4380 add correlation attrs for imei, imsi, and iccid

2025-07-17 18:17:43 +00:00 · 2018-11-19 18:32:51 -05:00 · 2018-11-19 18:32:51 -05:00 · 3f8840f8fd
commit 3f8840f8fd
parent 271788c316
4 changed files with 80 additions and 26 deletions
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/AbstractSqlEamDb.java
@ -3263,18 +3263,24 @@ abstract class AbstractSqlEamDb implements EamDb {
                }
                final String dataSourceObjectIdIndexTemplate = "CREATE INDEX IF NOT EXISTS datasource_object_id ON data_sources (%s)";
                statement.execute(String.format(dataSourceObjectIdIndexTemplate, dataSourceObjectIdColumnName));
-
+                List<String> instaceTablesToAdd = new ArrayList<>();
                //update central repository to be able to store new correlation attributes 
-                final String wirelessNetworsDbTableName = "wireless_networks";
-                final String wirelessNetworksTableInstanceName = wirelessNetworsDbTableName + "_instances";
+                final String wirelessNetworksDbTableName = "wireless_networks";
+                instaceTablesToAdd.add(wirelessNetworksDbTableName + "_instances");
                final String macAddressDbTableName = "mac_address";
-                final String macAddressTableInstanceName = macAddressDbTableName + "_instances";
+                instaceTablesToAdd.add(macAddressDbTableName + "_instances");
+                final String imeiNumberDbTableName = "imei_number";
+                instaceTablesToAdd.add(imeiNumberDbTableName + "_instances");
+                final String iccidNumberDbTableName = "iccid_number";
+                instaceTablesToAdd.add(iccidNumberDbTableName + "_instances");
+                final String imsiNumberDbTableName = "imsi_number";
+                instaceTablesToAdd.add(imsiNumberDbTableName + "_instances");

                //add the wireless_networks attribute to the correlation_types table
                preparedStatement = conn.prepareStatement(addAttributeSql);
                preparedStatement.setInt(1, CorrelationAttributeInstance.SSID_TYPE_ID);
                preparedStatement.setString(2, Bundle.CorrelationType_SSID_displayName());
-                preparedStatement.setString(3, wirelessNetworsDbTableName);
+                preparedStatement.setString(3, wirelessNetworksDbTableName);
                preparedStatement.setInt(4, 1);
                preparedStatement.setInt(5, 1);
                preparedStatement.execute();
@ -3288,19 +3294,41 @@ abstract class AbstractSqlEamDb implements EamDb {
                preparedStatement.setInt(5, 1);
                preparedStatement.execute();

-                //create a new wireless_networks_instances table and add indexes for its columns
-                statement.execute(String.format(addSsidTableTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
-                statement.execute(String.format(addCaseIdIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
-                statement.execute(String.format(addDataSourceIdIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
-                statement.execute(String.format(addValueIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
-                statement.execute(String.format(addKnownStatusIndexTemplate, wirelessNetworksTableInstanceName, wirelessNetworksTableInstanceName));
+                //add the imei_number attribute to the correlation_types table
+                preparedStatement = conn.prepareStatement(addAttributeSql);
+                preparedStatement.setInt(1, CorrelationAttributeInstance.IMEI_TYPE_ID);
+                preparedStatement.setString(2, Bundle.CorrelationType_IMEI_displayName());
+                preparedStatement.setString(3, imeiNumberDbTableName);
+                preparedStatement.setInt(4, 1);
+                preparedStatement.setInt(5, 1);
+                preparedStatement.execute();

-                 //create a new mac_address_instances table and add indexes for its columns
-                statement.execute(String.format(addSsidTableTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
-                statement.execute(String.format(addCaseIdIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
-                statement.execute(String.format(addDataSourceIdIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
-                statement.execute(String.format(addValueIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
-                statement.execute(String.format(addKnownStatusIndexTemplate, macAddressTableInstanceName, macAddressTableInstanceName));
+                //add the imsi_number attribute to the correlation_types table
+                preparedStatement = conn.prepareStatement(addAttributeSql);
+                preparedStatement.setInt(1, CorrelationAttributeInstance.IMSI_TYPE_ID);
+                preparedStatement.setString(2, Bundle.CorrelationType_IMSI_displayName());
+                preparedStatement.setString(3, imsiNumberDbTableName);
+                preparedStatement.setInt(4, 1);
+                preparedStatement.setInt(5, 1);
+                preparedStatement.execute();
+
+                //add the iccid_number attribute to the correlation_types table
+                preparedStatement = conn.prepareStatement(addAttributeSql);
+                preparedStatement.setInt(1, CorrelationAttributeInstance.ICCID_TYPE_ID);
+                preparedStatement.setString(2, Bundle.CorrelationType_ICCID_displayName());
+                preparedStatement.setString(3, iccidNumberDbTableName);
+                preparedStatement.setInt(4, 1);
+                preparedStatement.setInt(5, 1);
+                preparedStatement.execute();
+
+                //create a new _instances tables and add indexes for their columns
+                for (String tableName : instaceTablesToAdd) {
+                    statement.execute(String.format(addSsidTableTemplate, tableName, tableName));
+                    statement.execute(String.format(addCaseIdIndexTemplate, tableName, tableName));
+                    statement.execute(String.format(addDataSourceIdIndexTemplate, tableName, tableName));
+                    statement.execute(String.format(addValueIndexTemplate, tableName, tableName));
+                    statement.execute(String.format(addKnownStatusIndexTemplate, tableName, tableName));
+                }

                //add file_obj_id column to _instances table which do not already have it
                String instance_type_dbname;
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeInstance.java
@ -217,6 +217,9 @@ public class CorrelationAttributeInstance implements Serializable {
    public static final int USBID_TYPE_ID = 4;
    public static final int SSID_TYPE_ID = 5;
    public static final int MAC_TYPE_ID = 6;
+    public static final int IMEI_TYPE_ID = 7;
+    public static final int IMSI_TYPE_ID = 8;
+    public static final int ICCID_TYPE_ID = 9;

    /**
     * Load the default correlation types
@ -230,7 +233,10 @@ public class CorrelationAttributeInstance implements Serializable {
        "CorrelationType.PHONE.displayName=Phone Numbers",
        "CorrelationType.USBID.displayName=USB Devices",
        "CorrelationType.SSID.displayName=Wireless Networks",
-        "CorrelationType.MAC.displayName=Mac Addresses"})
+        "CorrelationType.MAC.displayName=Mac Addresses",
+        "CorrelationType.IMEI.displayName=IMEI Number",
+        "CorrelationType.IMSI.displayName=IMSI Number",
+        "CorrelationType.ICCID.displayName=ICCID Number"})
    public static List<CorrelationAttributeInstance.Type> getDefaultCorrelationTypes() throws EamDbException {
        List<CorrelationAttributeInstance.Type> DEFAULT_CORRELATION_TYPES = new ArrayList<>();
        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(FILES_TYPE_ID, Bundle.CorrelationType_FILES_displayName(), "file", true, true)); // NON-NLS
@ -240,6 +246,9 @@ public class CorrelationAttributeInstance implements Serializable {
        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(USBID_TYPE_ID, Bundle.CorrelationType_USBID_displayName(), "usb_devices", true, true)); // NON-NLS
        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(SSID_TYPE_ID, Bundle.CorrelationType_SSID_displayName(), "wireless_networks", true, true)); // NON-NLS
        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(MAC_TYPE_ID, Bundle.CorrelationType_MAC_displayName(), "mac_address", true, true)); //NON-NLS
+        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(IMEI_TYPE_ID, Bundle.CorrelationType_IMEI_displayName(), "imei_number", true, true)); //NON-NLS
+        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(IMSI_TYPE_ID, Bundle.CorrelationType_IMSI_displayName(), "imsi_number", true, true)); //NON-NLS
+        DEFAULT_CORRELATION_TYPES.add(new CorrelationAttributeInstance.Type(ICCID_TYPE_ID, Bundle.CorrelationType_ICCID_displayName(), "iccid_number", true, true)); //NON-NLS
        return DEFAULT_CORRELATION_TYPES;
    }

--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
@ -67,6 +67,12 @@ final public class CorrelationAttributeNormalizer {
                return data;
            case CorrelationAttributeInstance.MAC_TYPE_ID:
                return data;
+            case CorrelationAttributeInstance.IMEI_TYPE_ID:
+                return data;
+            case CorrelationAttributeInstance.IMSI_TYPE_ID:
+                return data;
+            case CorrelationAttributeInstance.ICCID_TYPE_ID:
+                return data;
            default:
                final String errorMessage = String.format(
                        "Validator function not found for attribute type: %s", 
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/EamArtifactUtil.java
@ -161,16 +161,27 @@ public class EamArtifactUtil {
                }
            } else if (correlationType.getId() == CorrelationAttributeInstance.USBID_TYPE_ID
                    && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID() == artifactTypeID) {
-
                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID)).getValueString();
            } else if (correlationType.getId() == CorrelationAttributeInstance.SSID_TYPE_ID
                    && BlackboardArtifact.ARTIFACT_TYPE.TSK_WIFI_NETWORK.getTypeID() == artifactTypeID) {
                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SSID)).getValueString();
-            } 
-//            else if (correlationType.getId() == CorrelationAttributeInstance.MAC_TYPE_ID
-//                     && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED.getTypeID() == artifactTypeID) {
-//                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_ID)).getValueString();
-//            }  //WJS-TODO enable actually making the mac address attrs when tsk_artifacts and attrs added
+//            } else if (correlationType.getId() == CorrelationAttributeInstance.MAC_TYPE_ID
+//                    && (BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID
+//                    || BlackboardArtifact.ARTIFACT_TYPE.TSK_BLUETOOTH_PAIRING == artifactTypeID
+//                    || BlackboardArtifact.ARTIFACT_TYPE.TSK_BLUETOOTH_ADAPTER == artifactTypeID
+//                    || BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ATTACHED == artifactTypeID)) {
+//                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MAC_ADDRESS)).getValueString();
+//            } else if (correlationType.getId() == CorrelationAttributeInstance.IMEI_TYPE_ID
+//                    && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID) {
+//                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI)).getValueString();
+//            } else if (correlationType.getId() == CorrelationAttributeInstance.IMSI_TYPE_ID
+//                    && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID) {
+//                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMSI)).getValueString();
+//            } else if (correlationType.getId() == CorrelationAttributeInstance.MAC_TYPE_ID
+//                    && BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID() == artifactTypeID) {
+//                value = bbArtifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ICID)).getValueString();
+            }  //WJS-TODO enable actually making the mac address attrs when tsk_artifacts and attrs added
+
        } catch (TskCoreException ex) {
            logger.log(Level.SEVERE, "Error getting attribute while getting type from BlackboardArtifact.", ex); // NON-NLS
            return null;