From 4da9bc79d4639202c60fb7c74d3578ad17f4c195 Mon Sep 17 00:00:00 2001 From: Kelly Kelly Date: Wed, 12 Jun 2019 16:36:59 -0400 Subject: [PATCH] Added support for andriod text message --- .../autopsy/communications/relationships/MessageNode.java | 4 ++-- InternalPythonModules/android/textmessage.py | 4 +++- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessageNode.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessageNode.java index a7743dc3af..8a5af271d1 100755 --- a/Core/src/org/sleuthkit/autopsy/communications/relationships/MessageNode.java +++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/MessageNode.java @@ -86,6 +86,8 @@ class MessageNode extends BlackboardArtifactNode { } sheetSet.put(new NodeProperty<>("Type", Bundle.MessageNode_Node_Property_Type(), "", getDisplayName())); //NON-NLS + + sheetSet.put(new NodeProperty<>("ThreadID", "ThreadID","",threadID == null ? UNTHREADED_ID : threadID)); //NON-NLS final BlackboardArtifact artifact = getArtifact(); @@ -107,8 +109,6 @@ class MessageNode extends BlackboardArtifactNode { } catch (TskCoreException ex) { logger.log(Level.WARNING, "Error loading attachment count for " + artifact, ex); //NON-NLS } - - sheetSet.put(new NodeProperty<>("ThreadID", "ThreadID","",threadID == null ? "" : threadID)); //NON-NLS break; case TSK_MESSAGE: diff --git a/InternalPythonModules/android/textmessage.py b/InternalPythonModules/android/textmessage.py index 5d7f9db638..ef8fa498c8 100644 --- a/InternalPythonModules/android/textmessage.py +++ b/InternalPythonModules/android/textmessage.py @@ -99,13 +99,14 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): resultSet = None try: resultSet = statement.executeQuery( - "SELECT address, date, read, type, subject, body FROM sms;") + "SELECT address, date, read, type, subject, body, thread_id FROM sms;") while resultSet.next(): address = resultSet.getString("address") # may be phone number, or other addresses date = Long.valueOf(resultSet.getString("date")) / 1000 read = resultSet.getInt("read") # may be unread = 0, read = 1 subject = resultSet.getString("subject") # message subject body = resultSet.getString("body") # message body + thread_id = "{0}_{1}".format(abstractFile.getId(), resultSet.getInt("thread_id")) attributes = ArrayList() artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); #create Message artifact and then add attributes from result set. if resultSet.getString("type") == "1": @@ -119,6 +120,7 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, general.MODULE_NAME, subject)) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, general.MODULE_NAME, body)) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, general.MODULE_NAME, "SMS Message")) + attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_THREAD_ID, general.MODULE_NAME, thread_id)) artifact.addAttributes(attributes)