mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-17 10:17:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

4380 add correlation attrs for imei, imsi, and iccid

Browse Source
This commit is contained in:
William Schaefer 2018-11-19 18:32:51 -05:00
parent 271788c316
commit 3f8840f8fd
4 changed files with 80 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
View File

@ -3263,18 +3263,24 @@ abstract class AbstractSqlEamDb implements EamDb {
}
final String dataSourceObjectIdIndexTemplate = "CREATE INDEX IF NOT EXISTS datasource_object_id ON data_sources (%s)";
statement.execute(String.format(dataSourceObjectIdIndexTemplate, dataSourceObjectIdColumnName));
List<String> instaceTablesToAdd = new ArrayList<>();
//update central repository to be able to store new correlation attributes
final String wirelessNetworsDbTableName = "wireless_networks";
final String wirelessNetworksTableInstanceName = wirelessNetworsDbTableName + "_instances";
final String wirelessNetworksDbTableName = "wireless_networks";
instaceTablesToAdd.add(wirelessNetworksDbTableName + "_instances");
final String macAddressDbTableName = "mac_address";
final String macAddressTableInstanceName = macAddressDbTableName + "_instances";
instaceTablesToAdd.add(macAddressDbTableName + "_instances");
final String imeiNumberDbTableName = "imei_number";
instaceTablesToAdd.add(imeiNumberDbTableName + "_instances");
final String iccidNumberDbTableName = "iccid_number";
instaceTablesToAdd.add(iccidNumberDbTableName + "_instances");
final String imsiNumberDbTableName = "imsi_number";
instaceTablesToAdd.add(imsiNumberDbTableName + "_instances");
//add the wireless_networks attribute to the correlation_types table
preparedStatement = conn.prepareStatement(addAttributeSql);
preparedStatement.setInt(1, CorrelationAttributeInstance.SSID_TYPE_ID);
preparedStatement.setString(2, Bundle.CorrelationType_SSID_displayName());
preparedStatement.setString(3, wirelessNetworsDbTableName);
preparedStatement.setString(3, wirelessNetworksDbTableName);
preparedStatement.setInt(4, 1);
preparedStatement.setInt(5, 1);
preparedStatement.execute();
@ -3288,20 +3294,42 @@ abstract class AbstractSqlEamDb implements EamDb {
preparedStatement.setInt(5, 1);
preparedStatement.execute();
//create a new wireless_networks_instances table and add indexes for its columns
statement.execute(String.format(addSsidTableTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
statement.execute(String.format(addCaseIdIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
statement.execute(String.format(addDataSourceIdIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
statement.execute(String.format(addValueIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
statement.execute(String.format(addKnownStatusIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
//create a new mac_address_instances table and add indexes for its columns
statement.execute(String.format(addSsidTableTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
statement.execute(String.format(addCaseIdIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
statement.execute(String.format(addDataSourceIdIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
statement.execute(String.format(addValueIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
statement.execute(String.format(addKnownStatusIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
//add the imei_number attribute to the correlation_types table
preparedStatement = conn.prepareStatement(addAttributeSql);
preparedStatement.setInt(1, CorrelationAttributeInstance.IMEI_TYPE_ID);
preparedStatement.setString(2, Bundle.CorrelationType_IMEI_displayName());
preparedStatement.setString(3, imeiNumberDbTableName);
preparedStatement.setInt(4, 1);
preparedStatement.setInt(5, 1);
preparedStatement.execute();
//add the imsi_number attribute to the correlation_types table
preparedStatement = conn.prepareStatement(addAttributeSql);
preparedStatement.setInt(1, CorrelationAttributeInstance.IMSI_TYPE_ID);
preparedStatement.setString(2, Bundle.CorrelationType_IMSI_displayName());
preparedStatement.setString(3, imsiNumberDbTableName);
preparedStatement.setInt(4, 1);
preparedStatement.setInt(5, 1);
preparedStatement.execute();
//add the iccid_number attribute to the correlation_types table
preparedStatement = conn.prepareStatement(addAttributeSql);
preparedStatement.setInt(1, CorrelationAttributeInstance.ICCID_TYPE_ID);
preparedStatement.setString(2, Bundle.CorrelationType_ICCID_displayName());
preparedStatement.setString(3, iccidNumberDbTableName);
preparedStatement.setInt(4, 1);
preparedStatement.setInt(5, 1);
preparedStatement.execute();
//create a new _instances tables and add indexes for their columns
for (String tableName : instaceTablesToAdd) {
statement.execute(String.format(addSsidTableTemplate, tableName, tableName));
statement.execute(String.format(addCaseIdIndexTemplate, tableName, tableName));
statement.execute(String.format(addDataSourceIdIndexTemplate, tableName, tableName));
statement.execute(String.format(addValueIndexTemplate, tableName, tableName));
statement.execute(String.format(addKnownStatusIndexTemplate, tableName, tableName));
}
//add file_obj_id column to _instances table which do not already have it
String instance_type_dbname;
final String objectIdColumnName = "file_obj_id";

11
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
View File

@ -217,6 +217,9 @@ public class CorrelationAttributeInstance implements Serializable {
public static final int USBID_TYPE_ID = 4;
public static final int SSID_TYPE_ID = 5;
public static final int MAC_TYPE_ID = 6;
public static final int IMEI_TYPE_ID = 7;
public static final int IMSI_TYPE_ID = 8;
public static final int ICCID_TYPE_ID = 9;
/**
* Load the default correlation types
@ -230,7 +233,10 @@ public class CorrelationAttributeInstance implements Serializable {
"CorrelationType.PHONE.displayName=Phone Numbers",
"CorrelationType.USBID.displayName=USB Devices",
"CorrelationType.SSID.displayName=Wireless Networks",
"CorrelationType.MAC.displayName=Mac Addresses"})
"CorrelationType.MAC.displayName=Mac Addresses",
"CorrelationType.IMEI.displayName=IMEI Number",
"CorrelationType.IMSI.displayName=IMSI Number",
"CorrelationType.ICCID.displayName=ICCID Number"})
public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws EamDbException {
List<CorrelationAttributeInstance.Type> DEFAULT_CORRELATION_TYPES = new ArrayList<>();
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(FILES_TYPE_ID, Bundle.CorrelationType_FILES_displayName(), "file", true, true)); // NON-NLS
@ -240,6 +246,9 @@ public class CorrelationAttributeInstance implements Serializable {
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(USBID_TYPE_ID, Bundle.CorrelationType_USBID_displayName(), "usb_devices", true, true)); // NON-NLS
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(SSID_TYPE_ID, Bundle.CorrelationType_SSID_displayName(), "wireless_networks", true, true)); // NON-NLS
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(MAC_TYPE_ID, Bundle.CorrelationType_MAC_displayName(), "mac_address", true, true)); //NON-NLS
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(IMEI_TYPE_ID, Bundle.CorrelationType_IMEI_displayName(), "imei_number", true, true)); //NON-NLS
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(IMSI_TYPE_ID, Bundle.CorrelationType_IMSI_displayName(), "imsi_number", true, true)); //NON-NLS
DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(ICCID_TYPE_ID, Bundle.CorrelationType_ICCID_displayName(), "iccid_number", true, true)); //NON-NLS
return DEFAULT_CORRELATION_TYPES;
}

6
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
View File

@ -67,6 +67,12 @@ final public class CorrelationAttributeNormalizer {
return data;
case CorrelationAttributeInstance.MAC_TYPE_ID:
return data;
case CorrelationAttributeInstance.IMEI_TYPE_ID:
return data;
case CorrelationAttributeInstance.IMSI_TYPE_ID:
return data;
case CorrelationAttributeInstance.ICCID_TYPE_ID:
return data;
default:
final String errorMessage = String.format(
"Validator function not found for attribute type: %s",

23
Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java
View File

@ -161,16 +161,27 @@ public class EamArtifactUtil {
}
} else if (correlationType.getId() == CorrelationAttributeInstance.USBID_TYPE_ID
&& BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID() == artifactTypeID) {
value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID)).getValueString();
} else if (correlationType.getId() == CorrelationAttributeInstance.SSID_TYPE_ID
&& BlackboardArtifact.ARTIFACT_TYPE.TSK_WIFI_NETWORK.getTypeID() == artifactTypeID) {
value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SSID)).getValueString();
}
// else if (correlationType.getId() == CorrelationAttributeInstance.MAC_TYPE_ID
// && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID() == artifactTypeID) {
// value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID)).getValueString();
// } //WJS-TODO enable actually making the mac address attrs when tsk_artifacts and attrs added
// } else if (correlationType.getId() == CorrelationAttributeInstance.MAC_TYPE_ID
// && (BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID
// || BlackboardArtifact.ARTIFACT_TYPE.TSK_BLUETOOTH_PAIRING == artifactTypeID
// || BlackboardArtifact.ARTIFACT_TYPE.TSK_BLUETOOTH_ADAPTER == artifactTypeID
// || BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED == artifactTypeID)) {
// value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MAC_ADDRESS)).getValueString();
// } else if (correlationType.getId() == CorrelationAttributeInstance.IMEI_TYPE_ID
// && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID) {
// value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI)).getValueString();
// } else if (correlationType.getId() == CorrelationAttributeInstance.IMSI_TYPE_ID
// && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID) {
// value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMSI)).getValueString();
// } else if (correlationType.getId() == CorrelationAttributeInstance.MAC_TYPE_ID
// && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID) {
// value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ICID)).getValueString();
} //WJS-TODO enable actually making the mac address attrs when tsk_artifacts and attrs added
} catch (TskCoreException ex) {
logger.log(Level.SEVERE, "Error getting attribute while getting type from BlackboardArtifact.", ex); // NON-NLS
return null;