException as ex:
|
||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2018 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
|
||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
|
||||
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
||||
blackboard.postArtifact(artifact, general.MODULE_NAME)
|
||||
blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId(), context.getJobId())
|
||||
except Blackboard.BlackboardException as ex:
|
||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2020 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
|
||||
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
callLogDb.getDBFile(),
|
||||
Account.Type.PHONE, Account.Type.PHONE, selfAccountId )
|
||||
Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId())
|
||||
else:
|
||||
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
callLogDb.getDBFile(),
|
||||
Account.Type.PHONE )
|
||||
Account.Type.PHONE, context.getJobId())
|
||||
|
||||
for tableName in CallLogAnalyzer._tableNames:
|
||||
try:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2020 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
||||
return
|
||||
for contactDb in contactsDbs:
|
||||
try:
|
||||
self.__findContactsInDB(contactDb, dataSource)
|
||||
self.__findContactsInDB(contactDb, dataSource, context)
|
||||
except Exception as ex:
|
||||
self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
||||
"""
|
||||
Queries the given contact database and adds Contacts to the case.
|
||||
"""
|
||||
def __findContactsInDB(self, contactDb, dataSource):
|
||||
def __findContactsInDB(self, contactDb, dataSource, context):
|
||||
if not contactDb:
|
||||
return
|
||||
|
||||
@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
|
||||
contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
contactDb.getDBFile(),
|
||||
Account.Type.PHONE )
|
||||
Account.Type.PHONE, context.getJobId())
|
||||
|
||||
# get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
|
||||
# sorted by name, so phonenumber/email would be consecutive for a person if they exist.
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
|
||||
if self.selfAccountId is not None:
|
||||
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, contactsDb.getDBFile(),
|
||||
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
|
||||
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
|
||||
else:
|
||||
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, contactsDb.getDBFile(),
|
||||
Account.Type.FACEBOOK)
|
||||
Account.Type.FACEBOOK, context.getJobId())
|
||||
|
||||
## get the other contacts/friends
|
||||
contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0")
|
||||
@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
|
||||
if self.selfAccountId is not None:
|
||||
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, threadsDb.getDBFile(),
|
||||
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
|
||||
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
|
||||
else:
|
||||
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, threadsDb.getDBFile(),
|
||||
Account.Type.FACEBOOK)
|
||||
Account.Type.FACEBOOK, context.getJobId())
|
||||
|
||||
self.analyzeMessages(threadsDb, threadsDBHelper)
|
||||
self.analyzeCallLogs(threadsDb, threadsDBHelper)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2018 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
|
||||
try:
|
||||
jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
|
||||
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
|
||||
self.__findGeoLocationsInDB(jFile.toString(), abstractFile)
|
||||
self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context)
|
||||
except Exception as ex:
|
||||
self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
|
||||
# Error finding Google map locations.
|
||||
pass
|
||||
|
||||
def __findGeoLocationsInDB(self, databasePath, abstractFile):
|
||||
def __findGeoLocationsInDB(self, databasePath, abstractFile, context):
|
||||
if not databasePath:
|
||||
return
|
||||
|
||||
try:
|
||||
artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile)
|
||||
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId())
|
||||
Class.forName("org.sqlite.JDBC") # load JDBC driver
|
||||
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
|
||||
statement = connection.createStatement()
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
|
||||
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
friendsDb.getDBFile(),
|
||||
Account.Type.IMO, Account.Type.IMO, selfAccountId )
|
||||
Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId())
|
||||
else:
|
||||
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
friendsDb.getDBFile(),
|
||||
Account.Type.IMO )
|
||||
Account.Type.IMO, context.getJobId())
|
||||
contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends")
|
||||
if contactsResultSet is not None:
|
||||
while contactsResultSet.next():
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer):
|
||||
try:
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, libraryDb.getDBFile())
|
||||
self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId())
|
||||
queryString = "SELECT doc_id, purchase_time FROM ownership"
|
||||
ownershipResultSet = libraryDb.runQuery(queryString)
|
||||
if ownershipResultSet is not None:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
contact_and_message_db.getDBFile(), Account.Type.LINE)
|
||||
contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId())
|
||||
self.parse_contacts(contact_and_message_db, helper)
|
||||
self.parse_messages(contact_and_message_db, helper, current_case)
|
||||
|
||||
@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
calllog_db.getDBFile(), Account.Type.LINE)
|
||||
calllog_db.getDBFile(), Account.Type.LINE, context.getJobId())
|
||||
self.parse_calllogs(dataSource, calllog_db, helper)
|
||||
|
||||
except NoCurrentCaseException as ex:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for historyDb in historyDbs:
|
||||
try:
|
||||
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, historyDb.getDBFile())
|
||||
self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
|
||||
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
|
||||
if historyResultSet is not None:
|
||||
while historyResultSet.next():
|
||||
@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for downloadsDb in downloadsDbs:
|
||||
try:
|
||||
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, downloadsDb.getDBFile())
|
||||
self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
|
||||
queryString = "SELECT target_path, start_time, url FROM downloads"\
|
||||
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
|
||||
downloadsResultSet = downloadsDb.runQuery(queryString)
|
||||
@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for autofillDb in autofillDbs:
|
||||
try:
|
||||
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, autofillDb.getDBFile())
|
||||
self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
|
||||
autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill")
|
||||
if autofillsResultSet is not None:
|
||||
while autofillsResultSet.next():
|
||||
@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for webFormAddressDb in webFormAddressDbs:
|
||||
try:
|
||||
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, webFormAddressDb.getDBFile())
|
||||
self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
|
||||
queryString = """
|
||||
SELECT street_address, city, state, zipcode, country_code,
|
||||
date_modified, first_name, last_name, number, email
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2018 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
|
||||
skCase = Case.getCurrentCase().getSleuthkitCase()
|
||||
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile())
|
||||
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId())
|
||||
|
||||
poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois"
|
||||
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
|
||||
@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
||||
artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
|
||||
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
||||
blackboard.postArtifact(artifact, self._MODULE_NAME)
|
||||
blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId())
|
||||
except Blackboard.BlackboardException as ex:
|
||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for sbrowserDb in sbrowserDbs:
|
||||
try:
|
||||
sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, sbrowserDb.getDBFile())
|
||||
self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId())
|
||||
bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL")
|
||||
if bookmarkResultSet is not None:
|
||||
while bookmarkResultSet.next():
|
||||
@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for cookiesDb in cookiesDbs:
|
||||
try:
|
||||
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, cookiesDb.getDBFile())
|
||||
self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId())
|
||||
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
|
||||
if cookiesResultSet is not None:
|
||||
while cookiesResultSet.next():
|
||||
@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for historyDb in historyDbs:
|
||||
try:
|
||||
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, historyDb.getDBFile())
|
||||
self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
|
||||
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
|
||||
if historyResultSet is not None:
|
||||
while historyResultSet.next():
|
||||
@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for downloadsDb in downloadsDbs:
|
||||
try:
|
||||
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, downloadsDb.getDBFile())
|
||||
self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
|
||||
queryString = "SELECT target_path, start_time, url FROM downloads"\
|
||||
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
|
||||
downloadsResultSet = downloadsDb.runQuery(queryString)
|
||||
@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for autofillDb in autofillDbs:
|
||||
try:
|
||||
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, autofillDb.getDBFile())
|
||||
self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
|
||||
queryString = """
|
||||
SELECT name, value, count, date_created
|
||||
FROM autofill
|
||||
@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
|
||||
for webFormAddressDb in webFormAddressDbs:
|
||||
try:
|
||||
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, webFormAddressDb.getDBFile())
|
||||
self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
|
||||
"""
|
||||
Autofill form data is split across multiple tables. The quqery below joins the various tables.
|
||||
"""
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, historyDb.getDBFile(),
|
||||
Account.Type.SHAREIT)
|
||||
Account.Type.SHAREIT, context.getJobId())
|
||||
|
||||
queryString = """
|
||||
SELECT history_type, device_id, device_name, description, timestamp, file_path
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer):
|
||||
if user_account_instance is None:
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
skype_db.getDBFile(), Account.Type.SKYPE
|
||||
skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId()
|
||||
)
|
||||
else:
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
skype_db.getDBFile(), Account.Type.SKYPE,
|
||||
Account.Type.SKYPE, user_account_instance
|
||||
Account.Type.SKYPE, user_account_instance, context.getJobId()
|
||||
)
|
||||
self.parse_contacts(skype_db, helper)
|
||||
self.parse_calllogs(skype_db, helper)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2020 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME)
|
||||
for tangoDbFile in tangoDbFiles:
|
||||
try:
|
||||
self.__findTangoMessagesInDB(tangoDbFile, dataSource)
|
||||
self.__findTangoMessagesInDB(tangoDbFile, dataSource, context)
|
||||
except Exception as ex:
|
||||
self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
# Error finding Tango messages.
|
||||
pass
|
||||
|
||||
def __findTangoMessagesInDB(self, tangoDb, dataSource):
|
||||
def __findTangoMessagesInDB(self, tangoDb, dataSource, context):
|
||||
if not tangoDb:
|
||||
return
|
||||
|
||||
@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
tangoDb.getDBFile(),
|
||||
Account.Type.TANGO )
|
||||
Account.Type.TANGO, context.getJobId())
|
||||
|
||||
resultSet = tangoDb.runQuery(
|
||||
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2020 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
messageDb.getDBFile(),
|
||||
Account.Type.PHONE, Account.Type.IMO, selfAccountId )
|
||||
Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId())
|
||||
else:
|
||||
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
messageDb.getDBFile(),
|
||||
Account.Type.PHONE )
|
||||
Account.Type.PHONE, context.getJobId())
|
||||
|
||||
uuid = UUID.randomUUID().toString()
|
||||
messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;")
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
textnow_db.getDBFile(), Account.Type.TEXTNOW
|
||||
textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId()
|
||||
)
|
||||
self.parse_contacts(textnow_db, helper)
|
||||
self.parse_calllogs(textnow_db, helper)
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
contact_and_calllog_db.getDBFile(), Account.Type.VIBER)
|
||||
contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId())
|
||||
self.parse_contacts(contact_and_calllog_db, helper)
|
||||
self.parse_calllogs(contact_and_calllog_db, helper)
|
||||
|
||||
@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
message_db.getDBFile(), Account.Type.VIBER)
|
||||
message_db.getDBFile(), Account.Type.VIBER, context.getJobId())
|
||||
self.parse_messages(message_db, helper, current_case)
|
||||
|
||||
except NoCurrentCaseException as ex:
|
||||
@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
|
||||
attributes = ArrayList()
|
||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
|
||||
artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
|
||||
|
||||
# Post the artifact to blackboard
|
||||
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)
|
||||
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId())
|
||||
|
||||
contacts_parser.close()
|
||||
except SQLException as ex:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer):
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
contact_db.getDBFile(), Account.Type.WHATSAPP)
|
||||
contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
|
||||
self.parse_contacts(contact_db, helper)
|
||||
|
||||
for calllog_and_message_db in calllog_and_message_dbs:
|
||||
current_case = Case.getCurrentCaseThrows()
|
||||
helper = CommunicationArtifactsHelper(
|
||||
current_case.getSleuthkitCase(), self._PARSER_NAME,
|
||||
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP)
|
||||
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
|
||||
self.parse_calllogs(calllog_and_message_db, helper)
|
||||
self.parse_messages(dataSource, calllog_and_message_db, helper, current_case)
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2016-2020 Basis Technology Corp.
|
||||
Copyright 2016-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME)
|
||||
for wwfDbFile in wwfDbFiles:
|
||||
try:
|
||||
self.__findWWFMessagesInDB(wwfDbFile, dataSource)
|
||||
self.__findWWFMessagesInDB(wwfDbFile, dataSource, context)
|
||||
except Exception as ex:
|
||||
self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||
pass
|
||||
|
||||
def __findWWFMessagesInDB(self, wwfDb, dataSource):
|
||||
def __findWWFMessagesInDB(self, wwfDb, dataSource, context):
|
||||
if not wwfDb:
|
||||
return
|
||||
|
||||
@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
|
||||
wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._PARSER_NAME,
|
||||
wwfDb.getDBFile(),
|
||||
wwfAccountType )
|
||||
wwfAccountType, context.getJobId())
|
||||
|
||||
uuid = UUID.randomUUID().toString()
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
|
||||
if selfAccountId is not None:
|
||||
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, transactionDb.getDBFile(),
|
||||
Account.Type.XENDER, Account.Type.XENDER, selfAccountId )
|
||||
Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId())
|
||||
else:
|
||||
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, transactionDb.getDBFile(),
|
||||
Account.Type.XENDER)
|
||||
Account.Type.XENDER, context.getJobId())
|
||||
|
||||
queryString = """
|
||||
SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id,
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
"""
|
||||
Autopsy Forensic Browser
|
||||
|
||||
Copyright 2019-2020 Basis Technology Corp.
|
||||
Copyright 2019-2021 Basis Technology Corp.
|
||||
Contact: carrier <at> sleuthkit <dot> org
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
|
||||
#
|
||||
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
self._MODULE_NAME, transferDb.getDBFile(),
|
||||
Account.Type.ZAPYA)
|
||||
Account.Type.ZAPYA, context.getJobId())
|
||||
|
||||
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
|
||||
transfersResultSet = transferDb.runQuery(queryString)
|
||||
|
||||
@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
||||
))
|
||||
|
||||
try:
|
||||
# index the artifact for keyword search
|
||||
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName)
|
||||
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId())
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
|
||||
@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
|
||||
# Create an instance of the helper class
|
||||
# TODO - Replace with your parser name and Account.Type
|
||||
helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
|
||||
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE)
|
||||
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId())
|
||||
|
||||
# Iterate through each row and create artifacts
|
||||
while result_set.next():
|
||||
|
||||
@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
|
||||
def log(self, level, msg):
|
||||
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
|
||||
|
||||
def __init__(self):
|
||||
self.context = None
|
||||
|
||||
# Where any setup and configuration is done
|
||||
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
|
||||
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
|
||||
# TODO: Add any setup code that you need here.
|
||||
def startUp(self, context):
|
||||
self.context = context
|
||||
self.filesFound = 0
|
||||
|
||||
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
|
||||
@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
|
||||
"Big and Round Files"))).getAnalysisResult()
|
||||
|
||||
try:
|
||||
# post the artifact for listeners of artifact events
|
||||
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName)
|
||||
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId())
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
|
||||
@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
|
||||
BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3])
|
||||
))
|
||||
|
||||
# index the artifact for keyword search
|
||||
try:
|
||||
blackboard.postArtifact(art, moduleName)
|
||||
blackboard.postArtifact(art, moduleName, context.getJobId())
|
||||
except Blackboard.BlackboardException as ex:
|
||||
self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex)
|
||||
|
||||
|
||||
@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
|
||||
None, "Test file", None, attrs).getAnalysisResult()
|
||||
|
||||
try:
|
||||
# post the artifact for listeners of artifact events.
|
||||
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName)
|
||||
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId())
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
|
||||
@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule):
|
||||
def log(self, level, msg):
|
||||
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
|
||||
|
||||
def __init__(self):
|
||||
self.context = None
|
||||
|
||||
# Where any setup and configuration is done
|
||||
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
|
||||
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
|
||||
# TODO: Add any setup code that you need here.
|
||||
def startUp(self, context):
|
||||
self.context = context
|
||||
self.filesFound = 0
|
||||
|
||||
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up
|
||||
@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
|
||||
None, "Text Files", None, attrs).getAnalysisResult()
|
||||
|
||||
try:
|
||||
# post the artifact for listeners of artifact events
|
||||
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName)
|
||||
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId())
|
||||
except Blackboard.BlackboardException as e:
|
||||
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user