mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Address review comments.

Browse Source
This commit is contained in:
Raman 2019-09-19 17:44:20 -04:00
parent f2b8b7775e
commit 9f4ef71696
3 changed files with 70 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
InternalPythonModules/android/shareit.py
View File

@ -54,18 +54,20 @@ and adds artifacts to the case.
"""
class ShareItAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "ShareIT Analyzer"
progName = "ShareIt"
def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "com.lenovo.anyshare.gps"
self._MODULE_NAME = "ShareIt Analyzer"
self._MESSAGE_TYPE = "ShareIt Message"
self._VERSION = "5.0.28_ww"
def analyze(self, dataSource, fileManager, context):
historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, "com.lenovo.anyshare.gps")
historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, self._PACKAGE_NAME)
for historyDb in historyDbs:
try:
historyDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(),
self.moduleName, historyDb.getDBFile(),
current_case = Case.getCurrentCaseThrows()
historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile(),
Account.Type.SHAREIT)
queryString = "SELECT history_type, device_id, device_name, description, timestamp, import_path FROM history"
@ -89,7 +91,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = historyResultSet.getLong("timestamp") / 1000
messageArtifact = transferDbHelper.addMessage(
"ShareIt Message",
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
@ -97,14 +99,22 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
MessageReadStatus.UNKNOWN,
None, # subject
msgBody,
"" )
None ) # thread id
# TBD: add the file as attachment ??
except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for ShareIt history.", ex)
except (TskCoreException, BlackboardException) as ex:
self._logger.log(Level.WARNING, "Failed to create ShareIt message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create ShareIt message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally:
historyDb.close()

38
InternalPythonModules/android/xender.py
View File

@ -53,27 +53,35 @@ and adds artifacts to the case.
"""
class XenderAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "Xender Analyzer"
progName = "Xender"
def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "cn.xender"
self._MODULE_NAME = "Xender Analyzer"
self._MESSAGE_TYPE = "Xender Message"
self._VERSION = "4.6.5"
def analyze(self, dataSource, fileManager, context):
selfAccountAddress = None
transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, "cn.xender")
transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, self._PACKAGE_NAME)
for transactionDb in transactionDbs:
try:
current_case = Case.getCurrentCaseThrows()
# get the profile with connection_times 0, that's the self account.
profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0")
if profilesResultSet:
while profilesResultSet.next():
if not selfAccountAddress:
selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name"))
transactionDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(),
self.moduleName, transactionDb.getDBFile(),
# create artifacts helper
if selfAccountAddress is not None:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress )
else:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER)
queryString = "SELECT f_path, f_display_name, f_size_str, f_create_time, c_direction, c_session_id, s_name, s_device_id, r_name, r_device_id FROM new_history "
messagesResultSet = transactionDb.runQuery(queryString)
@ -96,13 +104,13 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = messagesResultSet.getLong("f_create_time") / 1000
messageArtifact = transactionDbHelper.addMessage(
"Xender Message",
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
timeStamp,
MessageReadStatus.UNKNOWN,
None,
None, # subject
msgBody,
messagesResultSet.getString("c_session_id") )
@ -110,8 +118,16 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for profiles", ex)
except (TskCoreException, BlackboardException) as ex:
self._logger.log(Level.WARNING, "Failed to create Xender message artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create Xender message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally:
transactionDb.close()

34
InternalPythonModules/android/zapya.py
View File

@ -54,18 +54,21 @@ and adds artifacts to the case.
"""
class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "Zapya Analyzer"
progName = "Zapya"
def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "com.dewmobile.kuaiya.play"
self._MODULE_NAME = "Zapya Analyzer"
self._MESSAGE_TYPE = "Zapya Message"
self._VERSION = "5.8.3"
def analyze(self, dataSource, fileManager, context):
transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, "com.dewmobile.kuaiya.play")
transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, self._PACKAGE_NAME)
for transferDb in transferDbs:
try:
transferDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(),
self.moduleName, transferDb.getDBFile(),
current_case = Case.getCurrentCaseThrows()
#
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transferDb.getDBFile(),
Account.Type.ZAPYA)
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
@ -89,23 +92,30 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = transfersResultSet.getLong("createtime") / 1000
messageArtifact = transferDbHelper.addMessage(
"Zapya Message",
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
timeStamp,
MessageReadStatus.UNKNOWN,
None,
None, # subject
msgBody,
"" )
None ) # thread id
# TBD: add the file as attachment ??
except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for transfer", ex)
except (TskCoreException, BlackboardException) as ex:
self._logger.log(Level.WARNING, "Failed to create Zapya message artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create Zapya message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally:
transferDb.close()