mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 08:26:15 +00:00
Code Issues Packages Projects Releases Wiki Activity

Slightly simplified the XRY parser refactor

Browse Source
This commit is contained in:
U-BASIS\dsmyda 2020-03-11 12:07:15 -04:00
parent 44408269f6
commit 8ed0e48efd
2 changed files with 82 additions and 63 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java
View File

@ -202,40 +202,24 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
switch (xryKey) {
case TEL:
case NUMBER:
//Apply the namespace
switch (xryNamespace) {
case FROM:
if (callerId != null) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
PARSER_NAME, pair.getValue()));
} else {
callerId = pair.getValue();
}
break;
case TO:
calleeList.add(pair.getValue());
break;
default:
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
PARSER_NAME, pair.getValue()));
// Apply namespace or direction
if (xryNamespace == XryNamespace.FROM || direction == CommunicationDirection.INCOMING) {
callerId = pair.getValue();
} else if (xryNamespace == XryNamespace.TO || direction == CommunicationDirection.OUTGOING) {
calleeList.add(pair.getValue());
} else {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
PARSER_NAME, pair.getValue()));
}
break;
//Although confusing, as these are also 'name spaces', it appears
//later versions of XRY realized having standardized lines was easier
//to read.
// Although confusing, as these are also 'name spaces', it appears
// later versions of XRY just made these standardized lines.
case TO:
calleeList.add(pair.getValue());
break;
case FROM:
if (callerId != null) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
PARSER_NAME, pair.getValue()));
} else {
callerId = pair.getValue();
}
callerId = pair.getValue();
break;
case TIME:
try {
@ -256,6 +240,14 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
direction = CommunicationDirection.OUTGOING;
}
break;
case TYPE:
String typeString = pair.getValue();
if (typeString.equalsIgnoreCase("received")) {
direction = CommunicationDirection.INCOMING;
} else if (typeString.equalsIgnoreCase("dialed")) {
direction = CommunicationDirection.OUTGOING;
}
break;
default:
//Otherwise, the XryKey enum contains the correct BlackboardAttribute
//type.
@ -295,7 +287,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
// If the DIRECTION check failed, just manually create accounts
// for these phones. Note, there is no need to create relationships.
// If both callerId and calleeList were non-null/non-empty, then
// the check above would have directed us to the else block.
// it would have been a valid combination.
if (callerId != null) {
currentCase.getCommunicationsManager().createAccountFileInstance(
Account.Type.PHONE, callerId, PARSER_NAME, parent);

95
Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYMessagesFileParser.java
View File

@ -40,6 +40,7 @@ import java.util.logging.Level;
import org.sleuthkit.autopsy.coreutils.Logger;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.SleuthkitCase;
@ -313,37 +314,23 @@ final class XRYMessagesFileParser implements XRYFileParser {
switch (key) {
case TEL:
case NUMBER:
switch (namespace) {
case FROM:
if(senderId != null) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
PARSER_NAME, pair.getValue()));
} else {
senderId = pair.getValue();
}
break;
case TO:
case PARTICIPANT:
recipientIdsList.add(pair.getValue());
break;
default:
otherAttributes.add(new BlackboardAttribute(
// Apply namespace or direction
if(namespace == XryNamespace.FROM || direction == CommunicationDirection.INCOMING) {
senderId = pair.getValue();
} else if(namespace == XryNamespace.TO || direction == CommunicationDirection.OUTGOING) {
recipientIdsList.add(pair.getValue());
} else {
currentCase.getCommunicationsManager().createAccountFileInstance(
Account.Type.PHONE, pair.getValue(), PARSER_NAME, parent);
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER,
PARSER_NAME, pair.getValue()));
}
break;
//Although confusing, as these are also 'name spaces', it appears
//later versions of XRY realized having standardized lines was easier
//to read.
// Although confusing, as these are also 'name spaces', it appears
// later versions of XRY just made these standardized lines.
case FROM:
if(senderId != null) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM,
PARSER_NAME, pair.getValue()));
} else {
senderId = pair.getValue();
}
senderId = pair.getValue();
break;
case TO:
recipientIdsList.add(pair.getValue());
@ -405,12 +392,16 @@ final class XRYMessagesFileParser implements XRYFileParser {
text = pair.getValue();
break;
case DIRECTION:
if (normalizedValue.equals("incoming")) {
direction = CommunicationDirection.INCOMING;
} else if (normalizedValue.equals("outgoing")) {
direction = CommunicationDirection.OUTGOING;
} else {
direction = CommunicationDirection.UNKNOWN;
switch (normalizedValue) {
case "incoming":
direction = CommunicationDirection.INCOMING;
break;
case "outgoing":
direction = CommunicationDirection.OUTGOING;
break;
default:
direction = CommunicationDirection.UNKNOWN;
break;
}
break;
default:
@ -428,11 +419,47 @@ final class XRYMessagesFileParser implements XRYFileParser {
}
}
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
// Make sure we have the required fields.
// This combination is invalid.
if(senderId == null && recipientIdsList.isEmpty()) {
// Create the artifact manually..
if (direction != CommunicationDirection.UNKNOWN) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION,
PARSER_NAME, direction.getDisplayName()));
}
if (dateTime > 0L) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START,
PARSER_NAME, dateTime));
}
if(readStatus != MessageReadStatus.UNKNOWN) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS,
PARSER_NAME, (readStatus == MessageReadStatus.READ) ? 1 : 0));
}
if(text != null) {
otherAttributes.add(new BlackboardAttribute(
BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT,
PARSER_NAME, text));
}
if (!otherAttributes.isEmpty()) {
BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE);
artifact.addAttributes(otherAttributes);
currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
}
} else {
CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
currentCase, PARSER_NAME, parent, Account.Type.PHONE);
helper.addMessage(messageType, direction, senderId, recipientIdsList,
helper.addMessage(messageType, direction, senderId, recipientIdsList,
dateTime, readStatus, subject, text, threadId, otherAttributes);
}
}
}