diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle.properties deleted file mode 100644 index 8909d23e0e..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle.properties +++ /dev/null @@ -1,5 +0,0 @@ -iOSModuleFactory.moduleName=iOS Analyzer -iOSModuleFactory.moduleDescription=Extracts system and 3rd party app data -TextMessageAnalyzer.bbAttribute.incoming=Incoming -TextMessageAnalyzer.bbAttribute.outgoing=Outgoing -TextMessageAnalyzer.bbAttribute.smsMessage=SMS Message diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle.properties-MERGED deleted file mode 100755 index 33c0a3ed08..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle.properties-MERGED +++ /dev/null @@ -1,8 +0,0 @@ -CallLogAnalyzer.indexError.message=Failed to index call log artifact for keyword search. -ContactAnalyzer.indexError.message=Failed to index contact artifact for keyword search. -iOSModuleFactory.moduleName=iOS Analyzer -iOSModuleFactory.moduleDescription=Extracts system and 3rd party app data -TextMessageAnalyzer.bbAttribute.incoming=Incoming -TextMessageAnalyzer.bbAttribute.outgoing=Outgoing -TextMessageAnalyzer.bbAttribute.smsMessage=SMS Message -TextMessageAnalyzer.indexError.message=Failed to index text message artifact for keyword search. diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle_ja.properties deleted file mode 100644 index 03cd3cc41e..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/Bundle_ja.properties +++ /dev/null @@ -1,8 +0,0 @@ -CallLogAnalyzer.indexError.message=\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u691c\u7d22\u3059\u308b\u305f\u3081\u306e\u3001\u901a\u8a71\u30ed\u30b0\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u3092\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 -ContactAnalyzer.indexError.message=\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u691c\u7d22\u3059\u308b\u305f\u3081\u306e\u3001\u9023\u7d61\u5148\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u3092\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 -iOSModuleFactory.moduleName=iOS Analyzer -iOSModuleFactory.moduleDescription=\u30b7\u30b9\u30c6\u30e0\u3068\u30b5\u30fc\u30c9\u30d1\u30fc\u30c6\u30a3\u88fd\u30a2\u30d7\u30ea\u30c7\u30fc\u30bf\u3092\u62bd\u51fa -TextMessageAnalyzer.bbAttribute.incoming=\u53d7\u4fe1 -TextMessageAnalyzer.bbAttribute.outgoing=\u9001\u4fe1 -TextMessageAnalyzer.bbAttribute.smsMessage=SMS\u30e1\u30c3\u30bb\u30fc\u30b8 -TextMessageAnalyzer.indexError.message=\u30ad\u30fc\u30ef\u30fc\u30c9\u3092\u691c\u7d22\u3059\u308b\u305f\u3081\u306e\u3001\u30c6\u30ad\u30b9\u30c8\u30e1\u30c3\u30bb\u30fc\u30b8\u30a2\u30fc\u30c6\u30a3\u30d5\u30a1\u30af\u30c8\u3092\u30a4\u30f3\u30c7\u30c3\u30af\u30b9\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f\u3002 diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/CallLogAnalyzer.java b/Core/src/org/sleuthkit/autopsy/modules/iOS/CallLogAnalyzer.java deleted file mode 100644 index 908673f466..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/CallLogAnalyzer.java +++ /dev/null @@ -1,192 +0,0 @@ -/* - * Autopsy Forensic Browser - * - * Copyright 2014-2018 Basis Technology Corp. - * Contact: carrier sleuthkit org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.modules.iOS; - -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.logging.Level; -import org.openide.util.NbBundle.Messages; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; -import org.sleuthkit.autopsy.datamodel.ContentUtils; -import org.sleuthkit.autopsy.ingest.IngestJobContext; -import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.Blackboard; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskCoreException; - -/** - * Look for call logs and allow resulting blackboard artifacts to be generated. - */ -final class CallLogAnalyzer { - - private Connection connection = null; - private ResultSet resultSet = null; - private Statement statement = null; - private long fileId = 0; - private java.io.File jFile = null; - private final String moduleName = iOSModuleFactory.getModuleName(); - private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName()); - private Blackboard blackboard; - - /** - * Find call logs given an ingest job context and index the results. - * - * @param context The ingest job context. - */ - public void findCallLogs(IngestJobContext context) { - Case openCase; - try { - openCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS - return; - } - blackboard = openCase.getSleuthkitCase().getBlackboard(); - List absFiles; - try { - SleuthkitCase skCase = openCase.getSleuthkitCase(); - absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //NON-NLS //get exact file names - if (absFiles.isEmpty()) { - return; - } - for (AbstractFile file : absFiles) { - String dbPath = ""; - try { - jFile = new java.io.File(Case.getCurrentCaseThrows().getTempDirectory(), file.getName().replaceAll("[<>%|\"/:*\\\\]", "")); - dbPath = jFile.toString(); //path of file as string - fileId = file.getId(); - ContentUtils.writeToFile(file, jFile, context::dataSourceIngestIsCancelled); - findCallLogsInDB(dbPath, fileId); - } catch (ReadContentInputStreamException ex) { - logger.log(Level.WARNING, String.format("Error reading content from file '%s' (id=%d).", file.getName(), fileId), ex); //NON-NLS - } catch (Exception ex) { - logger.log(Level.SEVERE, String.format("Error writing content from file '%s' (id=%d) to '%s'.", file.getName(), fileId, dbPath), ex); //NON-NLS - } - } - } catch (TskCoreException e) { - logger.log(Level.SEVERE, "Error finding Call logs", e); //NON-NLS - } - } - - /** - * Index results for call logs found in the database. - * - * @param DatabasePath The path to the database. - * @param fileId The ID of the file associated with artifacts. - */ - @Messages({"CallLogAnalyzer.indexError.message=Failed to index call log artifact for keyword search."}) - private void findCallLogsInDB(String DatabasePath, long fileId) { - if (DatabasePath == null || DatabasePath.isEmpty()) { - return; - } - try { - Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver - connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS - statement = connection.createStatement(); - } catch (ClassNotFoundException | SQLException e) { - logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS - } - - Case currentCase; - try { - currentCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS - return; - } - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - try { - AbstractFile file = skCase.getAbstractFileById(fileId); - if (file == null) { - logger.log(Level.SEVERE, "Error getting abstract file {0}", fileId); //NON-NLS - return; - } - - try { - resultSet = statement.executeQuery( - "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;"); //NON-NLS - - BlackboardArtifact bba; - String name; // name of person dialed or called. null if unregistered - String number; //string phone number - String duration; //duration of call in seconds - String date; // Unix time - String type; // 1 incoming, 2 outgoing, 3 missed - - while (resultSet.next()) { - name = resultSet.getString("name"); //NON-NLS - number = resultSet.getString("number"); //NON-NLS - duration = resultSet.getString("duration"); //NON-NLS - date = resultSet.getString("date"); //NON-NLS - type = resultSet.getString("type"); //NON-NLS - - bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set. - Collection attributes = new ArrayList<>(); - if (type.equalsIgnoreCase("outgoing")) { //NON-NLS - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, number)); - } else { /// Covers INCOMING and MISSED - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, number)); - } - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, moduleName, date)); // RC: Should be long! - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, moduleName, duration + date)); // RC: Should be long! - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type)); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name)); - - bba.addAttributes(attributes); - try { - /* - * post the artifact which will index the artifact for - * keyword search, and fire an event to notify UI of - * this new artifact - */ - blackboard.postArtifact(bba, moduleName); - } catch (Blackboard.BlackboardException ex) { - logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS - MessageNotifyUtil.Notify.error( - Bundle.CallLogAnalyzer_indexError_message(), bba.getDisplayName()); - } - } - } catch (Exception e) { - logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS - } finally { - try { - resultSet.close(); - statement.close(); - connection.close(); - } catch (Exception e) { - logger.log(Level.SEVERE, "Error closing the database", e); //NON-NLS - } - } - } catch (Exception e) { - logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS - } - } -} diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java b/Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java deleted file mode 100644 index cde321fab4..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/ContactAnalyzer.java +++ /dev/null @@ -1,251 +0,0 @@ -/* - * Autopsy Forensic Browser - * - * Copyright 2014-2019 Basis Technology Corp. - * Contact: carrier sleuthkit org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.modules.iOS; - -import java.io.File; -import java.io.FileOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.logging.Level; -import org.openide.util.NbBundle.Messages; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; -import org.sleuthkit.autopsy.datamodel.ContentUtils; -import org.sleuthkit.autopsy.ingest.IngestJobContext; -import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.Blackboard; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.ReadContentInputStream; -import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskCoreException; - -/** - * Look for call logs and allow resulting blackboard artifacts to be generated. - */ -final class ContactAnalyzer { - - private Connection connection = null; - private String dbPath = ""; - private long fileId = 0; - private java.io.File jFile = null; - private final String moduleName = iOSModuleFactory.getModuleName(); - private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName()); - private Blackboard blackboard; - - /** - * Find contacts given an ingest job context and index the results. - * - * @param context The ingest job context. - */ - public void findContacts(IngestJobContext context) { - Case openCase; - try { - openCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS - return; - } - - blackboard = openCase.getSleuthkitCase().getBlackboard(); - List absFiles; - try { - SleuthkitCase skCase = openCase.getSleuthkitCase(); - absFiles = skCase.findAllFilesWhere("LOWER(name) LIKE LOWER('%call_history%') "); //NON-NLS //get exact file names - if (absFiles.isEmpty()) { - return; - } - for (AbstractFile file : absFiles) { - try { - jFile = new java.io.File(openCase.getTempDirectory(), file.getName().replaceAll("[<>%|\"/:*\\\\]", "")); - dbPath = jFile.toString(); //path of file as string - fileId = file.getId(); - ContentUtils.writeToFile(file, jFile, context::dataSourceIngestIsCancelled); - } catch (ReadContentInputStreamException ex) { - logger.log(Level.WARNING, String.format("Error reading content from file '%s' (id=%d).", file.getName(), fileId), ex); //NON-NLS - } catch (Exception ex) { - logger.log(Level.SEVERE, String.format("Error writing content from file '%s' (id=%d) to '%s'.", file.getName(), fileId, dbPath), ex); //NON-NLS - } - } - } catch (TskCoreException e) { - logger.log(Level.SEVERE, "Error finding Contacts", e); //NON-NLS - } - } - - /** - * Create blackboard artifacts and index results for call logs found in the - * database. - * - * @param DatabasePath The path to the database. - * @param fileId The ID of the file associated with artifacts. - */ - @Messages({"ContactAnalyzer.indexError.message=Failed to index contact artifact for keyword search."}) - private void findContactsInDB(String DatabasePath, long fileId) { - if (DatabasePath == null || DatabasePath.isEmpty()) { - return; - } - - Case currentCase; - try { - currentCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS - return; - } - - Statement statement = null; - try { - Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver - connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS - statement = connection.createStatement(); - } catch (ClassNotFoundException | SQLException e) { - logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS - } - - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - try { - AbstractFile file = skCase.getAbstractFileById(fileId); - if (file == null) { - logger.log(Level.SEVERE, "Error getting abstract file {0}", fileId); //NON-NLS - return; - } - - ResultSet resultSet = null; - try { - // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) - //sorted by name, so phonenumber/email would be consecutive for a person if they exist. - resultSet = statement.executeQuery( - "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" //NON-NLS - + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" //NON-NLS - + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " //NON-NLS - + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" //NON-NLS - + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" //NON-NLS - + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" //NON-NLS - + "ORDER BY name_raw_contact.display_name ASC;"); //NON-NLS - - BlackboardArtifact bba; - bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); - Collection attributes = new ArrayList<>(); - String name; - String oldName = ""; - String mimetype; // either phone or email - String data1; // the phone number or email - while (resultSet.next()) { - name = resultSet.getString("display_name"); //NON-NLS - data1 = resultSet.getString("data1"); //NON-NLS - mimetype = resultSet.getString("mimetype"); //NON-NLS - if (name.equals(oldName) == false) { - bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT); - attributes = new ArrayList<>(); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name)); - } - if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, moduleName, data1)); - } else { - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, moduleName, data1)); - } - - // TODO: If this code comes back to life, add code to create the account - // and relationship between the phone numbers & emails. Also - // investigate if the mimetype "vnd.android.cursor.item/phone_v2" - // makes sense in an ios word - - oldName = name; - - bba.addAttributes(attributes); - try { - // index the artifact for keyword search - blackboard.postArtifact(bba, moduleName); - } catch (Blackboard.BlackboardException ex) { - logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS - MessageNotifyUtil.Notify.error( - Bundle.ContactAnalyzer_indexError_message(), bba.getDisplayName()); - } - } - - } catch (Exception e) { - logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS - } finally { - try { - resultSet.close(); - statement.close(); - connection.close(); - } catch (Exception e) { - logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS - } - } - } catch (Exception e) { - logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS - } - - } - - public static void copyFileUsingStream(AbstractFile file, File jFile) throws IOException { - InputStream is = new ReadContentInputStream(file); - OutputStream os = new FileOutputStream(jFile); - byte[] buffer = new byte[8192]; - int length; - try { - while ((length = is.read(buffer)) != -1) { - os.write(buffer, 0, length); - os.flush(); - - } - - } finally { - is.close(); - os.close(); - } - } - - public static void copyFileUsingStreams(AbstractFile file, File jFile) { - InputStream istream; - OutputStream ostream = null; - int c; - final int EOF = -1; - istream = new ReadContentInputStream(file); - try { - ostream = new FileOutputStream(jFile); - while ((c = istream.read()) != EOF) { - ostream.write(c); - } - } catch (IOException e) { - logger.log(Level.WARNING, "Error copying file", e); - } finally { - try { - istream.close(); - ostream.close(); - } catch (IOException e) { - logger.log(Level.WARNING, "File did not close", e); - } - } - } -} diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java b/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java deleted file mode 100644 index c541bf608a..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java +++ /dev/null @@ -1,198 +0,0 @@ -/* - * Autopsy Forensic Browser - * - * Copyright 2014-2018 Basis Technology Corp. - * Contact: carrier sleuthkit org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.modules.iOS; - -import java.sql.Connection; -import java.sql.DriverManager; -import java.sql.ResultSet; -import java.sql.SQLException; -import java.sql.Statement; -import java.util.ArrayList; -import java.util.Collection; -import java.util.List; -import java.util.logging.Level; -import org.openide.util.NbBundle; -import org.openide.util.NbBundle.Messages; -import org.sleuthkit.autopsy.casemodule.Case; -import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException; -import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil; -import org.sleuthkit.autopsy.datamodel.ContentUtils; -import org.sleuthkit.autopsy.ingest.IngestJobContext; -import org.sleuthkit.datamodel.AbstractFile; -import org.sleuthkit.datamodel.Blackboard; -import org.sleuthkit.datamodel.BlackboardArtifact; -import org.sleuthkit.datamodel.BlackboardAttribute; -import org.sleuthkit.datamodel.ReadContentInputStream; -import org.sleuthkit.datamodel.SleuthkitCase; -import org.sleuthkit.datamodel.TskCoreException; - -/** - * Look for text messages and allow resulting blackboard artifacts to be - * generated. - */ -class TextMessageAnalyzer { - - private Connection connection = null; - private ResultSet resultSet = null; - private Statement statement = null; - private String dbPath = ""; - private long fileId = 0; - private java.io.File jFile = null; - List absFiles; - private final String moduleName = iOSModuleFactory.getModuleName(); - private static final Logger logger = Logger.getLogger(TextMessageAnalyzer.class.getName()); - private Blackboard blackboard; - - /** - * Find text messages given an ingest job context and index the results. - * - * @param context The ingest job context. - */ - void findTexts(IngestJobContext context) { - Case openCase; - try { - openCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS - return; - } - blackboard = openCase.getSleuthkitCase().getBlackboard(); - try { - SleuthkitCase skCase = openCase.getSleuthkitCase(); - absFiles = skCase.findAllFilesWhere("name ='mmssms.db'"); //NON-NLS //get exact file name - if (absFiles.isEmpty()) { - return; - } - for (AbstractFile file : absFiles) { - try { - jFile = new java.io.File(Case.getCurrentCaseThrows().getTempDirectory(), file.getName().replaceAll("[<>%|\"/:*\\\\]", "")); - dbPath = jFile.toString(); //path of file as string - fileId = file.getId(); - ContentUtils.writeToFile(file, jFile, context::dataSourceIngestIsCancelled); - findTextsInDB(dbPath, fileId); - } catch (ReadContentInputStream.ReadContentInputStreamException ex) { - logger.log(Level.WARNING, String.format("Error reading content from file '%s' (id=%d).", file.getName(), fileId), ex); //NON-NLS - } catch (Exception ex) { - logger.log(Level.SEVERE, String.format("Error writing content from file '%s' (id=%d) to '%s'.", file.getName(), fileId, dbPath), ex); //NON-NLS - } - } - } catch (TskCoreException e) { - logger.log(Level.SEVERE, "Error finding text messages", e); //NON-NLS - } - } - - /** - * Create blackboard artifacts and index results for text messages found in - * the database. - * - * @param DatabasePath The path to the database. - * @param fileId The ID of the file associated with artifacts. - */ - @Messages({"TextMessageAnalyzer.indexError.message=Failed to index text message artifact for keyword search."}) - private void findTextsInDB(String DatabasePath, long fileId) { - if (DatabasePath == null || DatabasePath.isEmpty()) { - return; - } - Case currentCase; - try { - currentCase = Case.getCurrentCaseThrows(); - } catch (NoCurrentCaseException ex) { - logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS - return; - } - try { - Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver - connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS - statement = connection.createStatement(); - } catch (ClassNotFoundException | SQLException e) { - logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS - } - - SleuthkitCase skCase = currentCase.getSleuthkitCase(); - try { - AbstractFile file = skCase.getAbstractFileById(fileId); - if (file == null) { - logger.log(Level.SEVERE, "Error getting abstract file {0}", fileId); //NON-NLS - return; - } - - try { - resultSet = statement.executeQuery( - "SELECT address,date,type,subject,body FROM sms;"); //NON-NLS - - BlackboardArtifact bba; - String address; // may be phone number, or other addresses - String date;//unix time - String type; // message received in inbox = 1, message sent = 2 - String subject;//message subject - String body; //message body - while (resultSet.next()) { - address = resultSet.getString("address"); //NON-NLS - date = resultSet.getString("date"); //NON-NLS - type = resultSet.getString("type"); //NON-NLS - subject = resultSet.getString("subject"); //NON-NLS - body = resultSet.getString("body"); //NON-NLS - - bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set. - Collection attributes = new ArrayList<>(); - // @@@ NEed to put into more specific TO or FROM - if (type.equals("1")) { - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.incoming"))); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, address)); - } else { - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.outgoing"))); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, address)); - } - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, moduleName, date)); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type)); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT, moduleName, subject)); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, moduleName, body)); - attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, moduleName, NbBundle.getMessage(this.getClass(), "TextMessageAnalyzer.bbAttribute.smsMessage"))); - - bba.addAttributes(attributes); - try { - /* - * post the artifact which will index the artifact for - * keyword search, and fire an event to notify UI of - * this new artifact - */ blackboard.postArtifact(bba, moduleName); - } catch (Blackboard.BlackboardException ex) { - logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS - MessageNotifyUtil.Notify.error( - Bundle.TextMessageAnalyzer_indexError_message(), bba.getDisplayName()); - } - } - - } catch (Exception e) { - logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); //NON-NLS - } finally { - try { - resultSet.close(); - statement.close(); - connection.close(); - } catch (Exception e) { - logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS - } - } - } catch (Exception e) { - logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e); //NON-NLS - } - } -} diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/iOSIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/iOS/iOSIngestModule.java deleted file mode 100644 index b0aacc9119..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/iOSIngestModule.java +++ /dev/null @@ -1,50 +0,0 @@ -/* - * Autopsy Forensic Browser - * - * Copyright 2014 Basis Technology Corp. - * Contact: carrier sleuthkit org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.modules.iOS; - -import java.util.HashMap; -import org.sleuthkit.autopsy.coreutils.Logger; -import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress; -import org.sleuthkit.autopsy.ingest.IngestModule; -import org.sleuthkit.datamodel.Content; -import org.sleuthkit.autopsy.ingest.DataSourceIngestModule; -import org.sleuthkit.autopsy.ingest.IngestJobContext; -import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter; -import org.sleuthkit.autopsy.ingest.IngestServices; - -class iOSIngestModule implements DataSourceIngestModule { - - private static final HashMap fileCountsForIngestJobs = new HashMap<>(); - private IngestJobContext context = null; - private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter(); - private static final Logger logger = Logger.getLogger(iOSModuleFactory.class.getName()); - private IngestServices services = IngestServices.getInstance(); - - @Override - public void startUp(IngestJobContext context) throws IngestModule.IngestModuleException { - this.context = context; - } - - @Override - public IngestModule.ProcessResult process(Content dataSource, DataSourceIngestModuleProgress progressBar) { - ContactAnalyzer FindContacts = new ContactAnalyzer(); - FindContacts.findContacts(context); - return IngestModule.ProcessResult.OK; - } -} diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/iOSModuleFactory.java b/Core/src/org/sleuthkit/autopsy/modules/iOS/iOSModuleFactory.java deleted file mode 100644 index 942dca5379..0000000000 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/iOSModuleFactory.java +++ /dev/null @@ -1,59 +0,0 @@ -/* - * Autopsy Forensic Browser - * - * Copyright 2014 Basis Technology Corp. - * Contact: carrier sleuthkit org - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.sleuthkit.autopsy.modules.iOS; - -import org.openide.util.NbBundle; -import org.sleuthkit.autopsy.coreutils.Version; -import org.sleuthkit.autopsy.ingest.DataSourceIngestModule; -import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter; -import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings; - -//@ServiceProvider(service = IngestModuleFactory.class) // -public class iOSModuleFactory extends IngestModuleFactoryAdapter { - - static String getModuleName() { - return NbBundle.getMessage(iOSModuleFactory.class, "iOSModuleFactory.moduleName"); - } - - @Override - public String getModuleDisplayName() { - return getModuleName(); - } - - @Override - public String getModuleDescription() { - return NbBundle.getMessage(iOSModuleFactory.class, "iOSModuleFactory.moduleDescription"); - } - - @Override - public String getModuleVersionNumber() { - return Version.getVersion(); - } - - @Override - public boolean isDataSourceIngestModuleFactory() { - return true; - } - - @Override - public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings settings) { - return new iOSIngestModule(); - } - -}