From 7c2fd942a1e00cf805d4fda7c1f3413c65fa6927 Mon Sep 17 00:00:00 2001 From: Brian Carrier Date: Fri, 31 Oct 2014 14:51:33 -0400 Subject: [PATCH] add read status to android SMS parser. From pull request #905 @dkarpo. Added code to have read displayed as string and not integer --- .../autopsy/datamodel/BlackboardArtifactNode.java | 11 ++++++++++- .../autopsy/modules/android/TextMessageAnalyzer.java | 5 ++++- .../autopsy/timeline/events/type/MiscTypes.java | 3 ++- 3 files changed, 16 insertions(+), 3 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 37f877b167..303942ef59 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -282,13 +282,22 @@ public class BlackboardArtifactNode extends DisplayableItemNode { || attributeTypeID == ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID() || attributeTypeID == ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) { } else { + // BC: This should all be moved to the Attribute class... switch (attribute.getValueType()) { case STRING: String valString = attribute.getValueString(); map.put(attribute.getAttributeTypeDisplayName(), valString == null ? "":valString); break; case INTEGER: - map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueInt()); + if (attributeTypeID == ATTRIBUTE_TYPE.TSK_READ_STATUS.getTypeID()) { + if (attribute.getValueInt() == 0) { + map.put(attribute.getAttributeTypeDisplayName(), "Unread"); + } else { + map.put(attribute.getAttributeTypeDisplayName(), "Read"); + } + } else { + map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueInt()); + } break; case LONG: if (attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID() diff --git a/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java b/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java index bbf47f1223..9947e494b0 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java +++ b/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java @@ -78,12 +78,13 @@ class TextMessageAnalyzer { try { resultSet = statement.executeQuery( - "Select address,date,type,subject,body FROM sms;"); + "Select address,date,read,type,subject,body FROM sms;"); String address; // may be phone number, or other addresses String direction; // message received in inbox = 1, message sent = 2 String subject;//message subject + Integer read; // may be unread = 0, read = 1 String body; //message body while (resultSet.next()) { address = resultSet.getString("address"); @@ -93,6 +94,7 @@ class TextMessageAnalyzer { } else { direction = "Outgoing"; } + read = resultSet.getInt("read"); subject = resultSet.getString("subject"); body = resultSet.getString("body"); @@ -100,6 +102,7 @@ class TextMessageAnalyzer { bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction)); + bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS.getTypeID(), moduleName, read)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "SMS Message")); diff --git a/Core/src/org/sleuthkit/autopsy/timeline/events/type/MiscTypes.java b/Core/src/org/sleuthkit/autopsy/timeline/events/type/MiscTypes.java index 1d44a25161..cb023aae38 100644 --- a/Core/src/org/sleuthkit/autopsy/timeline/events/type/MiscTypes.java +++ b/Core/src/org/sleuthkit/autopsy/timeline/events/type/MiscTypes.java @@ -42,10 +42,11 @@ public enum MiscTypes implements EventType, ArtifactEventType { new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE), (artf, attrMap) -> { final BlackboardAttribute dir = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION); + final BlackboardAttribute readStatus = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS); final BlackboardAttribute name = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME); final BlackboardAttribute phoneNumber = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER); final BlackboardAttribute subject = attrMap.get(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT); - List asList = Arrays.asList(stringValueOf(dir), name != null || phoneNumber != null ? toFrom(dir) : "", stringValueOf(name != null ? name : phoneNumber), (subject == null ? "" : stringValueOf(subject))); + List asList = Arrays.asList(stringValueOf(dir), stringValueOf(readStatus), name != null || phoneNumber != null ? toFrom(dir) : "", stringValueOf(name != null ? name : phoneNumber), (subject == null ? "" : stringValueOf(subject))); return StringUtils.join(asList, " "); }, new AttributeExtractor(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT)),