mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 08:26:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Slightly simplified the XRY parser refactor

Browse Source
This commit is contained in:
U-BASIS\dsmyda 2020-03-11 12:07:15 -04:00
parent 44408269f6
commit 8ed0e48efd
2 changed files with 82 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java
View File

@ -202,40 +202,24 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
switch (xryKey) { switch (xryKey) {
case TEL: case TEL:
case NUMBER: case NUMBER:
//Apply the namespace // Apply namespace or direction
switch (xryNamespace) { if (xryNamespace == XryNamespace.FROM || direction == CommunicationDirection.INCOMING) {
case FROM: callerId = pair.getValue();
if (callerId != null) { } else if (xryNamespace == XryNamespace.TO || direction == CommunicationDirection.OUTGOING) {
otherAttributes.add(new BlackboardAttribute( calleeList.add(pair.getValue());
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, } else {
PARSER_NAME, pair.getValue())); otherAttributes.add(new BlackboardAttribute(
} else { BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
callerId = pair.getValue(); PARSER_NAME, pair.getValue()));
}
break;
case TO:
calleeList.add(pair.getValue());
break;
default:
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
PARSER_NAME, pair.getValue()));
} }
break; break;
//Although confusing, as these are also 'name spaces', it appears // Although confusing, as these are also 'name spaces', it appears
//later versions of XRY realized having standardized lines was easier // later versions of XRY just made these standardized lines.
//to read.
case TO: case TO:
calleeList.add(pair.getValue()); calleeList.add(pair.getValue());
break; break;
case FROM: case FROM:
if (callerId != null) { callerId = pair.getValue();
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
PARSER_NAME, pair.getValue()));
} else {
callerId = pair.getValue();
}
break; break;
case TIME: case TIME:
try { try {
@ -256,6 +240,14 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
direction = CommunicationDirection.OUTGOING; direction = CommunicationDirection.OUTGOING;
} }
break; break;
case TYPE:
String typeString = pair.getValue();
if (typeString.equalsIgnoreCase("received")) {
direction = CommunicationDirection.INCOMING;
} else if (typeString.equalsIgnoreCase("dialed")) {
direction = CommunicationDirection.OUTGOING;
}
break;
default: default:
//Otherwise, the XryKey enum contains the correct BlackboardAttribute //Otherwise, the XryKey enum contains the correct BlackboardAttribute
//type. //type.
@ -295,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
// If the DIRECTION check failed, just manually create accounts // If the DIRECTION check failed, just manually create accounts
// for these phones. Note, there is no need to create relationships. // for these phones. Note, there is no need to create relationships.
// If both callerId and calleeList were non-null/non-empty, then // If both callerId and calleeList were non-null/non-empty, then
// the check above would have directed us to the else block. // it would have been a valid combination.
if (callerId != null) { if (callerId != null) {
currentCase.getCommunicationsManager().createAccountFileInstance( currentCase.getCommunicationsManager().createAccountFileInstance(
Account.Type.PHONE, callerId, PARSER_NAME, parent); Account.Type.PHONE, callerId, PARSER_NAME, parent);

95
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java
View File

@ -40,6 +40,7 @@ import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger; import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.Account; import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.Blackboard.BlackboardException; import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute; import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content; import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.SleuthkitCase; import org.sleuthkit.datamodel.SleuthkitCase;
@ -313,37 +314,23 @@ final class XRYMessagesFileParser implements XRYFileParser {
switch (key) { switch (key) {
case TEL: case TEL:
case NUMBER: case NUMBER:
switch (namespace) { // Apply namespace or direction
case FROM: if(namespace == XryNamespace.FROM || direction == CommunicationDirection.INCOMING) {
if(senderId != null) { senderId = pair.getValue();
otherAttributes.add(new BlackboardAttribute( } else if(namespace == XryNamespace.TO || direction == CommunicationDirection.OUTGOING) {
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, recipientIdsList.add(pair.getValue());
PARSER_NAME, pair.getValue())); } else {
} else { currentCase.getCommunicationsManager().createAccountFileInstance(
senderId = pair.getValue(); Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent);
} otherAttributes.add(new BlackboardAttribute(
break;
case TO:
case PARTICIPANT:
recipientIdsList.add(pair.getValue());
break;
default:
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
PARSER_NAME, pair.getValue())); PARSER_NAME, pair.getValue()));
} }
break; break;
//Although confusing, as these are also 'name spaces', it appears // Although confusing, as these are also 'name spaces', it appears
//later versions of XRY realized having standardized lines was easier // later versions of XRY just made these standardized lines.
//to read.
case FROM: case FROM:
if(senderId != null) { senderId = pair.getValue();
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
PARSER_NAME, pair.getValue()));
} else {
senderId = pair.getValue();
}
break; break;
case TO: case TO:
recipientIdsList.add(pair.getValue()); recipientIdsList.add(pair.getValue());
@ -405,12 +392,16 @@ final class XRYMessagesFileParser implements XRYFileParser {
text = pair.getValue(); text = pair.getValue();
break; break;
case DIRECTION: case DIRECTION:
if (normalizedValue.equals("incoming")) { switch (normalizedValue) {
direction = CommunicationDirection.INCOMING; case "incoming":
} else if (normalizedValue.equals("outgoing")) { direction = CommunicationDirection.INCOMING;
direction = CommunicationDirection.OUTGOING; break;
} else { case "outgoing":
direction = CommunicationDirection.UNKNOWN; direction = CommunicationDirection.OUTGOING;
break;
default:
direction = CommunicationDirection.UNKNOWN;
break;
} }
break; break;
default: default:
@ -428,11 +419,47 @@ final class XRYMessagesFileParser implements XRYFileParser {
} }
} }
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper( // Make sure we have the required fields.
// This combination is invalid.
if(senderId == null && recipientIdsList.isEmpty()) {
// Create the artifact manually..
if (direction != CommunicationDirection.UNKNOWN) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION,
PARSER_NAME, direction.getDisplayName()));
}
if (dateTime > 0L) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START,
PARSER_NAME, dateTime));
}
if(readStatus != MessageReadStatus.UNKNOWN) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS,
PARSER_NAME, (readStatus == MessageReadStatus.READ) ? 1 : 0));
}
if(text != null) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT,
PARSER_NAME, text));
}
if (!otherAttributes.isEmpty()) {
BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE);
artifact.addAttributes(otherAttributes);
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
}
} else {
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
currentCase, PARSER_NAME, parent, Account.Type.PHONE); currentCase, PARSER_NAME, parent, Account.Type.PHONE);
helper.addMessage(messageType, direction, senderId, recipientIdsList, helper.addMessage(messageType, direction, senderId, recipientIdsList,
dateTime, readStatus, subject, text, threadId, otherAttributes); dateTime, readStatus, subject, text, threadId, otherAttributes);
}
} }
} }