mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 00:16:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed Android GPS time bug, cleaned up Android code, disablede iOS code. moved KML logic to KML report module

Browse Source
This commit is contained in:
Brian Carrier 2014-07-08 18:25:02 -04:00
parent 681fa0bf4e
commit 4bc93248a4
17 changed files with 558 additions and 594 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
Core/src/org/sleuthkit/autopsy/modules/android/AndroidIngestModule.java
View File

@ -45,17 +45,13 @@ class AndroidIngestModule implements DataSourceIngestModule {
@Override @Override
public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) { public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
services.postMessage(IngestMessage.createMessage(IngestMessage.MessageType.INFO, AndroidModuleFactory.getModuleName(), "Started {0}")); services.postMessage(IngestMessage.createMessage(IngestMessage.MessageType.INFO, AndroidModuleFactory.getModuleName(), "Started {0}"));
ArrayList<String> errors = new ArrayList<>(); ArrayList<String> errors = new ArrayList<>();
progressBar.switchToDeterminate(9); progressBar.switchToDeterminate(9);
try { try {
ContactAnalyzer FindContacts = new ContactAnalyzer(); ContactAnalyzer.findContacts();
FindContacts.findContacts();
progressBar.progress(1); progressBar.progress(1);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
@ -63,9 +59,9 @@ class AndroidIngestModule implements DataSourceIngestModule {
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Contacts"); errors.add("Error getting Contacts");
} }
try { try {
CallLogAnalyzer FindCallLogs = new CallLogAnalyzer(); CallLogAnalyzer.findCallLogs();
FindCallLogs.findCallLogs();
progressBar.progress(2); progressBar.progress(2);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
@ -73,9 +69,9 @@ class AndroidIngestModule implements DataSourceIngestModule {
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Call Logs"); errors.add("Error getting Call Logs");
} }
try { try {
TextMessageAnalyzer FindTexts = new TextMessageAnalyzer(); TextMessageAnalyzer.findTexts();
FindTexts.findTexts();
progressBar.progress(3); progressBar.progress(3);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
@ -83,9 +79,9 @@ class AndroidIngestModule implements DataSourceIngestModule {
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Text Messages"); errors.add("Error getting Text Messages");
} }
try { try {
TangoMessageAnalyzer FindTangoMessages = new TangoMessageAnalyzer(); TangoMessageAnalyzer.findTangoMessages();
FindTangoMessages.findTangoMessages();
progressBar.progress(4); progressBar.progress(4);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
@ -93,9 +89,9 @@ class AndroidIngestModule implements DataSourceIngestModule {
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Tango Messages"); errors.add("Error getting Tango Messages");
} }
try { try {
WWFMessageAnalyzer FindWWFMessages = new WWFMessageAnalyzer(); WWFMessageAnalyzer.findWWFMessages();
FindWWFMessages.findWWFMessages();
progressBar.progress(5); progressBar.progress(5);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
@ -103,40 +99,43 @@ class AndroidIngestModule implements DataSourceIngestModule {
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Words with Friends Messages"); errors.add("Error getting Words with Friends Messages");
} }
try { try {
GoogleMapLocationAnalyzer FindGoogleMapLocations = new GoogleMapLocationAnalyzer(); GoogleMapLocationAnalyzer.findGeoLocations();
FindGoogleMapLocations.findGeoLocations();
progressBar.progress(6); progressBar.progress(6);
if (context.isJobCancelled()) { if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} catch (Exception e) { } catch (Exception e) {
errors.add( "Error getting Google Map Locations"); errors.add("Error getting Google Map Locations");
} }
try { try {
BrowserLocationAnalyzer FindBrowserLocations = new BrowserLocationAnalyzer(); BrowserLocationAnalyzer.findGeoLocations();
FindBrowserLocations.findGeoLocations();
progressBar.progress(7); progressBar.progress(7);
if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK;
}
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Browser Locations"); errors.add("Error getting Browser Locations");
} }
if (context.isJobCancelled()) {
return IngestModule.ProcessResult.OK;
}
try { try {
CacheLocationAnalyzer FindCacheLocations = new CacheLocationAnalyzer(); CacheLocationAnalyzer.findGeoLocations();
FindCacheLocations.findGeoLocations();
progressBar.progress(8); progressBar.progress(8);
} catch (Exception e) { } catch (Exception e) {
errors.add("Error getting Cache Locations"); errors.add("Error getting Cache Locations");
} }
/* I'm not sure why we have this in here since we have a KML report module ...
try { try {
KMLFileCreator KMLFileCreator = new KMLFileCreator(); KMLFileCreator kMLFileCreator = new KMLFileCreator();
KMLFileCreator.CreateKML(); kMLFileCreator.createKml();
progressBar.progress(9); progressBar.progress(9);
} catch (Exception e) { } catch (Exception e) {
errors.add("Error creating KML"); errors.add("Error creating KML");
} }
*/
// create the final message for inbox // create the final message for inbox
StringBuilder errorMessage = new StringBuilder(); StringBuilder errorMessage = new StringBuilder();
@ -151,19 +150,17 @@ class AndroidIngestModule implements DataSourceIngestModule {
errorMessage.append("</ul>\n"); //NON-NLS errorMessage.append("</ul>\n"); //NON-NLS
if (errors.size() == 1) { if (errors.size() == 1) {
errorMsgSubject = "One error was found"; errorMsgSubject = "One error was found";
} else { } else {
errorMsgSubject = "errors found: " +errors.size(); errorMsgSubject = "errors found: " + errors.size();
} }
} else { } else {
errorMessage.append( "No errors"); errorMessage.append("No errors");
errorMsgSubject ="No errors"; errorMsgSubject = "No errors";
} }
final IngestMessage msg = IngestMessage.createMessage(msgLevel, AndroidModuleFactory.getModuleName(),"Ingest Finished"); final IngestMessage msg = IngestMessage.createMessage(msgLevel, AndroidModuleFactory.getModuleName(), "Ingest Finished");
services.postMessage(msg); services.postMessage(msg);
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} }

1
Core/src/org/sleuthkit/autopsy/modules/android/AndroidModuleFactory.java
View File

@ -25,7 +25,6 @@ import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter; import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings; import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
@ServiceProvider(service = IngestModuleFactory.class) // @ServiceProvider(service = IngestModuleFactory.class) //
public class AndroidModuleFactory extends IngestModuleFactoryAdapter { public class AndroidModuleFactory extends IngestModuleFactoryAdapter {

103
Core/src/org/sleuthkit/autopsy/modules/android/BrowserLocationAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -35,34 +36,25 @@ import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class BrowserLocationAnalyzer { class BrowserLocationAnalyzer {
private Connection connection = null; private static final String moduleName = AndroidModuleFactory.getModuleName();
private ResultSet resultSet = null;
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(BrowserLocationAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(BrowserLocationAnalyzer.class.getName());
public void findGeoLocations() { public static void findGeoLocations() {
List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name LIKE 'CachedGeoposition%.db'"); //get exact file names List<AbstractFile> abstractFiles = skCase.findAllFilesWhere("name LIKE 'CachedGeoposition%.db'"); //get exact file names
if (absFiles.isEmpty()) {
return; for (AbstractFile abstractFile : abstractFiles) {
}
for (AbstractFile AF : absFiles) {
try { try {
if (AF.getSize() ==0) continue; if (abstractFile.getSize() == 0) {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); continue;
ContentUtils.writeToFile(AF,jFile); }
dbPath = jFile.toString(); //path of file as string File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
fileId = AF.getId(); ContentUtils.writeToFile(abstractFile, jFile);
findGeoLocationsInDB(dbPath, fileId); findGeoLocationsInDB(jFile.toString(), abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Browser Location files", e); logger.log(Level.SEVERE, "Error parsing Browser Location files", e);
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
@ -71,7 +63,10 @@ class BrowserLocationAnalyzer {
} }
} }
private void findGeoLocationsInDB(String DatabasePath, long fId) { private static void findGeoLocationsInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -81,50 +76,38 @@ class BrowserLocationAnalyzer {
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error connecting to sql database", e); logger.log(Level.SEVERE, "Error connecting to sql database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); resultSet = statement.executeQuery(
try { "Select timestamp, latitude, longitude, accuracy FROM CachedPosition;");
resultSet = statement.executeQuery(
"Select timestamp, latitude, longitude, accuracy FROM CachedPosition;");
BlackboardArtifact bba; while (resultSet.next()) {
Long timestamp; // unix time Long timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000;
String latitude; double latitude = Double.valueOf(resultSet.getString("latitude"));
String longitude; double longitude = Double.valueOf(resultSet.getString("longitude"));
while (resultSet.next()) { BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);
timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000; bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, latitude));
latitude= resultSet.getString("latitude"); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(), moduleName, longitude));
longitude = resultSet.getString("longitude"); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, timestamp));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "Browser Location History"));
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(),moduleName,latitude));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(),moduleName, longitude));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),moduleName, timestamp));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),moduleName, "Browser Location History"));
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy));
}
} catch (Exception e) {
logger.log(Level.SEVERE, "Error Putting artifacts to Blackboard", e);
} finally {
try {
resultSet.close();
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error Putting artifacts to Blackboard", e); logger.log(Level.SEVERE, "Error Putting artifacts to Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} }
} }

109
Core/src/org/sleuthkit/autopsy/modules/android/CacheLocationAnalyzer.java
View File

@ -36,29 +36,26 @@ import org.sleuthkit.datamodel.TskCoreException;
class CacheLocationAnalyzer { class CacheLocationAnalyzer {
private String filePath = ""; private static final String moduleName = AndroidModuleFactory.getModuleName();
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(CacheLocationAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(CacheLocationAnalyzer.class.getName());
public void findGeoLocations() {
List<AbstractFile> absFiles; public static void findGeoLocations() {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='cache.cell'OR name='cache.wifi'"); //get exact file names List<AbstractFile> abstractFiles = skCase.findAllFilesWhere("name ='cache.cell' OR name='cache.wifi'"); //get exact file names
if (absFiles.isEmpty()) {
return; for (AbstractFile abstractFile : abstractFiles) {
}
for (AbstractFile AF : absFiles) {
try { try {
if (AF.getSize() ==0) continue; if (abstractFile.getSize() == 0) {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); continue;
ContentUtils.writeToFile(AF,jFile); }
filePath = jFile.toString(); //path of file as string File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
fileId = AF.getId(); ContentUtils.writeToFile(abstractFile, jFile);
findGeoLocationsInFile(filePath, fileId);
findGeoLocationsInFile(jFile, abstractFile);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing cached Location files", e); logger.log(Level.SEVERE, "Error parsing cached Location files", e);
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
@ -66,82 +63,72 @@ class CacheLocationAnalyzer {
} }
} }
private void findGeoLocationsInFile(String filePath, long fId) { private static void findGeoLocationsInFile(File file, AbstractFile f) {
if (filePath == null || filePath.isEmpty()) {
return;
}
String fileName=filePath.contains("cell")? "cache.cell":"cache.wifi";
File file = new File(filePath); //cache.cell or cache.wifi
byte[] bytes; // will temporarily hold bytes to be converted into the correct data types byte[] bytes; // will temporarily hold bytes to be converted into the correct data types
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
InputStream inputStream = new FileInputStream(file); InputStream inputStream = new FileInputStream(file);
AbstractFile f = skCase.getAbstractFileById(fId);
BlackboardArtifact bba;
String latitude;
String longitude;
String confidence;
String accuracy; //measure of how accurate the gps location is.
bytes = new byte[2]; // version bytes = new byte[2]; // version
inputStream.read(bytes); inputStream.read(bytes);
bytes = new byte[2]; bytes = new byte[2];
inputStream.read(bytes); //number of location entries inputStream.read(bytes); //number of location entries
int iterations = new BigInteger(bytes).intValue(); int iterations = new BigInteger(bytes).intValue();
for (int i = 0; i < iterations; i++) { //loop through every entry for (int i = 0; i < iterations; i++) { //loop through every entry
bytes = new byte[2]; bytes = new byte[2];
inputStream.read(bytes); inputStream.read(bytes);
bytes = new byte[1]; bytes = new byte[1];
inputStream.read(bytes); inputStream.read(bytes);
while (new BigInteger(bytes).intValue() != 0) //pass through non important values until the start of accuracy(around 7-10 bytes) while (new BigInteger(bytes).intValue() != 0) { //pass through non important values until the start of accuracy(around 7-10 bytes)
{
inputStream.read(bytes); inputStream.read(bytes);
} }
bytes = new byte[3]; bytes = new byte[3];
inputStream.read(bytes); inputStream.read(bytes);
if (new BigInteger(bytes).intValue()<=0){//This refers to a location that could not be calculated. if (new BigInteger(bytes).intValue() <= 0) {//This refers to a location that could not be calculated.
bytes = new byte[28]; //read rest of the row's bytes bytes = new byte[28]; //read rest of the row's bytes
inputStream.read(bytes); inputStream.read(bytes);
continue; continue;
} }
accuracy=""+new BigInteger(bytes).intValue(); String accuracy = "" + new BigInteger(bytes).intValue();
bytes = new byte[4]; bytes = new byte[4];
inputStream.read(bytes); inputStream.read(bytes);
confidence=""+new BigInteger(bytes).intValue(); String confidence = "" + new BigInteger(bytes).intValue();
bytes = new byte[8]; bytes = new byte[8];
inputStream.read(bytes); inputStream.read(bytes);
latitude=""+toDouble(bytes); double latitude = toDouble(bytes);
bytes = new byte[8]; bytes = new byte[8];
inputStream.read(bytes); inputStream.read(bytes);
longitude= ""+toDouble(bytes); double longitude = toDouble(bytes);
bytes = new byte[8]; bytes = new byte[8];
inputStream.read(bytes); inputStream.read(bytes);
Long timestamp = new BigInteger(bytes).longValue(); Long timestamp = new BigInteger(bytes).longValue() / 1000;
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT); BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(),moduleName,latitude)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, latitude));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(),moduleName, longitude)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID(), moduleName, longitude));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(),moduleName, timestamp)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, timestamp));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(),moduleName, fileName+" Location History")); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, file.getName() + " Location History"));
//Not storing these for now. //Not storing these for now.
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy)); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy));
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(),moduleName, confidence)); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(),moduleName, confidence));
} }
}catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Cached GPS locations to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Cached GPS locations to Blackboard", e);
} }
} }
public static double toDouble(byte[] bytes) { private static double toDouble(byte[] bytes) {
return ByteBuffer.wrap(bytes).getDouble(); return ByteBuffer.wrap(bytes).getDouble();
} }
} }

117
Core/src/org/sleuthkit/autopsy/modules/android/CallLogAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -34,18 +35,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class CallLogAnalyzer { class CallLogAnalyzer {
private Connection connection = null; private static final String moduleName = AndroidModuleFactory.getModuleName();
private ResultSet resultSet = null;
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName());
public void findCallLogs() { public static void findCallLogs() {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
@ -53,13 +48,12 @@ import org.sleuthkit.datamodel.TskCoreException;
if (absFiles.isEmpty()) { if (absFiles.isEmpty()) {
return; return;
} }
for (AbstractFile AF : absFiles) { for (AbstractFile abstractFile : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); File jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(abstractFile, jFile);
dbPath = jFile.toString(); //path of file as string
fileId = AF.getId(); findCallLogsInDB(jFile.toString(), abstractFile);
findCallLogsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Call logs", e); logger.log(Level.SEVERE, "Error parsing Call logs", e);
} }
@ -69,7 +63,11 @@ import org.sleuthkit.datamodel.TskCoreException;
} }
} }
private void findCallLogsInDB(String DatabasePath, long fId) { private static void findCallLogsInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -78,60 +76,57 @@ import org.sleuthkit.datamodel.TskCoreException;
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath);
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); resultSet = statement.executeQuery(
try { "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;");
resultSet = statement.executeQuery(
"SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;");
BlackboardArtifact bba; BlackboardArtifact bba;
while (resultSet.next()) { while (resultSet.next()) {
// name of person dialed or called. null if unregistered // name of person dialed or called. null if unregistered
String name = resultSet.getString("name"); String name = resultSet.getString("name");
String number = resultSet.getString("number"); String number = resultSet.getString("number");
//duration of call in seconds //duration of call in seconds
Long duration = Long.valueOf(resultSet.getString("duration")); Long duration = Long.valueOf(resultSet.getString("duration"));
Long date = Long.valueOf(resultSet.getString("date")) / 1000; Long date = Long.valueOf(resultSet.getString("date")) / 1000;
String direction = "";
switch (Integer.valueOf(resultSet.getString("type"))) {
case 1:
direction = "Incoming";
break;
case 2:
direction = "Outgoing";
break;
case 3:
direction = "Missed";
break;
}
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set. String direction = "";
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),moduleName, number)); switch (Integer.valueOf(resultSet.getString("type"))) {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date)); case 1:
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration+date)); direction = "Incoming";
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction)); break;
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name)); case 2:
} direction = "Outgoing";
} catch (Exception e) { break;
logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); case 3:
} finally { direction = "Missed";
try { break;
resultSet.close();
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e);
} }
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e);
}
} }
} }
} }

119
Core/src/org/sleuthkit/autopsy/modules/android/ContactAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -27,24 +28,19 @@ import java.util.List;
import java.util.logging.Level; import java.util.logging.Level;
import org.sleuthkit.autopsy.casemodule.Case; import org.sleuthkit.autopsy.casemodule.Case;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.datamodel.AbstractFile; import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact; import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.datamodel.ContentUtils;
class ContactAnalyzer { class ContactAnalyzer {
private Connection connection = null; private static final String moduleName = AndroidModuleFactory.getModuleName();
private ResultSet resultSet = null;
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName());
public void findContacts() { public static void findContacts() {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
@ -55,17 +51,15 @@ class ContactAnalyzer {
} }
for (AbstractFile AF : absFiles) { for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); File jFile = new File(Case.getCurrentCase().getTempDirectory(), AF.getName());
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(AF, jFile);
dbPath = jFile.toString(); //path of file as string findContactsInDB(jFile.toString(), AF);
fileId = AF.getId();
findContactsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts", e); logger.log(Level.SEVERE, "Error parsing Contacts", e);
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Contacts", e); logger.log(Level.SEVERE, "Error finding Contacts", e);
} }
} }
@ -75,7 +69,11 @@ class ContactAnalyzer {
* @param fId Will create artifact from a database given by the path The * @param fId Will create artifact from a database given by the path The
* fileId will be the Abstract file associated with the artifacts * fileId will be the Abstract file associated with the artifacts
*/ */
private void findContactsInDB(String DatabasePath, long fId) { private static void findContactsInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -85,63 +83,58 @@ class ContactAnalyzer {
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
try { //sorted by name, so phonenumber/email would be consecutive for a person if they exist.
// get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) resultSet = statement.executeQuery(
//sorted by name, so phonenumber/email would be consecutive for a person if they exist. "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n"
resultSet = statement.executeQuery( + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n"
"SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) "
+ "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n"
+ "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n"
+ "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
+ "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" + "ORDER BY name_raw_contact.display_name ASC;");
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
+ "ORDER BY name_raw_contact.display_name ASC;");
BlackboardArtifact bba; BlackboardArtifact bba;
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
String name; String name;
String oldName = ""; String oldName = "";
String mimetype; // either phone or email String mimetype; // either phone or email
String data1; // the phone number or email String data1; // the phone number or email
while (resultSet.next()) { while (resultSet.next()) {
name = resultSet.getString("display_name"); name = resultSet.getString("display_name");
data1 = resultSet.getString("data1"); data1 = resultSet.getString("data1");
mimetype = resultSet.getString("mimetype"); mimetype = resultSet.getString("mimetype");
// System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code // System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code
if (name.equals(oldName) == false) { if (name.equals(oldName) == false) {
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
}
if (mimetype.equals("vnd.android.cursor.item/phone_v2")) {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
} else {
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1));
}
oldName = name;
} }
if (mimetype.equals("vnd.android.cursor.item/phone_v2")) {
} catch (Exception e) { bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); } else {
} finally { bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1));
try {
resultSet.close();
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
} }
oldName = name;
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} }
} }

125
Core/src/org/sleuthkit/autopsy/modules/android/GoogleMapLocationAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -34,19 +35,12 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class GoogleMapLocationAnalyzer { class GoogleMapLocationAnalyzer {
private Connection connection = null; private static final String moduleName = AndroidModuleFactory.getModuleName();
private ResultSet resultSet = null;
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName = AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(GoogleMapLocationAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(GoogleMapLocationAnalyzer.class.getName());
public void findGeoLocations() { public static void findGeoLocations() {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
@ -54,23 +48,25 @@ class GoogleMapLocationAnalyzer {
if (absFiles.isEmpty()) { if (absFiles.isEmpty()) {
return; return;
} }
for (AbstractFile AF : absFiles) { for (AbstractFile abstractFile : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); File jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(abstractFile, jFile);
dbPath = jFile.toString(); //path of file as string findGeoLocationsInDB(jFile.toString(), abstractFile);
fileId = AF.getId();
findGeoLocationsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Google map locations", e); logger.log(Level.SEVERE, "Error parsing Google map locations", e);
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Google map locations", e); logger.log(Level.SEVERE, "Error finding Google map locations", e);
} }
} }
private void findGeoLocationsInDB(String DatabasePath, long fId) { private static void findGeoLocationsInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -80,39 +76,24 @@ class GoogleMapLocationAnalyzer {
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); resultSet = statement.executeQuery(
try { "Select time,dest_lat,dest_lng,dest_title,dest_address,source_lat,source_lng FROM destination_history;");
resultSet = statement.executeQuery(
"Select time,dest_lat,dest_lng,dest_title,dest_address,source_lat,source_lng FROM destination_history;");
BlackboardArtifact bba; while (resultSet.next()) {
Long time = Long.valueOf(resultSet.getString("time")) / 1000;
String dest_title = resultSet.getString("dest_title");
String dest_address = resultSet.getString("dest_address");
double dest_lat = convertGeo(resultSet.getString("dest_lat"));
double dest_lng = convertGeo(resultSet.getString("dest_lng"));
double source_lat = convertGeo(resultSet.getString("source_lat"));
double source_lng = convertGeo(resultSet.getString("source_lng"));
while (resultSet.next()) {
Long time = Long.valueOf(resultSet.getString("time")) / 1000;
String dest_lat = resultSet.getString("dest_lat");
String dest_lng = resultSet.getString("dest_lng");
String dest_title = resultSet.getString("dest_title");
String dest_address = resultSet.getString("dest_address");
String source_lat = resultSet.getString("source_lat");
String source_lng = resultSet.getString("source_lng");
//add periods 6 decimal places before the end.
if(dest_lat.length()>6)
dest_lat = dest_lat.substring(0, dest_lat.length()-6) + "." + dest_lat.substring(dest_lat.length()-6, dest_lat.length()) ;
if(dest_lng.length()>6)
dest_lng = dest_lng.substring(0, dest_lng.length()-6) + "." + dest_lng.substring(dest_lng.length()-6, dest_lng.length()) ;
if(source_lat.length()>6)
source_lat = source_lat.substring(0, source_lat.length()-6) + "." + source_lat.substring(source_lat.length()-6, source_lat.length()) ;
if(source_lng.length()>6)
source_lng = source_lng.substring(0, source_lng.length()-6) + "." + source_lng.substring(source_lng.length()-6, source_lng.length()) ;
// bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);//src // bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);//src
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, "Source")); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, "Source"));
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, source_lat)); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), moduleName, source_lat));
@ -128,33 +109,39 @@ class GoogleMapLocationAnalyzer {
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, dest_title)); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, dest_title));
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION.getTypeID(), moduleName, dest_address)); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION.getTypeID(), moduleName, dest_address));
// bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "Google Maps History")); // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "Google Maps History"));
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE);
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, "Destination"));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY.getTypeID(), moduleName, "Destination")); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, time));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, time)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END.getTypeID(), moduleName, dest_lat));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END.getTypeID(), moduleName, dest_lat)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END.getTypeID(), moduleName, dest_lng));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END.getTypeID(), moduleName, dest_lng)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START.getTypeID(), moduleName, source_lat));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START.getTypeID(), moduleName, source_lat)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START.getTypeID(), moduleName, source_lng));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START.getTypeID(), moduleName, source_lng)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, dest_title));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, dest_title)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION.getTypeID(), moduleName, dest_address));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION.getTypeID(), moduleName, dest_address)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "Google Maps History"));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), moduleName, "Google Maps History"));
}
} catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Google map locations to the Blackboard", e);
} finally {
try {
resultSet.close();
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e);
}
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Google map locations to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Google map locations to the Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e);
}
} }
} }
//add periods 6 decimal places before the end.
private static double convertGeo(String s) {
if (s.length() > 6)
return Double.valueOf(s.substring(0, s.length() - 6) + "." + s.substring(s.length() - 6, s.length()));
else
return Double.valueOf(s);
}
} }

4
Core/src/org/sleuthkit/autopsy/modules/android/KMLFileCreator.java
View File

@ -43,7 +43,7 @@ public class KMLFileCreator {
private SleuthkitCase skCase; private SleuthkitCase skCase;
private String reportPath; private String reportPath;
public void CreateKML() { public void createKml() {
reportPath = Case.getCurrentCase().getTempDirectory() + "ReportKML.kml"; //NON-NLS reportPath = Case.getCurrentCase().getTempDirectory() + "ReportKML.kml"; //NON-NLS
String reportPath2 = Case.getCurrentCase().getTempDirectory() + "ReportKML.txt"; //NON-NLS String reportPath2 = Case.getCurrentCase().getTempDirectory() + "ReportKML.txt"; //NON-NLS
@ -127,7 +127,6 @@ public class KMLFileCreator {
/* /*
* Step 2: add in Style elements * Step 2: add in Style elements
*/ */
// Style // Style
Element style = new Element("Style", ns); //NON-NLS Element style = new Element("Style", ns); //NON-NLS
style.setAttribute("id", "redIcon"); //NON-NLS style.setAttribute("id", "redIcon"); //NON-NLS
@ -203,6 +202,5 @@ public class KMLFileCreator {
} catch (TskCoreException ex) { } catch (TskCoreException ex) {
} }
} }
} }

124
Core/src/org/sleuthkit/autopsy/modules/android/TangoMessageAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -35,31 +36,21 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class TangoMessageAnalyzer { class TangoMessageAnalyzer {
private Connection connection = null;
private ResultSet resultSet = null; private static final String moduleName = AndroidModuleFactory.getModuleName();
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(TangoMessageAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(TangoMessageAnalyzer.class.getName());
public void findTangoMessages() { public static void findTangoMessages() {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='tc.db' "); //get exact file names absFiles = skCase.findAllFilesWhere("name ='tc.db' "); //get exact file names
if (absFiles.isEmpty()) { for (AbstractFile abstractFile : absFiles) {
return;
}
for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(abstractFile, jFile);
dbPath = jFile.toString(); //path of file as string findTangoMessagesInDB(jFile.toString(), abstractFile);
fileId = AF.getId();
findTangoMessagesInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Tango messages", e); logger.log(Level.SEVERE, "Error parsing Tango messages", e);
} }
@ -67,9 +58,13 @@ import org.sleuthkit.datamodel.TskCoreException;
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Tango messages", e); logger.log(Level.SEVERE, "Error finding Tango messages", e);
} }
} }
private void findTangoMessagesInDB(String DatabasePath, long fId) {
private static void findTangoMessagesInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -79,63 +74,60 @@ import org.sleuthkit.datamodel.TskCoreException;
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); resultSet = statement.executeQuery(
try { "Select conv_id, create_time,direction,payload FROM messages ORDER BY create_time DESC;");
resultSet = statement.executeQuery(
"Select conv_id, create_time,direction,payload FROM messages ORDER BY create_time DESC;");
BlackboardArtifact bba; String conv_id; // seems to wrap around the message found in payload after decoding from base-64
String conv_id; // seems to wrap around the message found in payload after decoding from base-64 String direction; // 1 incoming, 2 outgoing
String direction; // 1 incoming, 2 outgoing String payload; // seems to be a base64 message wrapped by the conv_id
String payload; // seems to be a base64 message wrapped by the conv_id
while (resultSet.next()) {
conv_id = resultSet.getString("conv_id");
Long create_time = Long.valueOf(resultSet.getString("create_time")) / 1000;
direction = resultSet.getString("direction");
payload = resultSet.getString("payload");
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, create_time));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, decodeMessage(conv_id,payload)));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName,"Tango Message" ));
while (resultSet.next()) {
conv_id = resultSet.getString("conv_id");
Long create_time = Long.valueOf(resultSet.getString("create_time")) / 1000;
if (resultSet.getString("direction").equals("1")) {
direction = "Incoming";
} else {
direction = "Outgoing";
} }
payload = resultSet.getString("payload");
BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, create_time));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, decodeMessage(conv_id, payload)));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "Tango Message"));
} catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Tango messages to the Blackboard", e);
} finally {
try {
resultSet.close();
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Tango messages to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Tango messages to the Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} }
//take the message string which is wrapped by a certain string, and return the text enclosed. //take the message string which is wrapped by a certain string, and return the text enclosed.
private String decodeMessage(String wrapper, String message) private static String decodeMessage(String wrapper, String message) {
{ String result = "";
String result= ""; byte[] decoded = Base64.decodeBase64(message);
byte[] decoded = Base64.decodeBase64(message); try {
try{ String Z = new String(decoded, "UTF-8");
String Z= new String (decoded,"UTF-8"); result = Z.split(wrapper)[1];
result = Z.split(wrapper)[1]; } catch (Exception e) {
}catch(Exception e){
logger.log(Level.SEVERE, "Error decoding a Tango message", e); logger.log(Level.SEVERE, "Error decoding a Tango message", e);
} }
return result; return result;
} }
} }

113
Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -34,33 +35,21 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class TextMessageAnalyzer {
class TextMessageAnalyzer { private static final String moduleName = AndroidModuleFactory.getModuleName();
private Connection connection = null;
private ResultSet resultSet = null;
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
List<AbstractFile> absFiles;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(TextMessageAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(TextMessageAnalyzer.class.getName());
public static void findTexts() {
void findTexts() {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //get exact file name List<AbstractFile> absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //get exact file name
if (absFiles.isEmpty()) {
return; for (AbstractFile abstractFile : absFiles) {
}
for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(abstractFile, jFile);
dbPath = jFile.toString(); //path of file as string findTextsInDB(jFile.toString(), abstractFile);
fileId = AF.getId();
findTextsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages", e); logger.log(Level.SEVERE, "Error parsing text messages", e);
} }
@ -69,7 +58,12 @@ import org.sleuthkit.datamodel.TskCoreException;
logger.log(Level.SEVERE, "Error finding text messages", e); logger.log(Level.SEVERE, "Error finding text messages", e);
} }
} }
private void findTextsInDB(String DatabasePath, long fId) {
private static void findTextsInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -79,55 +73,50 @@ import org.sleuthkit.datamodel.TskCoreException;
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); resultSet = statement.executeQuery(
try { "Select address,date,type,subject,body FROM sms;");
resultSet = statement.executeQuery(
"Select address,date,type,subject,body FROM sms;");
BlackboardArtifact bba; String address; // may be phone number, or other addresses
String address; // may be phone number, or other addresses
String type; // message received in inbox = 1, message sent = 2
String subject;//message subject
String body; //message body
while (resultSet.next()) {
address = resultSet.getString("address");
Long date = Long.valueOf(resultSet.getString("date")) / 1000;
type = resultSet.getString("type");
subject = resultSet.getString("subject");
body = resultSet.getString("body");
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName,"SMS Message" ));
String direction; // message received in inbox = 1, message sent = 2
String subject;//message subject
String body; //message body
while (resultSet.next()) {
address = resultSet.getString("address");
Long date = Long.valueOf(resultSet.getString("date")) / 1000;
if (resultSet.getString("type").equals("1")) {
direction = "Incoming";
} else {
direction = "Outgoing";
} }
subject = resultSet.getString("subject");
body = resultSet.getString("body");
} catch (Exception e) { BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address));
} finally { bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date));
try { bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction));
resultSet.close(); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject));
statement.close(); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body));
connection.close(); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "SMS Message"));
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} }
} }

101
Core/src/org/sleuthkit/autopsy/modules/android/WWFMessageAnalyzer.java
View File

@ -18,6 +18,7 @@
*/ */
package org.sleuthkit.autopsy.modules.android; package org.sleuthkit.autopsy.modules.android;
import java.io.File;
import java.sql.Connection; import java.sql.Connection;
import java.sql.DriverManager; import java.sql.DriverManager;
import java.sql.ResultSet; import java.sql.ResultSet;
@ -34,30 +35,23 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class WWFMessageAnalyzer { class WWFMessageAnalyzer {
private Connection connection = null;
private ResultSet resultSet = null; private static final String moduleName = AndroidModuleFactory.getModuleName();
private Statement statement = null;
private String dbPath = "";
private long fileId = 0;
private java.io.File jFile = null;
private String moduleName= AndroidModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(WWFMessageAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(WWFMessageAnalyzer.class.getName());
public void findWWFMessages() {
public static void findWWFMessages() {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
absFiles = skCase.findAllFilesWhere("name ='WordsFramework' "); //get exact file names absFiles = skCase.findAllFilesWhere("name ='WordsFramework' "); //get exact file names
if (absFiles.isEmpty()) {
return; for (AbstractFile abstractFile : absFiles) {
}
for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName()); File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(abstractFile, jFile);
dbPath = jFile.toString(); //path of file as string
fileId = AF.getId(); findWWFMessagesInDB(jFile.toString(), abstractFile);
findWWFMessagesInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing WWF messages", e); logger.log(Level.SEVERE, "Error parsing WWF messages", e);
} }
@ -66,7 +60,12 @@ import org.sleuthkit.datamodel.TskCoreException;
logger.log(Level.SEVERE, "Error finding WWF messages", e); logger.log(Level.SEVERE, "Error finding WWF messages", e);
} }
} }
private void findWWFMessagesInDB(String DatabasePath, long fId) {
private static void findWWFMessagesInDB(String DatabasePath, AbstractFile f) {
Connection connection = null;
ResultSet resultSet = null;
Statement statement = null;
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -75,49 +74,43 @@ import org.sleuthkit.datamodel.TskCoreException;
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath);
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
return;
} }
Case currentCase = Case.getCurrentCase();
SleuthkitCase skCase = currentCase.getSleuthkitCase();
try { try {
AbstractFile f = skCase.getAbstractFileById(fId); resultSet = statement.executeQuery(
try { "SELECT message,created_at,user_id,game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;");
resultSet = statement.executeQuery(
"SELECT message,created_at,user_id,game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;");
BlackboardArtifact bba; String message; // WWF Message
String message; // WWF Message String user_id; // the ID of the user who sent the message.
String user_id; // the ID of the user who sent the message. String game_id; // ID of the game which the the message was sent.
String game_id; // ID of the game which the the message was sent.
while (resultSet.next()) { while (resultSet.next()) {
message = resultSet.getString("message"); message = resultSet.getString("message");
Long created_at = Long.valueOf(resultSet.getString("created_at")) / 1000; Long created_at = Long.valueOf(resultSet.getString("created_at")) / 1000;
user_id = resultSet.getString("user_id"); user_id = resultSet.getString("user_id");
game_id = resultSet.getString("game_id"); game_id = resultSet.getString("game_id");
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set. BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, created_at)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, created_at));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, user_id)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, user_id));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID.getTypeID(), moduleName, game_id)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID.getTypeID(), moduleName, game_id));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName,message)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, message));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName,"Words With Friends Message" )); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "Words With Friends Message"));
}
} catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing WWF messages to the Blackboard", e);
} finally {
try {
resultSet.close();
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing WWF messages to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing WWF messages to the Blackboard", e);
} finally {
try {
if (resultSet != null) {
resultSet.close();
}
statement.close();
connection.close();
} catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e);
}
} }
} }
} }

18
Core/src/org/sleuthkit/autopsy/modules/iOS/CallLogAnalyzer.java
View File

@ -34,7 +34,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class CallLogAnalyzer { class CallLogAnalyzer {
private Connection connection = null; private Connection connection = null;
private ResultSet resultSet = null; private ResultSet resultSet = null;
@ -42,9 +42,9 @@ import org.sleuthkit.datamodel.TskCoreException;
private String dbPath = ""; private String dbPath = "";
private long fileId = 0; private long fileId = 0;
private java.io.File jFile = null; private java.io.File jFile = null;
private String moduleName= iOSModuleFactory.getModuleName(); private String moduleName = iOSModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName());
public void findCallLogs() { public void findCallLogs() {
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
try { try {
@ -56,7 +56,7 @@ import org.sleuthkit.datamodel.TskCoreException;
for (AbstractFile AF : absFiles) { for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", "")); jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", ""));
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(AF, jFile);
dbPath = jFile.toString(); //path of file as string dbPath = jFile.toString(); //path of file as string
fileId = AF.getId(); fileId = AF.getId();
findCallLogsInDB(dbPath, fileId); findCallLogsInDB(dbPath, fileId);
@ -78,7 +78,7 @@ import org.sleuthkit.datamodel.TskCoreException;
connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath);
statement = connection.createStatement(); statement = connection.createStatement();
} catch (ClassNotFoundException | SQLException e) { } catch (ClassNotFoundException | SQLException e) {
logger.log(Level.SEVERE, "Error opening database", e); logger.log(Level.SEVERE, "Error opening database", e);
} }
Case currentCase = Case.getCurrentCase(); Case currentCase = Case.getCurrentCase();
@ -104,22 +104,22 @@ import org.sleuthkit.datamodel.TskCoreException;
type = resultSet.getString("type"); type = resultSet.getString("type");
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set. bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(),moduleName, number)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration+date)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e);
} finally { } finally {
try { try {
resultSet.close(); resultSet.close();
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing the database", e); logger.log(Level.SEVERE, "Error closing the database", e);
} }
} }
} catch (Exception e) { } catch (Exception e) {

71
Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java
View File

@ -39,6 +39,7 @@ import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.datamodel.ContentUtils; import org.sleuthkit.autopsy.datamodel.ContentUtils;
import org.sleuthkit.datamodel.ReadContentInputStream; import org.sleuthkit.datamodel.ReadContentInputStream;
class ContactAnalyzer { class ContactAnalyzer {
private Connection connection = null; private Connection connection = null;
@ -47,7 +48,7 @@ class ContactAnalyzer {
private String dbPath = ""; private String dbPath = "";
private long fileId = 0; private long fileId = 0;
private java.io.File jFile = null; private java.io.File jFile = null;
private String moduleName= iOSModuleFactory.getModuleName(); private String moduleName = iOSModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName());
public void findContacts() { public void findContacts() {
@ -62,19 +63,19 @@ class ContactAnalyzer {
for (AbstractFile AF : absFiles) { for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", "")); jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", ""));
//jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), i+".txt"); //jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), i+".txt");
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(AF, jFile);
//copyFileUsingStreams(AF,jFile); //copyFileUsingStreams(AF,jFile);
//copyFileUsingStream(AF,jFile); //copyFileUsingStream(AF,jFile);
dbPath = jFile.toString(); //path of file as string dbPath = jFile.toString(); //path of file as string
fileId = AF.getId(); fileId = AF.getId();
//findContactsInDB(dbPath, fileId); //findContactsInDB(dbPath, fileId);
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts", e); logger.log(Level.SEVERE, "Error parsing Contacts", e);
} }
} }
} catch (TskCoreException e) { } catch (TskCoreException e) {
logger.log(Level.SEVERE, "Error finding Contacts", e); logger.log(Level.SEVERE, "Error finding Contacts", e);
} }
} }
@ -112,7 +113,7 @@ class ContactAnalyzer {
+ "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
+ "ORDER BY name_raw_contact.display_name ASC;"); + "ORDER BY name_raw_contact.display_name ASC;");
BlackboardArtifact bba; BlackboardArtifact bba;
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
String name; String name;
String oldName = ""; String oldName = "";
@ -136,23 +137,23 @@ class ContactAnalyzer {
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e);
} finally { } finally {
try { try {
resultSet.close(); resultSet.close();
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e);
} }
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e);
} }
} }
public static void copyFileUsingStream(AbstractFile file, File jFile) throws IOException { public static void copyFileUsingStream(AbstractFile file, File jFile) throws IOException {
InputStream is = new ReadContentInputStream(file); InputStream is = new ReadContentInputStream(file);
OutputStream os = new FileOutputStream(jFile); OutputStream os = new FileOutputStream(jFile);
byte[] buffer = new byte[8192]; byte[] buffer = new byte[8192];
@ -160,9 +161,9 @@ class ContactAnalyzer {
try { try {
while ((length = is.read(buffer)) != -1) { while ((length = is.read(buffer)) != -1) {
os.write(buffer, 0, length); os.write(buffer, 0, length);
System.out.println(length); System.out.println(length);
os.flush(); os.flush();
} }
} finally { } finally {
@ -170,27 +171,29 @@ class ContactAnalyzer {
os.close(); os.close();
} }
} }
public static void copyFileUsingStreams(AbstractFile file, File jFile) {
InputStream istream; public static void copyFileUsingStreams(AbstractFile file, File jFile) {
OutputStream ostream=null; InputStream istream;
int c; OutputStream ostream = null;
final int EOF = -1; int c;
istream = new ReadContentInputStream(file); final int EOF = -1;
istream = new ReadContentInputStream(file);
//File outFile = new File("Data.txt"); //File outFile = new File("Data.txt");
// System.out.println("Type characters to write in File Press Ctrl+z to end "); // System.out.println("Type characters to write in File Press Ctrl+z to end ");
try { try {
ostream = new FileOutputStream(jFile); ostream = new FileOutputStream(jFile);
while ((c = istream.read()) != EOF) while ((c = istream.read()) != EOF) {
ostream.write(c); ostream.write(c);
} catch (IOException e) { }
System.out.println("Error: " + e.getMessage()); } catch (IOException e) {
} finally { System.out.println("Error: " + e.getMessage());
try { } finally {
istream.close(); try {
ostream.close(); istream.close();
} catch (IOException e) { ostream.close();
System.out.println("File did not close"); } catch (IOException e) {
} System.out.println("File did not close");
} }
} }
}
} }

27
Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java
View File

@ -34,19 +34,18 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException; import org.sleuthkit.datamodel.TskCoreException;
class TextMessageAnalyzer {
class TextMessageAnalyzer { private Connection connection = null;
private Connection connection = null;
private ResultSet resultSet = null; private ResultSet resultSet = null;
private Statement statement = null; private Statement statement = null;
private String dbPath = ""; private String dbPath = "";
private long fileId = 0; private long fileId = 0;
private java.io.File jFile = null; private java.io.File jFile = null;
List<AbstractFile> absFiles; List<AbstractFile> absFiles;
private String moduleName= iOSModuleFactory.getModuleName(); private String moduleName = iOSModuleFactory.getModuleName();
private static final Logger logger = Logger.getLogger(TextMessageAnalyzer.class.getName()); private static final Logger logger = Logger.getLogger(TextMessageAnalyzer.class.getName());
void findTexts() { void findTexts() {
try { try {
SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase(); SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
@ -56,8 +55,8 @@ import org.sleuthkit.datamodel.TskCoreException;
} }
for (AbstractFile AF : absFiles) { for (AbstractFile AF : absFiles) {
try { try {
jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(),AF.getName().replaceAll("[<>%|\"/:*\\\\]", "")); jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", ""));
ContentUtils.writeToFile(AF,jFile); ContentUtils.writeToFile(AF, jFile);
dbPath = jFile.toString(); //path of file as string dbPath = jFile.toString(); //path of file as string
fileId = AF.getId(); fileId = AF.getId();
findTextsInDB(dbPath, fileId); findTextsInDB(dbPath, fileId);
@ -69,7 +68,8 @@ import org.sleuthkit.datamodel.TskCoreException;
logger.log(Level.SEVERE, "Error finding text messages", e); logger.log(Level.SEVERE, "Error finding text messages", e);
} }
} }
private void findTextsInDB(String DatabasePath, long fId) {
private void findTextsInDB(String DatabasePath, long fId) {
if (DatabasePath == null || DatabasePath.isEmpty()) { if (DatabasePath == null || DatabasePath.isEmpty()) {
return; return;
} }
@ -89,7 +89,7 @@ import org.sleuthkit.datamodel.TskCoreException;
resultSet = statement.executeQuery( resultSet = statement.executeQuery(
"Select address,date,type,subject,body FROM sms;"); "Select address,date,type,subject,body FROM sms;");
BlackboardArtifact bba; BlackboardArtifact bba;
String address; // may be phone number, or other addresses String address; // may be phone number, or other addresses
String date;//unix time String date;//unix time
String type; // message received in inbox = 1, message sent = 2 String type; // message received in inbox = 1, message sent = 2
@ -101,26 +101,26 @@ import org.sleuthkit.datamodel.TskCoreException;
type = resultSet.getString("type"); type = resultSet.getString("type");
subject = resultSet.getString("subject"); subject = resultSet.getString("subject");
body = resultSet.getString("body"); body = resultSet.getString("body");
bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set. bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body));
bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName,"SMS Message" )); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "SMS Message"));
} }
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e);
} finally { } finally {
try { try {
resultSet.close(); resultSet.close();
statement.close(); statement.close();
connection.close(); connection.close();
} catch (Exception e) { } catch (Exception e) {
logger.log(Level.SEVERE, "Error closing database", e); logger.log(Level.SEVERE, "Error closing database", e);
} }
} }
} catch (Exception e) { } catch (Exception e) {
@ -129,5 +129,4 @@ import org.sleuthkit.datamodel.TskCoreException;
} }
} }

5
Core/src/org/sleuthkit/autopsy/modules/iOS/iOSIngestModule.java
View File

@ -43,11 +43,8 @@ class iOSIngestModule implements DataSourceIngestModule {
@Override @Override
public IngestModule.ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) { public IngestModule.ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) {
ContactAnalyzer FindContacts = new ContactAnalyzer(); ContactAnalyzer FindContacts = new ContactAnalyzer();
FindContacts.findContacts(); FindContacts.findContacts();
return IngestModule.ProcessResult.OK; return IngestModule.ProcessResult.OK;
} }
} }

2
Core/src/org/sleuthkit/autopsy/modules/iOS/iOSModuleFactory.java
View File

@ -26,7 +26,7 @@ import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter;
import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings; import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
@ServiceProvider(service = IngestModuleFactory.class) // //@ServiceProvider(service = IngestModuleFactory.class) //
public class iOSModuleFactory extends IngestModuleFactoryAdapter { public class iOSModuleFactory extends IngestModuleFactoryAdapter {
private static final String VERSION_NUMBER = "1.0.0"; private static final String VERSION_NUMBER = "1.0.0";

52
Core/src/org/sleuthkit/autopsy/report/ReportKML.java
View File

@ -145,8 +145,60 @@ class ReportKML implements GeneralReportModule {
// lat lon path name // lat lon path name
} }
} }
for (BlackboardArtifact artifact : skCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)) {
lat = 0;
lon = 0;
for (BlackboardAttribute attribute : artifact.getAttributes()) {
if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID()) //latitude
{
lat = attribute.getValueDouble();
}
if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID()) //longitude
{
lon = attribute.getValueDouble();
}
}
if (lon != 0 && lat != 0) {
out.write(lat + ";" + lon + "\n");
}
}
for (BlackboardArtifact artifact : skCase.getBlackboardArtifacts(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE)) {
lat = 0;
lon = 0;
double destlat = 0;
double destlon = 0;
String name = "";
for (BlackboardAttribute attribute : artifact.getAttributes()) {
if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_START.getTypeID()) //latitude
{
lat = attribute.getValueDouble();
} else if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE_END.getTypeID()) //longitude
{
destlat = attribute.getValueDouble();
} else if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_START.getTypeID()) //longitude
{
lon = attribute.getValueDouble();
} else if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE_END.getTypeID()) //longitude
{
destlon = attribute.getValueDouble();
} else if (attribute.getAttributeTypeID() == BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID()) //longitude
{
name = attribute.getValueString();
}
}
if (lon != 0 && lat != 0) {
out.write(lat + ";" + lon + ";;" + name + "\n");
}
if (destlat != 0 && destlon != 0) {
out.write(destlat + ";" + destlon + ";;" + name + "\n");
}
}
out.flush(); out.flush();
out.close(); out.close();
progressPanel.increment(); progressPanel.increment();
/* /*
* Step 1: generate XML stub * Step 1: generate XML stub