mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments.

Browse Source
This commit is contained in:
Raman 2019-09-19 17:44:20 -04:00
parent f2b8b7775e
commit 9f4ef71696
3 changed files with 70 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
InternalPythonModules/android/shareit.py
View File

@ -54,18 +54,20 @@ and adds artifacts to the case.
""" """
class ShareItAnalyzer(general.AndroidComponentAnalyzer): class ShareItAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "ShareIT Analyzer"
progName = "ShareIt"
def __init__(self): def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__) self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "com.lenovo.anyshare.gps"
self._MODULE_NAME = "ShareIt Analyzer"
self._MESSAGE_TYPE = "ShareIt Message"
self._VERSION = "5.0.28_ww"
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, "com.lenovo.anyshare.gps") historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, self._PACKAGE_NAME)
for historyDb in historyDbs: for historyDb in historyDbs:
try: try:
historyDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), current_case = Case.getCurrentCaseThrows()
self.moduleName, historyDb.getDBFile(), historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile(),
Account.Type.SHAREIT) Account.Type.SHAREIT)
queryString = "SELECT history_type, device_id, device_name, description, timestamp, import_path FROM history" queryString = "SELECT history_type, device_id, device_name, description, timestamp, import_path FROM history"
@ -89,7 +91,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = historyResultSet.getLong("timestamp") / 1000 timeStamp = historyResultSet.getLong("timestamp") / 1000
messageArtifact = transferDbHelper.addMessage( messageArtifact = transferDbHelper.addMessage(
"ShareIt Message", self._MESSAGE_TYPE,
direction, direction,
fromAddress, fromAddress,
toAddress, toAddress,
@ -97,14 +99,22 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
MessageReadStatus.UNKNOWN, MessageReadStatus.UNKNOWN,
None, # subject None, # subject
msgBody, msgBody,
"" ) None ) # thread id
# TBD: add the file as attachment ?? # TBD: add the file as attachment ??
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for ShareIt history.", ex) self._logger.log(Level.WARNING, "Error processing query result for ShareIt history.", ex)
except (TskCoreException, BlackboardException) as ex: self._logger.log(Level.SEVERE, traceback.format_exc())
self._logger.log(Level.WARNING, "Failed to create ShareIt message artifacts.", ex) except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create ShareIt message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally: finally:
historyDb.close() historyDb.close()

40
InternalPythonModules/android/xender.py
View File

@ -52,28 +52,36 @@ Finds the SQLite DB for Xender, parses the DB for contacts & messages,
and adds artifacts to the case. and adds artifacts to the case.
""" """
class XenderAnalyzer(general.AndroidComponentAnalyzer): class XenderAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "Xender Analyzer"
progName = "Xender"
def __init__(self): def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__) self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "cn.xender"
self._MODULE_NAME = "Xender Analyzer"
self._MESSAGE_TYPE = "Xender Message"
self._VERSION = "4.6.5"
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
selfAccountAddress = None selfAccountAddress = None
transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, "cn.xender") transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, self._PACKAGE_NAME)
for transactionDb in transactionDbs: for transactionDb in transactionDbs:
try: try:
current_case = Case.getCurrentCaseThrows()
# get the profile with connection_times 0, that's the self account. # get the profile with connection_times 0, that's the self account.
profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0") profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0")
if profilesResultSet: if profilesResultSet:
while profilesResultSet.next(): while profilesResultSet.next():
if not selfAccountAddress: if not selfAccountAddress:
selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name")) selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name"))
# create artifacts helper
transactionDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), if selfAccountAddress is not None:
self.moduleName, transactionDb.getDBFile(), transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress ) Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress )
else:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER)
queryString = "SELECT f_path, f_display_name, f_size_str, f_create_time, c_direction, c_session_id, s_name, s_device_id, r_name, r_device_id FROM new_history " queryString = "SELECT f_path, f_display_name, f_size_str, f_create_time, c_direction, c_session_id, s_name, s_device_id, r_name, r_device_id FROM new_history "
messagesResultSet = transactionDb.runQuery(queryString) messagesResultSet = transactionDb.runQuery(queryString)
@ -96,13 +104,13 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = messagesResultSet.getLong("f_create_time") / 1000 timeStamp = messagesResultSet.getLong("f_create_time") / 1000
messageArtifact = transactionDbHelper.addMessage( messageArtifact = transactionDbHelper.addMessage(
"Xender Message", self._MESSAGE_TYPE,
direction, direction,
fromAddress, fromAddress,
toAddress, toAddress,
timeStamp, timeStamp,
MessageReadStatus.UNKNOWN, MessageReadStatus.UNKNOWN,
None, None, # subject
msgBody, msgBody,
messagesResultSet.getString("c_session_id") ) messagesResultSet.getString("c_session_id") )
@ -110,8 +118,16 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for profiles", ex) self._logger.log(Level.WARNING, "Error processing query result for profiles", ex)
except (TskCoreException, BlackboardException) as ex: self._logger.log(Level.WARNING, traceback.format_exc())
self._logger.log(Level.WARNING, "Failed to create Xender message artifacts.", ex) except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create Xender message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally: finally:
transactionDb.close() transactionDb.close()

34
InternalPythonModules/android/zapya.py
View File

@ -54,18 +54,21 @@ and adds artifacts to the case.
""" """
class ZapyaAnalyzer(general.AndroidComponentAnalyzer): class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "Zapya Analyzer"
progName = "Zapya"
def __init__(self): def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__) self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "com.dewmobile.kuaiya.play"
self._MODULE_NAME = "Zapya Analyzer"
self._MESSAGE_TYPE = "Zapya Message"
self._VERSION = "5.8.3"
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, "com.dewmobile.kuaiya.play") transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, self._PACKAGE_NAME)
for transferDb in transferDbs: for transferDb in transferDbs:
try: try:
transferDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), current_case = Case.getCurrentCaseThrows()
self.moduleName, transferDb.getDBFile(), #
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transferDb.getDBFile(),
Account.Type.ZAPYA) Account.Type.ZAPYA)
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
@ -89,23 +92,30 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = transfersResultSet.getLong("createtime") / 1000 timeStamp = transfersResultSet.getLong("createtime") / 1000
messageArtifact = transferDbHelper.addMessage( messageArtifact = transferDbHelper.addMessage(
"Zapya Message", self._MESSAGE_TYPE,
direction, direction,
fromAddress, fromAddress,
toAddress, toAddress,
timeStamp, timeStamp,
MessageReadStatus.UNKNOWN, MessageReadStatus.UNKNOWN,
None, None, # subject
msgBody, msgBody,
"" ) None ) # thread id
# TBD: add the file as attachment ?? # TBD: add the file as attachment ??
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for transfer", ex) self._logger.log(Level.WARNING, "Error processing query result for transfer", ex)
except (TskCoreException, BlackboardException) as ex: self._logger.log(Level.WARNING, traceback.format_exc())
self._logger.log(Level.WARNING, "Failed to create Zapya message artifacts.", ex) except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create Zapya message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally: finally:
transferDb.close() transferDb.close()