diff --git a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py index 49e26483d0..375652b6c4 100644 --- a/InternalPythonModules/GPX_Module/GPX_Parser_Module.py +++ b/InternalPythonModules/GPX_Module/GPX_Parser_Module.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule): # Create a GeoArtifactsHelper for this file. geoArtifactHelper = GeoArtifactsHelper( - self.skCase, self.moduleName, None, file) + self.skCase, self.moduleName, None, file, context.getJobId()) if self.writeDebugMsgs: self.log(Level.INFO, "Processing " + file.getUniquePath() + @@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule): art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) - self.blackboard.postArtifact(art, self.moduleName) + self.blackboard.postArtifact(art, self.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + diff --git a/InternalPythonModules/android/browserlocation.py b/InternalPythonModules/android/browserlocation.py index faab73bcfa..ab0d52f709 100644 --- a/InternalPythonModules/android/browserlocation.py +++ b/InternalPythonModules/android/browserlocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer): # NOTE: originally commented out try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/cachelocation.py b/InternalPythonModules/android/cachelocation.py index 599eb60ca1..f8e672963a 100644 --- a/InternalPythonModules/android/cachelocation.py +++ b/InternalPythonModules/android/cachelocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer): # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy)) # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence)) try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, general.MODULE_NAME) + blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId(), context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/calllog.py b/InternalPythonModules/android/calllog.py index 13775e80f7..2762f0b869 100644 --- a/InternalPythonModules/android/calllog.py +++ b/InternalPythonModules/android/calllog.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer): callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, callLogDb.getDBFile(), - Account.Type.PHONE, Account.Type.PHONE, selfAccountId ) + Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId()) else: callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, callLogDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) for tableName in CallLogAnalyzer._tableNames: try: diff --git a/InternalPythonModules/android/contact.py b/InternalPythonModules/android/contact.py index 8144890134..2ebd744eb1 100644 --- a/InternalPythonModules/android/contact.py +++ b/InternalPythonModules/android/contact.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): return for contactDb in contactsDbs: try: - self.__findContactsInDB(contactDb, dataSource) + self.__findContactsInDB(contactDb, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Contacts", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): """ Queries the given contact database and adds Contacts to the case. """ - def __findContactsInDB(self, contactDb, dataSource): + def __findContactsInDB(self, contactDb, dataSource, context): if not contactDb: return @@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, contactDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) # get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) # sorted by name, so phonenumber/email would be consecutive for a person if they exist. diff --git a/InternalPythonModules/android/fbmessenger.py b/InternalPythonModules/android/fbmessenger.py index 86dc9cd474..05954e0e9f 100644 --- a/InternalPythonModules/android/fbmessenger.py +++ b/InternalPythonModules/android/fbmessenger.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if self.selfAccountId is not None: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId()) else: contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, contactsDb.getDBFile(), - Account.Type.FACEBOOK) + Account.Type.FACEBOOK, context.getJobId()) ## get the other contacts/friends contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0") @@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer): if self.selfAccountId is not None: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) + Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId()) else: threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), self._MODULE_NAME, threadsDb.getDBFile(), - Account.Type.FACEBOOK) + Account.Type.FACEBOOK, context.getJobId()) self.analyzeMessages(threadsDb, threadsDBHelper) self.analyzeCallLogs(threadsDb, threadsDBHelper) diff --git a/InternalPythonModules/android/googlemaplocation.py b/InternalPythonModules/android/googlemaplocation.py index 2c33146b21..277b8ef1f5 100644 --- a/InternalPythonModules/android/googlemaplocation.py +++ b/InternalPythonModules/android/googlemaplocation.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer): try: jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findGeoLocationsInDB(jFile.toString(), abstractFile) + self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer): # Error finding Google map locations. pass - def __findGeoLocationsInDB(self, databasePath, abstractFile): + def __findGeoLocationsInDB(self, databasePath, abstractFile, context): if not databasePath: return try: artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(), - general.MODULE_NAME, self.PROGRAM_NAME, abstractFile) + general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId()) Class.forName("org.sqlite.JDBC") # load JDBC driver connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath) statement = connection.createStatement() diff --git a/InternalPythonModules/android/imo.py b/InternalPythonModules/android/imo.py index 6898e3693f..7e308340ad 100644 --- a/InternalPythonModules/android/imo.py +++ b/InternalPythonModules/android/imo.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer): friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO, Account.Type.IMO, selfAccountId ) + Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId()) else: friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, friendsDb.getDBFile(), - Account.Type.IMO ) + Account.Type.IMO, context.getJobId()) contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends") if contactsResultSet is not None: while contactsResultSet.next(): diff --git a/InternalPythonModules/android/installedapps.py b/InternalPythonModules/android/installedapps.py index ef09a5b5d0..fe80180522 100644 --- a/InternalPythonModules/android/installedapps.py +++ b/InternalPythonModules/android/installedapps.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer): try: current_case = Case.getCurrentCaseThrows() libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(), - self._MODULE_NAME, libraryDb.getDBFile()) + self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId()) queryString = "SELECT doc_id, purchase_time FROM ownership" ownershipResultSet = libraryDb.runQuery(queryString) if ownershipResultSet is not None: diff --git a/InternalPythonModules/android/line.py b/InternalPythonModules/android/line.py index 7409f28945..fe39a434c1 100644 --- a/InternalPythonModules/android/line.py +++ b/InternalPythonModules/android/line.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_and_message_db.getDBFile(), Account.Type.LINE) + contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId()) self.parse_contacts(contact_and_message_db, helper) self.parse_messages(contact_and_message_db, helper, current_case) @@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - calllog_db.getDBFile(), Account.Type.LINE) + calllog_db.getDBFile(), Account.Type.LINE, context.getJobId()) self.parse_calllogs(dataSource, calllog_db, helper) except NoCurrentCaseException as ex: diff --git a/InternalPythonModules/android/operabrowser.py b/InternalPythonModules/android/operabrowser.py index f1f90b9f04..04e4c34f10 100644 --- a/InternalPythonModules/android/operabrowser.py +++ b/InternalPythonModules/android/operabrowser.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for historyDb in historyDbs: try: historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, historyDb.getDBFile()) + self._MODULE_NAME, historyDb.getDBFile(), context.getJobId()) historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") if historyResultSet is not None: while historyResultSet.next(): @@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for downloadsDb in downloadsDbs: try: downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, downloadsDb.getDBFile()) + self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId()) queryString = "SELECT target_path, start_time, url FROM downloads"\ " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" downloadsResultSet = downloadsDb.runQuery(queryString) @@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for autofillDb in autofillDbs: try: autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, autofillDb.getDBFile()) + self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId()) autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill") if autofillsResultSet is not None: while autofillsResultSet.next(): @@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer): for webFormAddressDb in webFormAddressDbs: try: webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, webFormAddressDb.getDBFile()) + self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId()) queryString = """ SELECT street_address, city, state, zipcode, country_code, date_modified, first_name, last_name, number, email diff --git a/InternalPythonModules/android/oruxmaps.py b/InternalPythonModules/android/oruxmaps.py index 677ea26eea..88dcb6f2f9 100644 --- a/InternalPythonModules/android/oruxmaps.py +++ b/InternalPythonModules/android/oruxmaps.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2018 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() skCase = Case.getCurrentCase().getSleuthkitCase() - geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile()) + geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId()) poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois" poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString) @@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) try: - # index the artifact for keyword search blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, self._MODULE_NAME) + blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId()) except Blackboard.BlackboardException as ex: self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, traceback.format_exc()) diff --git a/InternalPythonModules/android/sbrowser.py b/InternalPythonModules/android/sbrowser.py index 41e9790c5b..75b56d5807 100644 --- a/InternalPythonModules/android/sbrowser.py +++ b/InternalPythonModules/android/sbrowser.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for sbrowserDb in sbrowserDbs: try: sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, sbrowserDb.getDBFile()) + self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId()) bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL") if bookmarkResultSet is not None: while bookmarkResultSet.next(): @@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for cookiesDb in cookiesDbs: try: cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, cookiesDb.getDBFile()) + self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId()) cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies") if cookiesResultSet is not None: while cookiesResultSet.next(): @@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for historyDb in historyDbs: try: historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, historyDb.getDBFile()) + self._MODULE_NAME, historyDb.getDBFile(), context.getJobId()) historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") if historyResultSet is not None: while historyResultSet.next(): @@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for downloadsDb in downloadsDbs: try: downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, downloadsDb.getDBFile()) + self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId()) queryString = "SELECT target_path, start_time, url FROM downloads"\ " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" downloadsResultSet = downloadsDb.runQuery(queryString) @@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for autofillDb in autofillDbs: try: autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, autofillDb.getDBFile()) + self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId()) queryString = """ SELECT name, value, count, date_created FROM autofill @@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer): for webFormAddressDb in webFormAddressDbs: try: webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), - self._MODULE_NAME, webFormAddressDb.getDBFile()) + self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId()) """ Autofill form data is split across multiple tables. The quqery below joins the various tables. """ diff --git a/InternalPythonModules/android/shareit.py b/InternalPythonModules/android/shareit.py index dc9c549f23..b1f0af8314 100644 --- a/InternalPythonModules/android/shareit.py +++ b/InternalPythonModules/android/shareit.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, historyDb.getDBFile(), - Account.Type.SHAREIT) + Account.Type.SHAREIT, context.getJobId()) queryString = """ SELECT history_type, device_id, device_name, description, timestamp, file_path diff --git a/InternalPythonModules/android/skype.py b/InternalPythonModules/android/skype.py index 908a7da451..fbf185dfbe 100644 --- a/InternalPythonModules/android/skype.py +++ b/InternalPythonModules/android/skype.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer): if user_account_instance is None: helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - skype_db.getDBFile(), Account.Type.SKYPE + skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId() ) else: helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, skype_db.getDBFile(), Account.Type.SKYPE, - Account.Type.SKYPE, user_account_instance + Account.Type.SKYPE, user_account_instance, context.getJobId() ) self.parse_contacts(skype_db, helper) self.parse_calllogs(skype_db, helper) diff --git a/InternalPythonModules/android/tangomessage.py b/InternalPythonModules/android/tangomessage.py index a7b9cd888d..bb5256781b 100644 --- a/InternalPythonModules/android/tangomessage.py +++ b/InternalPythonModules/android/tangomessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME) for tangoDbFile in tangoDbFiles: try: - self.__findTangoMessagesInDB(tangoDbFile, dataSource) + self.__findTangoMessagesInDB(tangoDbFile, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): # Error finding Tango messages. pass - def __findTangoMessagesInDB(self, tangoDb, dataSource): + def __findTangoMessagesInDB(self, tangoDb, dataSource, context): if not tangoDb: return @@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, tangoDb.getDBFile(), - Account.Type.TANGO ) + Account.Type.TANGO, context.getJobId()) resultSet = tangoDb.runQuery( "SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;") diff --git a/InternalPythonModules/android/textmessage.py b/InternalPythonModules/android/textmessage.py index 3c46ea7d2d..05777d0c69 100644 --- a/InternalPythonModules/android/textmessage.py +++ b/InternalPythonModules/android/textmessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, messageDb.getDBFile(), - Account.Type.PHONE, Account.Type.IMO, selfAccountId ) + Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId()) else: messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, messageDb.getDBFile(), - Account.Type.PHONE ) + Account.Type.PHONE, context.getJobId()) uuid = UUID.randomUUID().toString() messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;") diff --git a/InternalPythonModules/android/textnow.py b/InternalPythonModules/android/textnow.py index 005e1191dd..1043dab1a0 100644 --- a/InternalPythonModules/android/textnow.py +++ b/InternalPythonModules/android/textnow.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - textnow_db.getDBFile(), Account.Type.TEXTNOW + textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId() ) self.parse_contacts(textnow_db, helper) self.parse_calllogs(textnow_db, helper) diff --git a/InternalPythonModules/android/viber.py b/InternalPythonModules/android/viber.py index cd8fed0854..9626f5d285 100644 --- a/InternalPythonModules/android/viber.py +++ b/InternalPythonModules/android/viber.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_and_calllog_db.getDBFile(), Account.Type.VIBER) + contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId()) self.parse_contacts(contact_and_calllog_db, helper) self.parse_calllogs(contact_and_calllog_db, helper) @@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - message_db.getDBFile(), Account.Type.VIBER) + message_db.getDBFile(), Account.Type.VIBER, context.getJobId()) self.parse_messages(message_db, helper, current_case) except NoCurrentCaseException as ex: @@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer): attributes = ArrayList() attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name())) artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes) - - # Post the artifact to blackboard - current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME) + current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId()) contacts_parser.close() except SQLException as ex: diff --git a/InternalPythonModules/android/whatsapp.py b/InternalPythonModules/android/whatsapp.py index e392fdf24c..6d9e0b5ea7 100644 --- a/InternalPythonModules/android/whatsapp.py +++ b/InternalPythonModules/android/whatsapp.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer): current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - contact_db.getDBFile(), Account.Type.WHATSAPP) + contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId()) self.parse_contacts(contact_db, helper) for calllog_and_message_db in calllog_and_message_dbs: current_case = Case.getCurrentCaseThrows() helper = CommunicationArtifactsHelper( current_case.getSleuthkitCase(), self._PARSER_NAME, - calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP) + calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId()) self.parse_calllogs(calllog_and_message_db, helper) self.parse_messages(dataSource, calllog_and_message_db, helper, current_case) diff --git a/InternalPythonModules/android/wwfmessage.py b/InternalPythonModules/android/wwfmessage.py index da3d343ad3..9cb95a411a 100644 --- a/InternalPythonModules/android/wwfmessage.py +++ b/InternalPythonModules/android/wwfmessage.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2016-2020 Basis Technology Corp. +Copyright 2016-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME) for wwfDbFile in wwfDbFiles: try: - self.__findWWFMessagesInDB(wwfDbFile, dataSource) + self.__findWWFMessagesInDB(wwfDbFile, dataSource, context) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) pass - def __findWWFMessagesInDB(self, wwfDb, dataSource): + def __findWWFMessagesInDB(self, wwfDb, dataSource, context): if not wwfDb: return @@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._PARSER_NAME, wwfDb.getDBFile(), - wwfAccountType ) + wwfAccountType, context.getJobId()) uuid = UUID.randomUUID().toString() diff --git a/InternalPythonModules/android/xender.py b/InternalPythonModules/android/xender.py index 2ca86d2045..b1d1dcc8e3 100644 --- a/InternalPythonModules/android/xender.py +++ b/InternalPythonModules/android/xender.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): if selfAccountId is not None: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER, Account.Type.XENDER, selfAccountId ) + Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId()) else: transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transactionDb.getDBFile(), - Account.Type.XENDER) + Account.Type.XENDER, context.getJobId()) queryString = """ SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id, diff --git a/InternalPythonModules/android/zapya.py b/InternalPythonModules/android/zapya.py index 2801b17b68..8f653f2531 100644 --- a/InternalPythonModules/android/zapya.py +++ b/InternalPythonModules/android/zapya.py @@ -1,7 +1,7 @@ """ Autopsy Forensic Browser -Copyright 2019-2020 Basis Technology Corp. +Copyright 2019-2021 Basis Technology Corp. Contact: carrier sleuthkit org Licensed under the Apache License, Version 2.0 (the "License"); @@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): # transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), self._MODULE_NAME, transferDb.getDBFile(), - Account.Type.ZAPYA) + Account.Type.ZAPYA, context.getJobId()) queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" transfersResultSet = transferDb.runQuery(queryString) diff --git a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py index 27f9be6161..a0ad098623 100644 --- a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py +++ b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py @@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule): )) try: - # index the artifact for keyword search - blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName) + blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py index f58a156170..da4c21f560 100644 --- a/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py +++ b/pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py @@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule): # Create an instance of the helper class # TODO - Replace with your parser name and Account.Type helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), - ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE) + ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId()) # Iterate through each row and create artifacts while result_set.next(): diff --git a/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py b/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py index 5bf710e9d5..8dc5a59763 100644 --- a/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py +++ b/pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py @@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule): def log(self, level, msg): self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + def __init__(self): + self.context = None + # Where any setup and configuration is done # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # TODO: Add any setup code that you need here. def startUp(self, context): + self.context = context self.filesFound = 0 # Throw an IngestModule.IngestModuleException exception if there was a problem setting up @@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule): "Big and Round Files"))).getAnalysisResult() try: - # post the artifact for listeners of artifact events - blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName) + blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/Registry_Example.py b/pythonExamples/Registry_Example.py index f99ead8086..94041bf9e7 100644 --- a/pythonExamples/Registry_Example.py +++ b/pythonExamples/Registry_Example.py @@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule): BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3]) )) - # index the artifact for keyword search try: - blackboard.postArtifact(art, moduleName) + blackboard.postArtifact(art, moduleName, context.getJobId()) except Blackboard.BlackboardException as ex: self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex) diff --git a/pythonExamples/dataSourceIngestModule.py b/pythonExamples/dataSourceIngestModule.py index ecb4f01477..502d535b21 100644 --- a/pythonExamples/dataSourceIngestModule.py +++ b/pythonExamples/dataSourceIngestModule.py @@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule): None, "Test file", None, attrs).getAnalysisResult() try: - # post the artifact for listeners of artifact events. - blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName) + blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) diff --git a/pythonExamples/fileIngestModule.py b/pythonExamples/fileIngestModule.py index f72f1c4792..50b2478697 100644 --- a/pythonExamples/fileIngestModule.py +++ b/pythonExamples/fileIngestModule.py @@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule): def log(self, level, msg): self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) + def __init__(self): + self.context = None + # Where any setup and configuration is done # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # TODO: Add any setup code that you need here. def startUp(self, context): + self.context = context self.filesFound = 0 # Throw an IngestModule.IngestModuleException exception if there was a problem setting up @@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule): None, "Text Files", None, attrs).getAnalysisResult() try: - # post the artifact for listeners of artifact events - blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName) + blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId()) except Blackboard.BlackboardException as e: self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())