Merge pull request #6803 from markmckinnon/7255-upgade-ileapp-aleapp-executables

7255-upgade-ileapp-aleapp-executables
2025-07-06 21:00:22 +00:00 · 2021-04-05 17:05:40 -04:00 · 2021-04-05 17:05:40 -04:00 · 5b63326a78
commit 5b63326a78
parent f68c39519d 3d6d30e89d
3 changed files with 16 additions and 12 deletions
--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
@ -165,7 +165,8 @@ public final class LeappFileProcessor {
            .put("Contacts.tsv", "contact")
            .put("IMO - AccountId.tsv", "contact")
            .put("IMO - messages.tsv", "message")
-            
+            .put("SMS - iMessage.tsv", "message")
            .put("Call History.tsv", "calllog")
            .build();
    Blackboard blkBoard;
@ -447,7 +448,9 @@ public final class LeappFileProcessor {
                }
            }
            AbstractFile absFile = findAbstractFile(dataSource, sourceFile);
-            Account.Type accountType = getAccountType(fileName);
+            if (absFile == null) {
                absFile = (AbstractFile) dataSource;
            }            Account.Type accountType = getAccountType(fileName);
            if ((absFile != null) || (accountType != null)) {
                CommunicationArtifactsHelper accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
                                                               moduleName, absFile, accountType);
@ -628,8 +631,10 @@ public final class LeappFileProcessor {
                return Account.Type.TANGO;  
            case "shareit file transfer.tsv":
                return Account.Type.SHAREIT;   
            case "sms - imessage.tsv":
                return Account.Type.PHONE;
            default:
-                return null;
+                return Account.Type.PHONE;
        }
    }
--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml
@ -50,9 +50,9 @@
        <FileName filename="App Snapshots.tsv" description="App Snapshots (screenshots)">
            <ArtifactName artifactname="TSK_SCREEN_SHOTS" comment="null">
                <AttributeName attributename="TSK_PROG_NAME" columnName="App Name" required="yes" />
-                <AttributeName attributename="TSK_PATH" columnName="SOurce Path" required="yes" />
+                <AttributeName attributename="TSK_PATH" columnName="Source Path" required="yes" />
                <AttributeName attributename="TSK_DATETIME" columnName="Date Modified" required="yes" />
-                <AttributeName attributename="null" columnName="Source File Located" required="no" />
+                <AttributeName attributename="null" columnName="Png Path" required="no" />
            </ArtifactName>
        </FileName>
@ -101,6 +101,7 @@
                <AttributeName attributename="null" columnName="ISO County Code" required="no" />
                <AttributeName attributename="null" columnName="Location" required="no" />
                <AttributeName attributename="null" columnName="Service Provider" required="no" />
                <AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
            </ArtifactName>
        </FileName>
@ -743,16 +744,14 @@
            </ArtifactName>
        </FileName>
 <!-- This section is commented out as the iLeapp program needs to be changed in order to properly process the mail.  It appears that the 
     TSK_TEXT can contain carriage/line returns and this messes reading the tsv file line by line
        <FileName filename="SMS - iMessage.tsv" description="SMS - iMessage">
-            <ArtifactName artifactname="TSK_MESSAGE" comment="null">
+            <ArtifactName artifactname="TSK_MESSAGE" comment="SMS - iMessage">
                <AttributeName attributename="TSK_DATETIME" columnName="Message Date" required="yes" />
-                <AttributeName attributename="TSK_DATETIME_RCVD" columnName="Date Delivered" required="yes" />
+                <AttributeName attributename="null" columnName="Date Delivered" required="no" />
-                <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Date Read" required="yes" />
+                <AttributeName attributename="null" columnName="Date Read" required="no" />
                <AttributeName attributename="TSK_TEXT" columnName="Message" required="yes" />
                <AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Contact ID" required="yes" />
-                <AttributeName attributename="TSK_MESSAGE_TYPE" columnName="Service" required="yes" />
+                <AttributeName attributename="null" columnName="Service" required="no" />
                <AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="Account" required="yes" />
                <AttributeName attributename="null" columnName="Is Delivered" required="no" />
                <AttributeName attributename="null" columnName="Is from Me" required="no" />
@ -760,9 +759,9 @@
                <AttributeName attributename="null" columnName="MIME Type" required="no" />
                <AttributeName attributename="null" columnName="Transfer Type" required="no" />
                <AttributeName attributename="null" columnName="Total Bytes" required="no" />
                <AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>            
            </ArtifactName>
        </FileName>
 -->
        <FileName filename="Wifi.tsv" description="Wifi">
            <ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
--- a/thirdparty/iLeapp/ileapp.exe
+++ b/thirdparty/iLeapp/ileapp.exe