diff --git a/InternalPythonModules/android/shareit.py b/InternalPythonModules/android/shareit.py index 8e3ebd3823..bccc9b9a3b 100644 --- a/InternalPythonModules/android/shareit.py +++ b/InternalPythonModules/android/shareit.py @@ -54,18 +54,20 @@ and adds artifacts to the case. """ class ShareItAnalyzer(general.AndroidComponentAnalyzer): - moduleName = "ShareIT Analyzer" - progName = "ShareIt" - def __init__(self): self._logger = Logger.getLogger(self.__class__.__name__) + self._PACKAGE_NAME = "com.lenovo.anyshare.gps" + self._MODULE_NAME = "ShareIt Analyzer" + self._MESSAGE_TYPE = "ShareIt Message" + self._VERSION = "5.0.28_ww" def analyze(self, dataSource, fileManager, context): - historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, "com.lenovo.anyshare.gps") + historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, self._PACKAGE_NAME) for historyDb in historyDbs: try: - historyDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), - self.moduleName, historyDb.getDBFile(), + current_case = Case.getCurrentCaseThrows() + historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), + self._MODULE_NAME, historyDb.getDBFile(), Account.Type.SHAREIT) queryString = "SELECT history_type, device_id, device_name, description, timestamp, import_path FROM history" @@ -89,7 +91,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): timeStamp = historyResultSet.getLong("timestamp") / 1000 messageArtifact = transferDbHelper.addMessage( - "ShareIt Message", + self._MESSAGE_TYPE, direction, fromAddress, toAddress, @@ -97,14 +99,22 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer): MessageReadStatus.UNKNOWN, None, # subject msgBody, - "" ) + None ) # thread id # TBD: add the file as attachment ?? except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for ShareIt history.", ex) - except (TskCoreException, BlackboardException) as ex: - self._logger.log(Level.WARNING, "Failed to create ShareIt message artifacts.", ex) + self._logger.log(Level.SEVERE, traceback.format_exc()) + except TskCoreException as ex: + self._logger.log(Level.SEVERE, "Failed to create ShareIt message artifacts.", ex) + self._logger.log(Level.SEVERE, traceback.format_exc()) + except BlackboardException as ex: + self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) + except NoCurrentCaseException as ex: + self._logger.log(Level.WARNING, "No case currently open.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) finally: historyDb.close() diff --git a/InternalPythonModules/android/xender.py b/InternalPythonModules/android/xender.py index d1cecd3a82..e3c72f33e2 100644 --- a/InternalPythonModules/android/xender.py +++ b/InternalPythonModules/android/xender.py @@ -52,28 +52,36 @@ Finds the SQLite DB for Xender, parses the DB for contacts & messages, and adds artifacts to the case. """ class XenderAnalyzer(general.AndroidComponentAnalyzer): - - moduleName = "Xender Analyzer" - progName = "Xender" - + def __init__(self): self._logger = Logger.getLogger(self.__class__.__name__) + self._PACKAGE_NAME = "cn.xender" + self._MODULE_NAME = "Xender Analyzer" + self._MESSAGE_TYPE = "Xender Message" + self._VERSION = "4.6.5" + def analyze(self, dataSource, fileManager, context): selfAccountAddress = None - transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, "cn.xender") + transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, self._PACKAGE_NAME) for transactionDb in transactionDbs: try: + current_case = Case.getCurrentCaseThrows() # get the profile with connection_times 0, that's the self account. profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0") if profilesResultSet: while profilesResultSet.next(): if not selfAccountAddress: selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name")) - - transactionDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), - self.moduleName, transactionDb.getDBFile(), + # create artifacts helper + if selfAccountAddress is not None: + transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), + self._MODULE_NAME, transactionDb.getDBFile(), Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress ) + else: + transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), + self._MODULE_NAME, transactionDb.getDBFile(), + Account.Type.XENDER) queryString = "SELECT f_path, f_display_name, f_size_str, f_create_time, c_direction, c_session_id, s_name, s_device_id, r_name, r_device_id FROM new_history " messagesResultSet = transactionDb.runQuery(queryString) @@ -96,13 +104,13 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): timeStamp = messagesResultSet.getLong("f_create_time") / 1000 messageArtifact = transactionDbHelper.addMessage( - "Xender Message", + self._MESSAGE_TYPE, direction, fromAddress, toAddress, timeStamp, MessageReadStatus.UNKNOWN, - None, + None, # subject msgBody, messagesResultSet.getString("c_session_id") ) @@ -110,8 +118,16 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer): except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for profiles", ex) - except (TskCoreException, BlackboardException) as ex: - self._logger.log(Level.WARNING, "Failed to create Xender message artifacts.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) + except TskCoreException as ex: + self._logger.log(Level.SEVERE, "Failed to create Xender message artifacts.", ex) + self._logger.log(Level.SEVERE, traceback.format_exc()) + except BlackboardException as ex: + self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) + except NoCurrentCaseException as ex: + self._logger.log(Level.WARNING, "No case currently open.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) finally: transactionDb.close() diff --git a/InternalPythonModules/android/zapya.py b/InternalPythonModules/android/zapya.py index 9bcb5753d1..672795c076 100644 --- a/InternalPythonModules/android/zapya.py +++ b/InternalPythonModules/android/zapya.py @@ -54,18 +54,21 @@ and adds artifacts to the case. """ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): - moduleName = "Zapya Analyzer" - progName = "Zapya" - def __init__(self): self._logger = Logger.getLogger(self.__class__.__name__) + self._PACKAGE_NAME = "com.dewmobile.kuaiya.play" + self._MODULE_NAME = "Zapya Analyzer" + self._MESSAGE_TYPE = "Zapya Message" + self._VERSION = "5.8.3" def analyze(self, dataSource, fileManager, context): - transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, "com.dewmobile.kuaiya.play") + transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, self._PACKAGE_NAME) for transferDb in transferDbs: try: - transferDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), - self.moduleName, transferDb.getDBFile(), + current_case = Case.getCurrentCaseThrows() + # + transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(), + self._MODULE_NAME, transferDb.getDBFile(), Account.Type.ZAPYA) queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" @@ -89,23 +92,30 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer): timeStamp = transfersResultSet.getLong("createtime") / 1000 messageArtifact = transferDbHelper.addMessage( - "Zapya Message", + self._MESSAGE_TYPE, direction, fromAddress, toAddress, timeStamp, MessageReadStatus.UNKNOWN, - None, + None, # subject msgBody, - "" ) + None ) # thread id # TBD: add the file as attachment ?? except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for transfer", ex) - except (TskCoreException, BlackboardException) as ex: - self._logger.log(Level.WARNING, "Failed to create Zapya message artifacts.", ex) - + self._logger.log(Level.WARNING, traceback.format_exc()) + except TskCoreException as ex: + self._logger.log(Level.SEVERE, "Failed to create Zapya message artifacts.", ex) + self._logger.log(Level.SEVERE, traceback.format_exc()) + except BlackboardException as ex: + self._logger.log(Level.WARNING, "Failed to post artifacts.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) + except NoCurrentCaseException as ex: + self._logger.log(Level.WARNING, "No case currently open.", ex) + self._logger.log(Level.WARNING, traceback.format_exc()) finally: transferDb.close()