mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-12 16:06:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into 7354-contentviewer-host-data

Browse Source
This commit is contained in:
Kelly Kelly 2021-03-09 14:48:55 -05:00
commit 584fe7d4d0
4 changed files with 479 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/Bundle.properties-MERGED
View File

@ -22,19 +22,20 @@ ILeappAnalyzerIngestModule.init.exception.msg=Unable to find {0}.
ILeappAnalyzerIngestModule.processing.file=Processing file {0}
ILeappAnalyzerIngestModule.parsing.file=Parsing file {0}
ILeappAnalyzerIngestModule.processing.filesystem=Processing filesystem
IleappAnalyzerIngestModule.not.64.bit.os=iLeapp will not run on 32bit operating system
IleappAnalyzerIngestModule.not.64.bit.os=iLeapp will not run on a 32bit operating system
ALeappAnalyzerIngestModule.init.exception.msg=Unable to find {0}.
ALeappAnalyzerIngestModule.processing.file=Processing file {0}
ALeappAnalyzerIngestModule.parsing.file=Parsing file {0}
ALeappAnalyzerIngestModule.processing.filesystem=Processing filesystem
AleappAnalyzerIngestModule.not.64.bit.os=aLeapp will not run on 32bit operating system
AleappAnalyzerIngestModule.not.64.bit.os=aLeapp will not run on a 32bit operating system
ILeappAnalyzerIngestModule.report.name=iLeapp Html Report
ILeappAnalyzerIngestModule.requires.windows=iLeapp module requires windows.
ILeappAnalyzerIngestModule.running.iLeapp=Running iLeapp
ILeappAnalyzerIngestModule.starting.iLeapp=Starting iLeapp
ILeappAnalyzerModuleFactory_moduleDesc=Uses iLEAPP to analyze logical acquisitions of iOS devices.
ILeappAnalyzerModuleFactory_moduleName=iOS Analyzer (iLEAPP)
LeappFileProcessor.cannot.load.artifact.xml=Cannor load xml artifact file.
LeappFileProcessor.cannot.create.message.relationship=Cannot create TSK_MESSAGE Relationship.
LeappFileProcessor.cannot.load.artifact.xml=Cannot load xml artifact file.
LeappFileProcessor.cannotBuildXmlParser=Cannot buld an XML parser.
LeappFileProcessor.completed=Leapp Processing Completed
LeappFileProcessor.error.creating.new.artifacts=Error creating new artifacts.

357
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
View File

@ -23,7 +23,6 @@ import com.fasterxml.jackson.dataformat.csv.CsvMapper;
import com.fasterxml.jackson.dataformat.csv.CsvParser;
import com.fasterxml.jackson.dataformat.csv.CsvSchema;
import com.google.common.collect.ImmutableMap;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileNotFoundException;
import java.io.IOException;
@ -65,13 +64,21 @@ import org.sleuthkit.autopsy.coreutils.PlatformUtil;
import org.sleuthkit.autopsy.ingest.IngestModule.IngestModuleException;
import org.sleuthkit.autopsy.ingest.IngestModule.ProcessResult;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskException;
import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper;
import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CallMediaType;
import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationDirection;
import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.MessageReadStatus;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;
import org.w3c.dom.Document;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.NodeList;
@ -141,6 +148,26 @@ public final class LeappFileProcessor {
.put("TSK_IP_DHCP", "DHCP Information")
.build();
private static final Map<String, String> ACCOUNT_RELATIONSHIPS = ImmutableMap.<String, String>builder()
.put("Zapya.tsv", "message")
.put("sms messages.tsv", "message")
.put("mms messages.tsv", "message")
.put("Viber - Messages.tsv", "message")
.put("Viber - Contacts.tsv", "contact")
.put("Viber - Call Logs.tsv", "calllog")
.put("Xender file transfer - Messages.tsv", "message")
.put("Whatsapp - Contacts.tsv", "contact")
.put("Whatsapp - Group Call Logs.tsv", "calllog")
.put("Whatsapp - Single Call Logs.tsv", "calllog")
.put("Whatsapp - Messages Logs.tsv", "message")
.put("Shareit file transfer.tsv", "message")
.put("tangomessages messages.tsv", "message")
.put("Contacts.tsv", "contact")
.put("IMO - AccountId.tsv", "contact")
.put("IMO - messages.tsv", "message")
.build();
Blackboard blkBoard;
public LeappFileProcessor(String xmlFile, String moduleName) throws IOException, IngestModuleException, NoCurrentCaseException {
@ -267,7 +294,7 @@ public final class LeappFileProcessor {
for (String LeappFileName : LeappFilesToProcess) {
String fileName = FilenameUtils.getName(LeappFileName);
File LeappFile = new File(LeappFileName);
File LeappFile = new File(LeappFileName);
if (tsvFileAttributes.containsKey(fileName)) {
List<TsvColumn> attrList = tsvFileAttributes.get(fileName);
BlackboardArtifact.Type artifactType = tsvFileArtifacts.get(fileName);
@ -321,9 +348,22 @@ public final class LeappFileProcessor {
Collection<BlackboardAttribute> bbattributes = processReadLine(columnItems, columnIndexes, attrList, fileName, lineNum);
if (!bbattributes.isEmpty()) {
BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes);
if (bbartifact != null) {
bbartifacts.add(bbartifact);
switch (ACCOUNT_RELATIONSHIPS.getOrDefault(fileName, "norelationship").toLowerCase()) {
case "message":
createMessageRelationship(bbattributes, dataSource, fileName);
break;
case "contact":
createContactRelationship(bbattributes, dataSource, fileName);
break;
case "calllog":
createCalllogRelationship(bbattributes, dataSource, fileName);
break;
default: // There is no relationship defined so just process the artifact normally
BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes);
if (bbartifact != null) {
bbartifacts.add(bbartifact);
}
break;
}
}
@ -333,6 +373,266 @@ public final class LeappFileProcessor {
}
}
@NbBundle.Messages({
"LeappFileProcessor.cannot.create.message.relationship=Cannot create TSK_MESSAGE Relationship.",
})
private void createMessageRelationship(Collection<BlackboardAttribute> bbattributes, Content dataSource, String fileName) throws IngestModuleException {
String messageType = null;
CommunicationDirection communicationDirection = CommunicationDirection.UNKNOWN;
String senderId = null;
String receipentId = null;
String[] receipentIdList = null;
Long dateTime = Long.valueOf(0);
MessageReadStatus messageStatus = MessageReadStatus.UNKNOWN;
String subject = null;
String messageText = null;
String threadId = null;
List<BlackboardAttribute> otherAttributes = new ArrayList<>();
List<FileAttachment> fileAttachments = new ArrayList<>();
String sourceFile = null;
MessageAttachments messageAttachments = null;
try {
for (BlackboardAttribute bba : bbattributes) {
switch (bba.getAttributeType().getTypeName()) {
case "TSK_DIRECTION":
if (bba.getValueString().toLowerCase().equals("outgoing")) {
communicationDirection = CommunicationDirection.OUTGOING;
} else if (bba.getValueString().toLowerCase().equals("incoming")) {
communicationDirection = CommunicationDirection.INCOMING;
}
break;
case "TSK_PHONE_NUMBER_FROM":
if (!bba.getValueString().isEmpty()) {
senderId = bba.getValueString();
}
break;
case "TSK_PHONE_NUMBER_TO":
if (!bba.getValueString().isEmpty()) {
receipentIdList = bba.getValueString().split(",", 0);
}
break;
case "TSK_DATETIME":
dateTime = bba.getValueLong();
break;
case "TSK_COMMENT":
messageType = bba.getValueString();
break;
case "TSK_ATTACHMENTS":
if (!bba.getValueString().isEmpty()) {
fileAttachments.add(new FileAttachment(Case.getCurrentCaseThrows().getSleuthkitCase(), dataSource, bba.getValueString()));
}
break;
case "TSK_TEXT_FILE":
sourceFile = bba.getValueString();
break;
case "TSK_READ_STATUS":
if (bba.getValueInt() == 1 ) {
messageStatus = MessageReadStatus.READ;
} else {
messageStatus = MessageReadStatus.UNREAD;
}
break;
case "TSK_TEXT":
messageText = bba.getValueString();
break;
case "TSK_SUBJECT":
subject = bba.getValueString();
break;
default:
otherAttributes.add(bba);
break;
}
}
AbstractFile absFile = findAbstractFile(dataSource, sourceFile);
Account.Type accountType = getAccountType(fileName);
if ((absFile != null) || (accountType != null)) {
CommunicationArtifactsHelper accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
BlackboardArtifact messageArtifact = accountArtifact.addMessage(messageType, communicationDirection, senderId,
receipentId, dateTime, messageStatus, subject,
messageText, threadId, otherAttributes);
if (!fileAttachments.isEmpty()) {
messageAttachments = new MessageAttachments(fileAttachments, new ArrayList<>());
accountArtifact.addAttachments(messageArtifact, messageAttachments);
}
}
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
}
}
private void createContactRelationship(Collection<BlackboardAttribute> bbattributes, Content dataSource, String fileName) throws IngestModuleException {
String alternateId = null;
String contactName = null;
String phoneNumber = null;
String homePhoneNumber = null;
String mobilePhoneNumber = null;
String emailAddr = null;
List<BlackboardAttribute> otherAttributes = new ArrayList<>();
String sourceFile = null;
try {
for (BlackboardAttribute bba : bbattributes) {
switch (bba.getAttributeType().getTypeName()) {
case "TSK_PHONE_NUMBER":
if (!bba.getValueString().isEmpty()) {
phoneNumber = bba.getValueString();
}
break;
case "TSK_NAME":
if (!bba.getValueString().isEmpty()) {
contactName = bba.getValueString();
}
break;
case "TSK_TEXT_FILE":
sourceFile = bba.getValueString();
break;
case "TSK_PHONE_NUMBER_HOME":
homePhoneNumber = bba.getValueString();
break;
case "TSK_PHONE_NUMBER_MOBILE":
mobilePhoneNumber = bba.getValueString();
break;
case "TSK_EMAIL":
emailAddr = bba.getValueString();
break;
case "TSK_ID":
alternateId = bba.getValueString();
break;
default:
otherAttributes.add(bba);
break;
}
}
AbstractFile absFile = findAbstractFile(dataSource, sourceFile);
Account.Type accountType = getAccountType(fileName);
if ((absFile != null) || (accountType != null)) {
CommunicationArtifactsHelper accountArtifact;
if (alternateId == null) {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
} else {
accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType, accountType, alternateId);
}
BlackboardArtifact messageArtifact = accountArtifact.addContact(contactName, phoneNumber, homePhoneNumber, mobilePhoneNumber, emailAddr, otherAttributes);
}
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
}
}
private void createCalllogRelationship(Collection<BlackboardAttribute> bbattributes, Content dataSource, String fileName) throws IngestModuleException {
String callerId = null;
List<String> calleeId = Arrays.asList();
CommunicationDirection communicationDirection = CommunicationDirection.UNKNOWN;
Long startDateTime = Long.valueOf(0);
Long endDateTime = Long.valueOf(0);
CallMediaType mediaType = CallMediaType.UNKNOWN;
List<BlackboardAttribute> otherAttributes = new ArrayList<>();
String sourceFile = null;
try {
for (BlackboardAttribute bba : bbattributes) {
switch (bba.getAttributeType().getTypeName()) {
case "TSK_TEXT_FILE":
sourceFile = bba.getValueString();
break;
case "TSK_DATETIME_START":
startDateTime = bba.getValueLong();
break;
case "TSK_DATETIME_END":
startDateTime = bba.getValueLong();
break;
case "TSK_DIRECTION":
if (bba.getValueString().toLowerCase().equals("outgoing")) {
communicationDirection = CommunicationDirection.OUTGOING;
} else if (bba.getValueString().toLowerCase().equals("incoming")) {
communicationDirection = CommunicationDirection.INCOMING;
}
break;
case "TSK_PHONE_NUMBER_FROM":
if (!bba.getValueString().isEmpty()) {
callerId = bba.getValueString();
}
break;
case "TSK_PHONE_NUMBER_TO":
if (!bba.getValueString().isEmpty()) {
String [] calleeTempList = bba.getValueString().split(",", 0);
calleeId = Arrays.asList(calleeTempList);
}
break;
default:
otherAttributes.add(bba);
break;
}
}
if (calleeId.isEmpty() && communicationDirection == CommunicationDirection.OUTGOING) {
String [] calleeTempList = callerId.split(",", 0);
calleeId = Arrays.asList(calleeTempList);
callerId = null;
}
AbstractFile absFile = findAbstractFile(dataSource, sourceFile);
Account.Type accountType = getAccountType(fileName);
if ((absFile != null) || (accountType != null)) {
CommunicationArtifactsHelper accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
BlackboardArtifact callLogArtifact = accountArtifact.addCalllog(communicationDirection, callerId, calleeId, startDateTime, endDateTime, mediaType, otherAttributes);
}
} catch (NoCurrentCaseException | TskCoreException | BlackboardException ex) {
throw new IngestModuleException(Bundle.LeappFileProcessor_cannot_create_message_relationship() + ex.getLocalizedMessage(), ex); //NON-NLS
}
}
private Account.Type getAccountType(String AccountTypeName) {
switch (AccountTypeName.toLowerCase()) {
case "zapya.tsv":
return Account.Type.ZAPYA;
case "sms messages.tsv":
return Account.Type.PHONE;
case "contacts.tsv":
return Account.Type.PHONE;
case "imo - accountid.tsv":
return Account.Type.IMO;
case "imo - messages.tsv":
return Account.Type.IMO;
case "mms messages.tsv":
return Account.Type.PHONE;
case "viber - call logs.tsv":
return Account.Type.VIBER;
case "viber - contacts.tsv":
return Account.Type.VIBER;
case "viber - messages.tsv":
return Account.Type.VIBER;
case "xender file transfer - messages.tsv":
return Account.Type.XENDER;
case "whatsapp - single call logs.tsv":
return Account.Type.WHATSAPP;
case "whatsapp - messages logs.tsv":
return Account.Type.WHATSAPP;
case "whatsapp - group call logs.tsv":
return Account.Type.WHATSAPP;
case "whatsapp - contacts.tsv":
return Account.Type.WHATSAPP;
case "tangomessages messages.tsv":
return Account.Type.TANGO;
case "shareit file transfer.tsv":
return Account.Type.SHAREIT;
default:
return null;
}
}
/**
* Process the line read and create the necessary attributes for it.
*
@ -399,16 +699,17 @@ public final class LeappFileProcessor {
/**
* Check type of attribute and possibly format string based on it.
*
*
* @param colAttr Column Attribute information
* @param value string to be formatted
* @return formatted string based on attribute type if no attribute type found then return original string
* @return formatted string based on attribute type if no attribute type
* found then return original string
*/
private String formatValueBasedOnAttrType(TsvColumn colAttr, String value) {
if (colAttr.getAttributeType().getTypeName().equals("TSK_DOMAIN")) {
return NetworkUtils.extractDomain(value);
}
return value;
}
@ -460,6 +761,7 @@ public final class LeappFileProcessor {
// Log this and continue on with processing
logger.log(Level.WARNING, String.format("Attribute Type %s for file %s not defined.", attrType, fileName)); //NON-NLS
return null;
}
}
@ -514,7 +816,7 @@ public final class LeappFileProcessor {
}
@NbBundle.Messages({
"LeappFileProcessor.cannot.load.artifact.xml=Cannor load xml artifact file.",
"LeappFileProcessor.cannot.load.artifact.xml=Cannot load xml artifact file.",
"LeappFileProcessor.cannotBuildXmlParser=Cannot buld an XML parser.",
"LeappFileProcessor_cannotParseXml=Cannot Parse XML file.",
"LeappFileProcessor.postartifacts_error=Error posting Blackboard Artifact",
@ -607,7 +909,7 @@ public final class LeappFileProcessor {
for (int k = 0; k < attributeNlist.getLength(); k++) {
NamedNodeMap nnm = attributeNlist.item(k).getAttributes();
String attributeName = nnm.getNamedItem("attributename").getNodeValue();
if (!attributeName.toLowerCase().matches("null")) {
String columnName = nnm.getNamedItem("columnName").getNodeValue();
String required = nnm.getNamedItem("required").getNodeValue();
@ -704,7 +1006,7 @@ public final class LeappFileProcessor {
*/
private void configExtractor() throws IOException {
PlatformUtil.extractResourceToUserConfigDir(LeappFileProcessor.class,
xmlFile, true);
xmlFile, true);
}
private static final Set<String> ALLOWED_EXTENSIONS = new HashSet<>(Arrays.asList("zip", "tar", "tgz"));
@ -761,4 +1063,35 @@ public final class LeappFileProcessor {
}
}
}
private AbstractFile findAbstractFile(Content dataSource, String fileNamePath) {
if (fileNamePath == null) {
return null;
}
List<AbstractFile> files;
String fileName = FilenameUtils.getName(fileNamePath);
String filePath = FilenameUtils.normalize(FilenameUtils.getPath(fileNamePath), true);
FileManager fileManager = Case.getCurrentCase().getServices().getFileManager();
try {
files = fileManager.findFiles(dataSource, fileName); //NON-NLS
} catch (TskCoreException ex) {
logger.log(Level.WARNING, "Unable to find prefetch files.", ex); //NON-NLS
return null; // No need to continue
}
for (AbstractFile pFile : files) {
if (pFile.getParentPath().toLowerCase().endsWith(filePath.toLowerCase())) {
return pFile;
}
}
return null;
}
}

137
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleap-artifact-attribute-reference.xml
View File

@ -344,17 +344,18 @@
<AttributeName attributename="TSK_DATETIME" columnName="Date" required="yes"/>
<AttributeName attributename="null" columnName="MSG ID" required="no"/>
<AttributeName attributename="TSK_THREAD_ID" columnName="Thread ID" required="yes"/>
<AttributeName attributename="TSK_DATETIME_SENT" columnName="Date sent" required="yes"/>
<AttributeName attributename="null" columnName="Date sent" required="no"/>
<AttributeName attributename="TSK_READ_STATUS" columnName="Read" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="From" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="To" required="yes"/>
<AttributeName attributename="null" columnName="Cc" required="no"/>
<AttributeName attributename="null" columnName="Bcc" required="no"/>
<AttributeName attributename="TSK_TEXT" columnName="Body" required="yes"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<!-- <FileName filename="partner settings.tsv" description="Partner Settings">
<!-- <FileName filename="partner settings.tsv" description="Partner Settings">
<ArtifactName artifactname="TSK_" comment="null">
<AttributeName attributename="null" columnName="Name" required="no" />
<AttributeName attributename="null" columnName="Value ) # Dont remove the comma" required="no" />
@ -365,17 +366,139 @@
<FileName filename="sms messages.tsv" description="SMS messages">
<ArtifactName artifactname="TSK_MESSAGE" comment="SMS messages">
<AttributeName attributename="TSK_DATETIME" columnName="Date" required="yes"/>
<AttributeName attributename="null" columnName="Date" required="no"/>
<AttributeName attributename="null" columnName="MSG ID" required="no"/>
<AttributeName attributename="TSK_THREAD_ID" columnName="Thread ID" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Address" required="yes" />
<AttributeName attributename="null" columnName="Contact ID" required="yes"/>
<AttributeName attributename="TSK_DATETIME_SENT" columnName="Date sent" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="Contact ID" required="yes"/>
<AttributeName attributename="TSK_DATETIME" columnName="Date sent" required="yes"/>
<AttributeName attributename="TSK_READ_STATUS" columnName="Read" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="Body" required="yes"/>
<AttributeName attributename="null" columnName="Service Center" required="yes"/>
<AttributeName attributename="null" columnName="Service Center" required="no"/>
<AttributeName attributename="null" columnName="Error Code" required="no"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Viber - Messages.tsv" description="Viber">
<ArtifactName artifactname="TSK_MESSAGE" comment="Viber Message">
<AttributeName attributename="TSK_DATETIME" columnName="Message Date" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="From Phone Number" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="Recipients" required="yes"/>
<AttributeName attributename="TSK_THREAD_ID" columnName="Thread ID" required="yes" />
<AttributeName attributename="TSK_TEXT" columnName="Message" required="yes" />
<AttributeName attributename="TSK_DIRECTION" columnName="direction" required="yes"/>
<AttributeName attributename="TSK_READ_STATUS" columnName="Read Status" required="yes"/>
<AttributeName attributename="TSK_ATTACHMENTS" columnName="File Attachment" required="yes"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
</aLeap_Files_To_Process>
<FileName filename="Viber - Contacts.tsv" description="Viber">
<ArtifactName artifactname="TSK_CONTACT" comment="Viber Contacts">
<AttributeName attributename="TSK_NAME" columnName="display name" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER" columnName="phone number" required="yes"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Viber - Call Logs.tsv" description="Viber">
<ArtifactName artifactname="TSK_CALLLOG" comment="Viber Contacts">
<AttributeName attributename="TSK_DATETIME_START" columnName="Call Start Time" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="phone number" required="yes"/>
<AttributeName attributename="TSK_DIRECTION" columnName="Call Direction" required="yes"/>
<AttributeName attributename="TSK_DATETIME_END" columnName="Call End Time" required="yes"/>
<AttributeName attributename="null" columnName="Call Type" required="no"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Zapya.tsv" description="Zapya">
<ArtifactName artifactname="TSK_MESSAGE" comment="Zapya Message">
<AttributeName attributename="null" columnName="Device" required="no"/>
<AttributeName attributename="null" columnName="Name" required="no"/>
<AttributeName attributename="TSK_DIRECTION" columnName="direction" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="fromid" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="toid" required="yes"/>
<AttributeName attributename="TSK_DATETIME" columnName="createtime" required="yes" />
<AttributeName attributename="TSK_ATTACHMENTS" columnName="path" required="yes"/>
<AttributeName attributename="null" columnName="title" required="no"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Xender file transfer - Messages.tsv" description="Xender">
<ArtifactName artifactname="TSK_MESSAGE" comment="Xender Message">
<AttributeName attributename="TSK_ATTACHMENTS" columnName="file_path" required="yes"/>
<AttributeName attributename="null" columnName="file_display_name" required="no"/>
<AttributeName attributename="null" columnName="file_size" required="no"/>
<AttributeName attributename="TSK_DATETIME" columnName="timestamp" required="yes" />
<AttributeName attributename="TSK_DIRECTION" columnName="direction" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="to_id" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="from_id" required="yes"/>
<AttributeName attributename="TSK_THREAD_ID" columnName="session_id" required="yes" />
<AttributeName attributename="null" columnName="sender_name" required="no"/>
<AttributeName attributename="null" columnName="sender_device_id" required="no"/>
<AttributeName attributename="null" columnName="recipient_name" required="no"/>
<AttributeName attributename="null" columnName="recipient_device_id" required="no"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Whatsapp - Single Call Logs.tsv" description="Whatsapp">
<ArtifactName artifactname="TSK_CALLLOG" comment="Whatsapp Single Call Log">
<AttributeName attributename="TSK_DATETIME_START" columnName="start_time" required="yes" />
<AttributeName attributename="null" columnName="call_type" required="no"/>
<AttributeName attributename="TSK_DATETIME_END" columnName="end_time" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="num" required="yes"/>
<AttributeName attributename="TSK_DIRECTION" columnName="call_direction" required="yes"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Whatsapp - Group Call Logs.tsv" description="Whatsapp">
<ArtifactName artifactname="TSK_CALLLOG" comment="Whatsapp Group Call Log">
<AttributeName attributename="null" columnName="call_type" required="no"/>
<AttributeName attributename="TSK_DATETIME_START" columnName="start_time" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="end_time" required="yes"/>
<AttributeName attributename="TSK_DIRECTION" columnName="call_direction" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="from_id" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="group_members" required="yes"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Whatsapp - Contacts.tsv" description="Whatsapp">
<ArtifactName artifactname="TSK_CONTACT" comment="Whatsapp Contacts">
<AttributeName attributename="TSK_EMAIL" columnName="number" required="yes"/>
<AttributeName attributename="TSK_NAME" columnName="name" required="yes" />
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Whatsapp - Messages.tsv" description="Whatsapp">
<ArtifactName artifactname="TSK_MESSAGE" comment="Whatsapp Messages">
<AttributeName attributename="TSK_THREAD_ID" columnName="messages_id" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="recipients" required="yes"/>
<AttributeName attributename="TSK_DIRECTION" columnName="direction" required="yes"/>
<AttributeName attributename="TSK_TEXT" columnName="content" required="yes"/>
<AttributeName attributename="TSK_DATETIME_START" columnName="send_timestamp" required="yes" />
<AttributeName attributename="TSK_DATETIME_END" columnName="received_timestamp" required="yes"/>
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="number" required="yes"/>
<AttributeName attributename="TSK_ATTACHMENTS" columnName="name" required="yes" />
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
<FileName filename="Contacts.tsv" description="Contacts">
<ArtifactName artifactname="TSK_CONTACT" comment="Contacts">
<AttributeName attributename="null" columnName="mimetype" required="no" />
<AttributeName attributename="null" columnName="data1" required="no" />
<AttributeName attributename="TSK_NAME" columnName="display_name" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER" columnName="phone_number" required="yes"/>
<AttributeName attributename="TSK_EMAIL" columnName="email address" required="yes"/>
<AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
</aLeap_Files_To_Process>

BIN
thirdparty/aLeapp/aleapp.exe vendored
View File

Binary file not shown.