mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

7673 Allow helpers to call correct Blackboard.postArtifacts() API

Browse Source
This commit is contained in:
Richard Cordovano 2021-10-27 13:09:08 -04:00
parent ebb759cca7
commit 356eec1d90
29 changed files with 90 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
InternalPythonModules/GPX_Module/GPX_Parser_Module.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -134,7 +134,7 @@ class GPXParserFileIngestModule(FileIngestModule):
# Create a GeoArtifactsHelper for this file. # Create a GeoArtifactsHelper for this file.
geoArtifactHelper = GeoArtifactsHelper( geoArtifactHelper = GeoArtifactsHelper(
self.skCase, self.moduleName, None, file) self.skCase, self.moduleName, None, file, context.getJobId())
if self.writeDebugMsgs: if self.writeDebugMsgs:
self.log(Level.INFO, "Processing " + file.getUniquePath() + self.log(Level.INFO, "Processing " + file.getUniquePath() +
@ -213,7 +213,7 @@ class GPXParserFileIngestModule(FileIngestModule):
art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
self.blackboard.postArtifact(art, self.moduleName) self.blackboard.postArtifact(art, self.moduleName, context.getJobId())
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " + self.log(Level.SEVERE, "Error posting GPS bookmark artifact for " +

5
InternalPythonModules/android/browserlocation.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -104,9 +104,8 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
# NOTE: originally commented out # NOTE: originally commented out
try: try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
blackboard.postArtifact(artifact, general.MODULE_NAME) blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId())
except Blackboard.BlackboardException as ex: except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex) self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactTypeName()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())

5
InternalPythonModules/android/cachelocation.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -102,9 +102,8 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy)) # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
# artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence)) # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))
try: try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
blackboard.postArtifact(artifact, general.MODULE_NAME) blackboard.postArtifact(artifact, general.MODULE_NAME, context.getJobId(), context.getJobId())
except Blackboard.BlackboardException as ex: except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())

6
InternalPythonModules/android/calllog.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -83,12 +83,12 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
callLogDb.getDBFile(), callLogDb.getDBFile(),
Account.Type.PHONE, Account.Type.PHONE, selfAccountId ) Account.Type.PHONE, Account.Type.PHONE, selfAccountId, context.getJobId())
else: else:
callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), callLogDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
callLogDb.getDBFile(), callLogDb.getDBFile(),
Account.Type.PHONE ) Account.Type.PHONE, context.getJobId())
for tableName in CallLogAnalyzer._tableNames: for tableName in CallLogAnalyzer._tableNames:
try: try:

8
InternalPythonModules/android/contact.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -75,7 +75,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
return return
for contactDb in contactsDbs: for contactDb in contactsDbs:
try: try:
self.__findContactsInDB(contactDb, dataSource) self.__findContactsInDB(contactDb, dataSource, context)
except Exception as ex: except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Contacts", ex) self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())
@ -86,7 +86,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
""" """
Queries the given contact database and adds Contacts to the case. Queries the given contact database and adds Contacts to the case.
""" """
def __findContactsInDB(self, contactDb, dataSource): def __findContactsInDB(self, contactDb, dataSource, context):
if not contactDb: if not contactDb:
return return
@ -97,7 +97,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), contactDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
contactDb.getDBFile(), contactDb.getDBFile(),
Account.Type.PHONE ) Account.Type.PHONE, context.getJobId())
# get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) # get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
# sorted by name, so phonenumber/email would be consecutive for a person if they exist. # sorted by name, so phonenumber/email would be consecutive for a person if they exist.

10
InternalPythonModules/android/fbmessenger.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -148,11 +148,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
if self.selfAccountId is not None: if self.selfAccountId is not None:
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, contactsDb.getDBFile(), self._MODULE_NAME, contactsDb.getDBFile(),
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
else: else:
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, contactsDb.getDBFile(), self._MODULE_NAME, contactsDb.getDBFile(),
Account.Type.FACEBOOK) Account.Type.FACEBOOK, context.getJobId())
## get the other contacts/friends ## get the other contacts/friends
contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0") contactsResultSet = contactsDb.runQuery("SELECT fbid, display_name, added_time_ms FROM contacts WHERE added_time_ms <> 0")
@ -492,11 +492,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
if self.selfAccountId is not None: if self.selfAccountId is not None:
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, threadsDb.getDBFile(), self._MODULE_NAME, threadsDb.getDBFile(),
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId ) Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId, context.getJobId())
else: else:
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(), threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, threadsDb.getDBFile(), self._MODULE_NAME, threadsDb.getDBFile(),
Account.Type.FACEBOOK) Account.Type.FACEBOOK, context.getJobId())
self.analyzeMessages(threadsDb, threadsDBHelper) self.analyzeMessages(threadsDb, threadsDBHelper)
self.analyzeCallLogs(threadsDb, threadsDBHelper) self.analyzeCallLogs(threadsDb, threadsDBHelper)

8
InternalPythonModules/android/googlemaplocation.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -76,7 +76,7 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
try: try:
jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) jFile = File(self.current_case.getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
self.__findGeoLocationsInDB(jFile.toString(), abstractFile) self.__findGeoLocationsInDB(jFile.toString(), abstractFile, context)
except Exception as ex: except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex) self._logger.log(Level.SEVERE, "Error parsing Google map locations", ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())
@ -84,13 +84,13 @@ class GoogleMapLocationAnalyzer(general.AndroidComponentAnalyzer):
# Error finding Google map locations. # Error finding Google map locations.
pass pass
def __findGeoLocationsInDB(self, databasePath, abstractFile): def __findGeoLocationsInDB(self, databasePath, abstractFile, context):
if not databasePath: if not databasePath:
return return
try: try:
artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(), artifactHelper = GeoArtifactsHelper(self.current_case.getSleuthkitCase(),
general.MODULE_NAME, self.PROGRAM_NAME, abstractFile) general.MODULE_NAME, self.PROGRAM_NAME, abstractFile, context.getJobId())
Class.forName("org.sqlite.JDBC") # load JDBC driver Class.forName("org.sqlite.JDBC") # load JDBC driver
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath) connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
statement = connection.createStatement() statement = connection.createStatement()

6
InternalPythonModules/android/imo.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -109,12 +109,12 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
friendsDb.getDBFile(), friendsDb.getDBFile(),
Account.Type.IMO, Account.Type.IMO, selfAccountId ) Account.Type.IMO, Account.Type.IMO, selfAccountId, context.getJobId())
else: else:
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
friendsDb.getDBFile(), friendsDb.getDBFile(),
Account.Type.IMO ) Account.Type.IMO, context.getJobId())
contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends") contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends")
if contactsResultSet is not None: if contactsResultSet is not None:
while contactsResultSet.next(): while contactsResultSet.next():

4
InternalPythonModules/android/installedapps.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -75,7 +75,7 @@ class InstalledApplicationsAnalyzer(general.AndroidComponentAnalyzer):
try: try:
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(), libraryDbHelper = ArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, libraryDb.getDBFile()) self._MODULE_NAME, libraryDb.getDBFile(), context.getJobId())
queryString = "SELECT doc_id, purchase_time FROM ownership" queryString = "SELECT doc_id, purchase_time FROM ownership"
ownershipResultSet = libraryDb.runQuery(queryString) ownershipResultSet = libraryDb.runQuery(queryString)
if ownershipResultSet is not None: if ownershipResultSet is not None:

6
InternalPythonModules/android/line.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -117,7 +117,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
contact_and_message_db.getDBFile(), Account.Type.LINE) contact_and_message_db.getDBFile(), Account.Type.LINE, context.getJobId())
self.parse_contacts(contact_and_message_db, helper) self.parse_contacts(contact_and_message_db, helper)
self.parse_messages(contact_and_message_db, helper, current_case) self.parse_messages(contact_and_message_db, helper, current_case)
@ -125,7 +125,7 @@ class LineAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
calllog_db.getDBFile(), Account.Type.LINE) calllog_db.getDBFile(), Account.Type.LINE, context.getJobId())
self.parse_calllogs(dataSource, calllog_db, helper) self.parse_calllogs(dataSource, calllog_db, helper)
except NoCurrentCaseException as ex: except NoCurrentCaseException as ex:

10
InternalPythonModules/android/operabrowser.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -119,7 +119,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for historyDb in historyDbs: for historyDb in historyDbs:
try: try:
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile()) self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
if historyResultSet is not None: if historyResultSet is not None:
while historyResultSet.next(): while historyResultSet.next():
@ -148,7 +148,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for downloadsDb in downloadsDbs: for downloadsDb in downloadsDbs:
try: try:
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, downloadsDb.getDBFile()) self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
queryString = "SELECT target_path, start_time, url FROM downloads"\ queryString = "SELECT target_path, start_time, url FROM downloads"\
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
downloadsResultSet = downloadsDb.runQuery(queryString) downloadsResultSet = downloadsDb.runQuery(queryString)
@ -177,7 +177,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for autofillDb in autofillDbs: for autofillDb in autofillDbs:
try: try:
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, autofillDb.getDBFile()) self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill") autofillsResultSet = autofillDb.runQuery("SELECT name, value, count, date_created FROM autofill")
if autofillsResultSet is not None: if autofillsResultSet is not None:
while autofillsResultSet.next(): while autofillsResultSet.next():
@ -205,7 +205,7 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
for webFormAddressDb in webFormAddressDbs: for webFormAddressDb in webFormAddressDbs:
try: try:
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, webFormAddressDb.getDBFile()) self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
queryString = """ queryString = """
SELECT street_address, city, state, zipcode, country_code, SELECT street_address, city, state, zipcode, country_code,
date_modified, first_name, last_name, number, email date_modified, first_name, last_name, number, email

7
InternalPythonModules/android/oruxmaps.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2018 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -72,7 +72,7 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
skCase = Case.getCurrentCase().getSleuthkitCase() skCase = Case.getCurrentCase().getSleuthkitCase()
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile()) geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile(), context.getJobId())
poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois" poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois"
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString) poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
@ -96,9 +96,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes) artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
try: try:
# index the artifact for keyword search
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
blackboard.postArtifact(artifact, self._MODULE_NAME) blackboard.postArtifact(artifact, self._MODULE_NAME, context.getJobId())
except Blackboard.BlackboardException as ex: except Blackboard.BlackboardException as ex:
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())

14
InternalPythonModules/android/sbrowser.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -87,7 +87,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for sbrowserDb in sbrowserDbs: for sbrowserDb in sbrowserDbs:
try: try:
sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), sbrowserDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, sbrowserDb.getDBFile()) self._MODULE_NAME, sbrowserDb.getDBFile(), context.getJobId())
bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL") bookmarkResultSet = sbrowserDb.runQuery("SELECT url, title, created FROM bookmarks WHERE url IS NOT NULL")
if bookmarkResultSet is not None: if bookmarkResultSet is not None:
while bookmarkResultSet.next(): while bookmarkResultSet.next():
@ -115,7 +115,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for cookiesDb in cookiesDbs: for cookiesDb in cookiesDbs:
try: try:
cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), cookiesDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, cookiesDb.getDBFile()) self._MODULE_NAME, cookiesDb.getDBFile(), context.getJobId())
cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies") cookiesResultSet = cookiesDb.runQuery("SELECT host_key, name, value, creation_utc FROM cookies")
if cookiesResultSet is not None: if cookiesResultSet is not None:
while cookiesResultSet.next(): while cookiesResultSet.next():
@ -145,7 +145,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for historyDb in historyDbs: for historyDb in historyDbs:
try: try:
historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), historyDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile()) self._MODULE_NAME, historyDb.getDBFile(), context.getJobId())
historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls") historyResultSet = historyDb.runQuery("SELECT url, title, last_visit_time FROM urls")
if historyResultSet is not None: if historyResultSet is not None:
while historyResultSet.next(): while historyResultSet.next():
@ -174,7 +174,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for downloadsDb in downloadsDbs: for downloadsDb in downloadsDbs:
try: try:
downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), downloadsDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, downloadsDb.getDBFile()) self._MODULE_NAME, downloadsDb.getDBFile(), context.getJobId())
queryString = "SELECT target_path, start_time, url FROM downloads"\ queryString = "SELECT target_path, start_time, url FROM downloads"\
" INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id" " INNER JOIN downloads_url_chains ON downloads.id = downloads_url_chains.id"
downloadsResultSet = downloadsDb.runQuery(queryString) downloadsResultSet = downloadsDb.runQuery(queryString)
@ -203,7 +203,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for autofillDb in autofillDbs: for autofillDb in autofillDbs:
try: try:
autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), autofillDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, autofillDb.getDBFile()) self._MODULE_NAME, autofillDb.getDBFile(), context.getJobId())
queryString = """ queryString = """
SELECT name, value, count, date_created SELECT name, value, count, date_created
FROM autofill FROM autofill
@ -236,7 +236,7 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
for webFormAddressDb in webFormAddressDbs: for webFormAddressDb in webFormAddressDbs:
try: try:
webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(), webFormAddressDbHelper = WebBrowserArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, webFormAddressDb.getDBFile()) self._MODULE_NAME, webFormAddressDb.getDBFile(), context.getJobId())
""" """
Autofill form data is split across multiple tables. The quqery below joins the various tables. Autofill form data is split across multiple tables. The quqery below joins the various tables.
""" """

4
InternalPythonModules/android/shareit.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -85,7 +85,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile(), self._MODULE_NAME, historyDb.getDBFile(),
Account.Type.SHAREIT) Account.Type.SHAREIT, context.getJobId())
queryString = """ queryString = """
SELECT history_type, device_id, device_name, description, timestamp, file_path SELECT history_type, device_id, device_name, description, timestamp, file_path

6
InternalPythonModules/android/skype.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -129,13 +129,13 @@ class SkypeAnalyzer(general.AndroidComponentAnalyzer):
if user_account_instance is None: if user_account_instance is None:
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
skype_db.getDBFile(), Account.Type.SKYPE skype_db.getDBFile(), Account.Type.SKYPE, context.getJobId()
) )
else: else:
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
skype_db.getDBFile(), Account.Type.SKYPE, skype_db.getDBFile(), Account.Type.SKYPE,
Account.Type.SKYPE, user_account_instance Account.Type.SKYPE, user_account_instance, context.getJobId()
) )
self.parse_contacts(skype_db, helper) self.parse_contacts(skype_db, helper)
self.parse_calllogs(skype_db, helper) self.parse_calllogs(skype_db, helper)

8
InternalPythonModules/android/tangomessage.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -72,7 +72,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME) tangoDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "tc.db", True, self._PACKAGE_NAME)
for tangoDbFile in tangoDbFiles: for tangoDbFile in tangoDbFiles:
try: try:
self.__findTangoMessagesInDB(tangoDbFile, dataSource) self.__findTangoMessagesInDB(tangoDbFile, dataSource, context)
except Exception as ex: except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex) self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())
@ -80,7 +80,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
# Error finding Tango messages. # Error finding Tango messages.
pass pass
def __findTangoMessagesInDB(self, tangoDb, dataSource): def __findTangoMessagesInDB(self, tangoDb, dataSource, context):
if not tangoDb: if not tangoDb:
return return
@ -91,7 +91,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), tangoDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
tangoDb.getDBFile(), tangoDb.getDBFile(),
Account.Type.TANGO ) Account.Type.TANGO, context.getJobId())
resultSet = tangoDb.runQuery( resultSet = tangoDb.runQuery(
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;") "SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")

6
InternalPythonModules/android/textmessage.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -80,12 +80,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
messageDb.getDBFile(), messageDb.getDBFile(),
Account.Type.PHONE, Account.Type.IMO, selfAccountId ) Account.Type.PHONE, Account.Type.IMO, selfAccountId, context.getJobId())
else: else:
messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), messageDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
messageDb.getDBFile(), messageDb.getDBFile(),
Account.Type.PHONE ) Account.Type.PHONE, context.getJobId())
uuid = UUID.randomUUID().toString() uuid = UUID.randomUUID().toString()
messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;") messagesResultSet = messageDb.runQuery("SELECT address, date, read, type, subject, body, thread_id FROM sms;")

4
InternalPythonModules/android/textnow.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -91,7 +91,7 @@ class TextNowAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
textnow_db.getDBFile(), Account.Type.TEXTNOW textnow_db.getDBFile(), Account.Type.TEXTNOW, context.getJobId()
) )
self.parse_contacts(textnow_db, helper) self.parse_contacts(textnow_db, helper)
self.parse_calllogs(textnow_db, helper) self.parse_calllogs(textnow_db, helper)

10
InternalPythonModules/android/viber.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -91,7 +91,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
contact_and_calllog_db.getDBFile(), Account.Type.VIBER) contact_and_calllog_db.getDBFile(), Account.Type.VIBER, context.getJobId())
self.parse_contacts(contact_and_calllog_db, helper) self.parse_contacts(contact_and_calllog_db, helper)
self.parse_calllogs(contact_and_calllog_db, helper) self.parse_calllogs(contact_and_calllog_db, helper)
@ -100,7 +100,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
message_db.getDBFile(), Account.Type.VIBER) message_db.getDBFile(), Account.Type.VIBER, context.getJobId())
self.parse_messages(message_db, helper, current_case) self.parse_messages(message_db, helper, current_case)
except NoCurrentCaseException as ex: except NoCurrentCaseException as ex:
@ -131,9 +131,7 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
attributes = ArrayList() attributes = ArrayList()
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name())) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes) artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME, context.getJobId())
# Post the artifact to blackboard
current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)
contacts_parser.close() contacts_parser.close()
except SQLException as ex: except SQLException as ex:

6
InternalPythonModules/android/whatsapp.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -145,14 +145,14 @@ class WhatsAppAnalyzer(general.AndroidComponentAnalyzer):
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
contact_db.getDBFile(), Account.Type.WHATSAPP) contact_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
self.parse_contacts(contact_db, helper) self.parse_contacts(contact_db, helper)
for calllog_and_message_db in calllog_and_message_dbs: for calllog_and_message_db in calllog_and_message_dbs:
current_case = Case.getCurrentCaseThrows() current_case = Case.getCurrentCaseThrows()
helper = CommunicationArtifactsHelper( helper = CommunicationArtifactsHelper(
current_case.getSleuthkitCase(), self._PARSER_NAME, current_case.getSleuthkitCase(), self._PARSER_NAME,
calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP) calllog_and_message_db.getDBFile(), Account.Type.WHATSAPP, context.getJobId())
self.parse_calllogs(calllog_and_message_db, helper) self.parse_calllogs(calllog_and_message_db, helper)
self.parse_messages(dataSource, calllog_and_message_db, helper, current_case) self.parse_messages(dataSource, calllog_and_message_db, helper, current_case)

8
InternalPythonModules/android/wwfmessage.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2016-2020 Basis Technology Corp. Copyright 2016-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -78,7 +78,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME) wwfDbFiles = AppSQLiteDB.findAppDatabases(dataSource, "WordsFramework", True, self._PACKAGE_NAME)
for wwfDbFile in wwfDbFiles: for wwfDbFile in wwfDbFiles:
try: try:
self.__findWWFMessagesInDB(wwfDbFile, dataSource) self.__findWWFMessagesInDB(wwfDbFile, dataSource, context)
except Exception as ex: except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex) self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())
@ -88,7 +88,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, traceback.format_exc()) self._logger.log(Level.SEVERE, traceback.format_exc())
pass pass
def __findWWFMessagesInDB(self, wwfDb, dataSource): def __findWWFMessagesInDB(self, wwfDb, dataSource, context):
if not wwfDb: if not wwfDb:
return return
@ -98,7 +98,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), wwfDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME, self._PARSER_NAME,
wwfDb.getDBFile(), wwfDb.getDBFile(),
wwfAccountType ) wwfAccountType, context.getJobId())
uuid = UUID.randomUUID().toString() uuid = UUID.randomUUID().toString()

6
InternalPythonModules/android/xender.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -91,11 +91,11 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
if selfAccountId is not None: if selfAccountId is not None:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(), self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER, Account.Type.XENDER, selfAccountId ) Account.Type.XENDER, Account.Type.XENDER, selfAccountId, context.getJobId())
else: else:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(), self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER) Account.Type.XENDER, context.getJobId())
queryString = """ queryString = """
SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id, SELECT f_path, f_display_name, f_size_str, c_start_time, c_direction, c_session_id,

4
InternalPythonModules/android/zapya.py
View File

@ -1,7 +1,7 @@
""" """
Autopsy Forensic Browser Autopsy Forensic Browser
Copyright 2019-2020 Basis Technology Corp. Copyright 2019-2021 Basis Technology Corp.
Contact: carrier <at> sleuthkit <dot> org Contact: carrier <at> sleuthkit <dot> org
Licensed under the Apache License, Version 2.0 (the "License"); Licensed under the Apache License, Version 2.0 (the "License");
@ -81,7 +81,7 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
# #
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transferDb.getDBFile(), self._MODULE_NAME, transferDb.getDBFile(),
Account.Type.ZAPYA) Account.Type.ZAPYA, context.getJobId())
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
transfersResultSet = transferDb.runQuery(queryString) transfersResultSet = transferDb.runQuery(queryString)

3
pythonExamples/Aug2015DataSourceTutorial/FindContactsDb.py
View File

@ -172,8 +172,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
)) ))
try: try:
# index the artifact for keyword search blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName, context.getJobId())
blackboard.postArtifact(art, ContactsDbIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

2
pythonExamples/Aug2015DataSourceTutorial/FindContactsDb_v2.py
View File

@ -146,7 +146,7 @@ class ContactsDbIngestModule(DataSourceIngestModule):
# Create an instance of the helper class # Create an instance of the helper class
# TODO - Replace with your parser name and Account.Type # TODO - Replace with your parser name and Account.Type
helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), helper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE) ContactsDbIngestModuleFactory.moduleName, app_database.getDBFile(), Account.Type.DEVICE, context.getJobId())
# Iterate through each row and create artifacts # Iterate through each row and create artifacts
while result_set.next(): while result_set.next():

7
pythonExamples/July2015FileTutorial_BigRound/FindBigRoundFiles.py
View File

@ -92,11 +92,15 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
def log(self, level, msg): def log(self, level, msg):
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
def __init__(self):
self.context = None
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.context = context
self.filesFound = 0 self.filesFound = 0
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up # Throw an IngestModule.IngestModuleException exception if there was a problem setting up
@ -130,8 +134,7 @@ class FindBigRoundFilesIngestModule(FileIngestModule):
"Big and Round Files"))).getAnalysisResult() "Big and Round Files"))).getAnalysisResult()
try: try:
# post the artifact for listeners of artifact events blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName, context.getJobId())
blackboard.postArtifact(art, FindBigRoundFilesIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

3
pythonExamples/Registry_Example.py
View File

@ -207,9 +207,8 @@ class RegistryExampleIngestModule(DataSourceIngestModule):
BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3]) BlackboardAttribute(attributeIdRunKeyValue, moduleName, registryKey[3])
)) ))
# index the artifact for keyword search
try: try:
blackboard.postArtifact(art, moduleName) blackboard.postArtifact(art, moduleName, context.getJobId())
except Blackboard.BlackboardException as ex: except Blackboard.BlackboardException as ex:
self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex) self.log(Level.SEVERE, "Unable to index blackboard artifact " + str(art.getArtifactTypeName()), ex)

3
pythonExamples/dataSourceIngestModule.py
View File

@ -146,8 +146,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
None, "Test file", None, attrs).getAnalysisResult() None, "Test file", None, attrs).getAnalysisResult()
try: try:
# post the artifact for listeners of artifact events. blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName, context.getJobId())
blackboard.postArtifact(art, SampleJythonDataSourceIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())

7
pythonExamples/fileIngestModule.py
View File

@ -94,11 +94,15 @@ class SampleJythonFileIngestModule(FileIngestModule):
def log(self, level, msg): def log(self, level, msg):
self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg) self._logger.logp(level, self.__class__.__name__, inspect.stack()[1][3], msg)
def __init__(self):
self.context = None
# Where any setup and configuration is done # Where any setup and configuration is done
# 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext. # 'context' is an instance of org.sleuthkit.autopsy.ingest.IngestJobContext.
# See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
# TODO: Add any setup code that you need here. # TODO: Add any setup code that you need here.
def startUp(self, context): def startUp(self, context):
self.context = context
self.filesFound = 0 self.filesFound = 0
# Throw an IngestModule.IngestModuleException exception if there was a problem setting up # Throw an IngestModule.IngestModuleException exception if there was a problem setting up
@ -134,8 +138,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
None, "Text Files", None, attrs).getAnalysisResult() None, "Text Files", None, attrs).getAnalysisResult()
try: try:
# post the artifact for listeners of artifact events blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName, context.getJobId())
blackboard.postArtifact(art, SampleJythonFileIngestModuleFactory.moduleName)
except Blackboard.BlackboardException as e: except Blackboard.BlackboardException as e:
self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName()) self.log(Level.SEVERE, "Error indexing artifact " + art.getDisplayName())