mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

5604: CommunicationArtifactsHelper changes

Browse Source 
- get rid Account.Address
 - handle required attribute arguments.
This commit is contained in:
Raman Arora 2019-10-01 14:37:08 -04:00
parent 5ede580ee0
commit a0770b0b4d
7 changed files with 100 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
InternalPythonModules/android/fbmessenger.py
View File

@ -20,6 +20,7 @@ limitations under the License.
from java.io import File
from java.lang import Class
from java.lang import ClassNotFoundException
from java.lang import IllegalArgumentException
from java.lang import Long
from java.lang import String
from java.sql import ResultSet
@ -105,7 +106,7 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
self._MESSAGE_TYPE = "Facebook Messenger"
self._VERSION = "239.0.0.41" ## FB version number. Did not find independent version number in FB Messenger
self.selfAccountAddress = None
self.selfAccountId = None
self.current_case = None
## Analyze contacts
@ -121,13 +122,13 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
## The device owner's FB account details can be found in the contacts table in a row with added_time_ms of 0.
selfAccountResultSet = contactsDb.runQuery("SELECT fbid, display_name FROM contacts WHERE added_time_ms = 0")
if selfAccountResultSet:
if not self.selfAccountAddress:
self.selfAccountAddress = Account.Address(selfAccountResultSet.getString("fbid"), selfAccountResultSet.getString("display_name"))
if not self.selfAccountId:
self.selfAccountId = selfAccountResultSet.getString("fbid")
if self.selfAccountAddress is not None:
if self.selfAccountId is not None:
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, contactsDb.getDBFile(),
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountAddress )
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
else:
contactsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, contactsDb.getDBFile(),
@ -138,14 +139,15 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
if contactsResultSet is not None:
while contactsResultSet.next():
fbid = contactsResultSet.getString("fbid")
contactAddress = Account.Address(contactsResultSet.getString("fbid"), contactsResultSet.getString("display_name"))
contactName = contactsResultSet.getString("display_name")
dateCreated = contactsResultSet.getLong("added_time_ms") / 1000
## create additional attributes for contact.
additionalAttributes = ArrayList();
additionalAttributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID, self._MODULE_NAME, fbid))
additionalAttributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED, self._MODULE_NAME, dateCreated))
contactsDBHelper.addContact( contactAddress, ## contact account
contactsDBHelper.addContact( contactName, ## contact name
"", ## phone
"", ## home phone
"", ## mobile
@ -156,8 +158,11 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.WARNING, "Error processing query result for account", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to add Facebook Messenger contact artifacts.", ex)
self._logger.log(Level.SEVERE, "Failed to add FB Messenger contact artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except IllegalArgumentException as ex:
self._logger.log(Level.WARNING, "Invalid arguments for FB Messenger contact artifact.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
@ -167,24 +172,23 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
## Adds a recipient to given list
def addRecipientToList(self, user_key, name, fromAddress, recipientList):
def addRecipientToList(self, user_key, fromId, recipientList):
if user_key is not None:
recipientId = user_key.replace('FACEBOOK:', '')
toAddress = Account.Address(recipientId, name)
# ensure sender, if known, isn't added to recipientList.
if (fromAddress and fromAddress.getUniqueID() != toAddress.getUniqueID()) or (not fromAddress) :
if (fromId and (fromId != recipientId)) or (not fromId) :
# add recipient to list
recipientList.append(toAddress)
recipientList.append(recipientId)
## Analyze messages
def analyzeMessages(self, dataSource, fileManager, context):
threadsDbs = AppSQLiteDB.findAppDatabases(dataSource, "threads_db2", True, self._FB_MESSENGER_PACKAGE_NAME)
for threadsDb in threadsDbs:
try:
if self.selfAccountAddress is not None:
if self.selfAccountId is not None:
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, threadsDb.getDBFile(),
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountAddress )
Account.Type.FACEBOOK, Account.Type.FACEBOOK, self.selfAccountId )
else:
threadsDBHelper = CommunicationArtifactsHelper(self.current_case.getSleuthkitCase(),
self._MODULE_NAME, threadsDb.getDBFile(),
@ -210,8 +214,8 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
oldMsgId = None
direction = CommunicationDirection.UNKNOWN
fromAddress = None
recipientAddressList = None
fromId = None
recipientIdsList = None
timeStamp = -1
msgText = ""
threadId = ""
@ -226,8 +230,8 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
messageArtifact = threadsDBHelper.addMessage(
self._MESSAGE_TYPE,
direction,
fromAddress,
recipientAddressList,
fromId,
recipientIdsList,
timeStamp,
MessageReadStatus.UNKNOWN,
"", # subject
@ -237,25 +241,25 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
oldMsgId = msgId
# New message - collect all attributes
recipientAddressList = []
recipientIdsList = []
## get sender address by parsing JSON in sender column
## get sender id by parsing JSON in sender column
senderJsonStr = messagesResultSet.getString("sender")
if senderJsonStr is not None:
sender_dict = json.loads(senderJsonStr)
senderId = sender_dict['user_key']
senderId = senderId.replace('FACEBOOK:', '')
senderName = sender_dict['name']
fromAddress = Account.Address(senderId, senderName)
if senderId == self.selfAccountAddress.getUniqueID():
fromId = senderId
if senderId == self.selfAccountId:
direction = CommunicationDirection.OUTGOING
else:
direction = CommunicationDirection.INCOMING
# Get recipient and add to list
self.addRecipientToList(messagesResultSet.getString("user_key"), messagesResultSet.getString("name"),
fromAddress, recipientAddressList)
self.addRecipientToList(messagesResultSet.getString("user_key"),
fromId, recipientIdsList)
timeStamp = messagesResultSet.getLong("timestamp_ms") / 1000
@ -271,16 +275,16 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
threadId = messagesResultSet.getString("thread_key")
else: # same msgId as last, just collect recipient from current row
self.addRecipientToList(messagesResultSet.getString("user_key"), messagesResultSet.getString("name"),
fromAddress, recipientAddressList)
self.addRecipientToList(messagesResultSet.getString("user_key"),
fromId, recipientIdsList)
# at the end of the loop, add last message
messageArtifact = threadsDBHelper.addMessage(
self._MESSAGE_TYPE,
direction,
fromAddress,
recipientAddressList,
fromId,
recipientIdsList,
timeStamp,
MessageReadStatus.UNKNOWN,
"", # subject
@ -293,6 +297,9 @@ class FBMessengerAnalyzer(general.AndroidComponentAnalyzer):
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to add FB Messenger message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except IllegalArgumentException as ex:
self._logger.log(Level.WARNING, "Invalid arguments for FB Messenger message artifact.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())

42
InternalPythonModules/android/imo.py
View File

@ -20,6 +20,7 @@ limitations under the License.
from java.io import File
from java.lang import Class
from java.lang import ClassNotFoundException
from java.lang import IllegalArgumentException
from java.lang import Long
from java.lang import String
from java.sql import ResultSet
@ -77,7 +78,7 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
self._VERSION = "9.8.0"
def analyze(self, dataSource, fileManager, context):
selfAccountAddress = None
selfAccountId = None
accountDbs = AppSQLiteDB.findAppDatabases(dataSource, "accountdb.db", True, self._PACKAGE_NAME)
for accountDb in accountDbs:
try:
@ -86,8 +87,8 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
# We can determine the IMO user ID of the device owner.
# Therefore we can create and use a app account and use that
# as a 'self' account instead of a Device account
if not selfAccountAddress:
selfAccountAddress = Account.Address(accountResultSet.getString("uid"), accountResultSet.getString("name"))
if not selfAccountId:
selfAccountId = accountResultSet.getString("uid")
except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for account", ex)
@ -99,26 +100,32 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
for friendsDb in friendsDbs:
try:
current_case = Case.getCurrentCaseThrows()
if selfAccountAddress is not None:
if selfAccountId is not None:
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
friendsDb.getDBFile(),
Account.Type.IMO, Account.Type.IMO, selfAccountAddress )
Account.Type.IMO, Account.Type.IMO, selfAccountId )
else:
friendsDBHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._PARSER_NAME,
friendsDb.getDBFile(),
Account.Type.IMO
)
Account.Type.IMO )
contactsResultSet = friendsDb.runQuery("SELECT buid, name FROM friends")
if contactsResultSet is not None:
while contactsResultSet.next():
contactAddress = Account.Address(contactsResultSet.getString("buid"), contactsResultSet.getString("name"))
friendsDBHelper.addContact( contactAddress, ## contact address
contactId = contactsResultSet.getString("buid")
## add a TSK_ID attribute with contact's IMO Id
additionalAttributes = ArrayList()
additionalAttributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ID, self._PARSER_NAME, contactId))
friendsDBHelper.addContact( contactsResultSet.getString("name"), ## contact name
"", ## phone
"", ## home phone
"", ## mobile
"") ## email
"", ## email
additionalAttributes)
queryString = """
SELECT messages.buid AS buid, imdata, last_message, timestamp, message_type, message_read, name
FROM messages
@ -128,17 +135,17 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
if messagesResultSet is not None:
while messagesResultSet.next():
direction = ""
fromAddress = None
toAddress = None
fromId = None
toId = None
name = messagesResultSet.getString("name")
uniqueId = messagesResultSet.getString("buid")
if (messagesResultSet.getInt("message_type") == 1):
direction = CommunicationDirection.INCOMING
fromAddress = Account.Address(uniqueId, name)
fromId = uniqueId
else:
direction = CommunicationDirection.OUTGOING
toAddress = Account.Address(uniqueId, name)
toId = uniqueId
message_read = messagesResultSet.getInt("message_read")
@ -155,8 +162,8 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
messageArtifact = friendsDBHelper.addMessage(
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
fromId,
toId,
timeStamp,
msgReadStatus,
"", # subject
@ -173,6 +180,9 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to add IMO message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except IllegalArgumentException as ex:
self._logger.log(Level.WARNING, "Invalid arguments for IMO artifact.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())

4
InternalPythonModules/android/operabrowser.py
View File

@ -155,9 +155,9 @@ class OperaAnalyzer(general.AndroidComponentAnalyzer):
if downloadsResultSet is not None:
while downloadsResultSet.next():
startTime = historyResultSet.getLong("start_time") / 1000000 - 11644473600 #Webkit time format
downloadsDbHelper.addWebDownload( downloadsResultSet.getString("target_path"),
downloadsDbHelper.addWebDownload( downloadsResultSet.getString("url"),
startTime,
downloadsResultSet.getString("url"),
downloadsResultSet.getString("target_path"),
self._PROGRAM_NAME)
except SQLException as ex:

4
InternalPythonModules/android/sbrowser.py
View File

@ -181,9 +181,9 @@ class SBrowserAnalyzer(general.AndroidComponentAnalyzer):
if downloadsResultSet is not None:
while downloadsResultSet.next():
startTime = historyResultSet.getLong("start_time") / 1000000 - 11644473600 # Webkit time
downloadsDbHelper.addWebDownload( downloadsResultSet.getString("target_path"),
downloadsDbHelper.addWebDownload( downloadsResultSet.getString("url"),
startTime,
downloadsResultSet.getString("url"),
downloadsResultSet.getString("target_path"),
self._PROGRAM_NAME)
except SQLException as ex:

16
InternalPythonModules/android/shareit.py
View File

@ -20,6 +20,7 @@ limitations under the License.
from java.io import File
from java.lang import Class
from java.lang import ClassNotFoundException
from java.lang import IllegalArgumentException
from java.lang import Long
from java.lang import String
from java.sql import ResultSet
@ -94,15 +95,15 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
if historyResultSet is not None:
while historyResultSet.next():
direction = ""
fromAddress = None
toAddress = None
fromId = None
toId = None
if (historyResultSet.getInt("history_type") == 1):
direction = CommunicationDirection.INCOMING
fromAddress = Account.Address(historyResultSet.getString("device_id"), historyResultSet.getString("device_name") )
fromId = historyResultSet.getString("device_id")
else:
direction = CommunicationDirection.OUTGOING
toAddress = Account.Address(historyResultSet.getString("device_id"), historyResultSet.getString("device_name") )
toId = historyResultSet.getString("device_id")
msgBody = "" # there is no body.
attachments = [historyResultSet.getString("file_path")]
@ -112,8 +113,8 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
messageArtifact = historyDbHelper.addMessage(
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
fromId,
toId,
timeStamp,
MessageReadStatus.UNKNOWN,
None, # subject
@ -128,6 +129,9 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create ShareIt message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except IllegalArgumentException as ex:
self._logger.log(Level.WARNING, "Invalid arguments for ShareIt message artifact.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())

26
InternalPythonModules/android/xender.py
View File

@ -20,6 +20,7 @@ limitations under the License.
from java.io import File
from java.lang import Class
from java.lang import ClassNotFoundException
from java.lang import IllegalArgumentException
from java.lang import Long
from java.lang import String
from java.sql import ResultSet
@ -74,7 +75,7 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
def analyze(self, dataSource, fileManager, context):
selfAccountAddress = None
selfAccountId = None
transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, self._PACKAGE_NAME)
for transactionDb in transactionDbs:
try:
@ -83,13 +84,13 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0")
if profilesResultSet:
while profilesResultSet.next():
if not selfAccountAddress:
selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name"))
if not selfAccountId:
selfAccountId = profilesResultSet.getString("device_id")
# create artifacts helper
if selfAccountAddress is not None:
if selfAccountId is not None:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress )
Account.Type.XENDER, Account.Type.XENDER, selfAccountId )
else:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
@ -104,15 +105,15 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
if messagesResultSet is not None:
while messagesResultSet.next():
direction = CommunicationDirection.UNKNOWN
fromAddress = None
toAdddress = None
fromId = None
toId = None
if (messagesResultSet.getInt("c_direction") == 1):
direction = CommunicationDirection.OUTGOING
toAddress = Account.Address(messagesResultSet.getString("r_device_id"), messagesResultSet.getString("r_name"))
toId = messagesResultSet.getString("r_device_id")
else:
direction = CommunicationDirection.INCOMING
fromAddress = Account.Address(messagesResultSet.getString("s_device_id"), messagesResultSet.getString("s_name"))
fromId = messagesResultSet.getString("s_device_id")
msgBody = "" # there is no body.
attachments = [messagesResultSet.getString("f_path")]
@ -122,8 +123,8 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
messageArtifact = transactionDbHelper.addMessage(
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
fromId,
toId,
timeStamp,
MessageReadStatus.UNKNOWN,
None, # subject
@ -138,6 +139,9 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create Xender message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except IllegalArgumentException as ex:
self._logger.log(Level.WARNING, "Invalid arguments for Xender message artifact.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())

16
InternalPythonModules/android/zapya.py
View File

@ -20,6 +20,7 @@ limitations under the License.
from java.io import File
from java.lang import Class
from java.lang import ClassNotFoundException
from java.lang import IllegalArgumentException
from java.lang import Long
from java.lang import String
from java.sql import ResultSet
@ -86,15 +87,15 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
if transfersResultSet is not None:
while transfersResultSet.next():
direction = CommunicationDirection.UNKNOWN
fromAddress = None
toAddress = None
fromId = None
toId = None
if (transfersResultSet.getInt("direction") == 1):
direction = CommunicationDirection.OUTGOING
toAddress = Account.Address(transfersResultSet.getString("device"), transfersResultSet.getString("name") )
toId = transfersResultSet.getString("device")
else:
direction = CommunicationDirection.INCOMING
fromAddress = Account.Address(transfersResultSet.getString("device"), transfersResultSet.getString("name") )
fromId = transfersResultSet.getString("device")
msgBody = "" # there is no body.
attachments = [transfersResultSet.getString("path")]
@ -104,8 +105,8 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
messageArtifact = transferDbHelper.addMessage(
self._MESSAGE_TYPE,
direction,
fromAddress,
toAddress,
fromId,
toId,
timeStamp,
MessageReadStatus.UNKNOWN,
None, # subject
@ -120,6 +121,9 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
except TskCoreException as ex:
self._logger.log(Level.SEVERE, "Failed to create Zapya message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except IllegalArgumentException as ex:
self._logger.log(Level.WARNING, "Invalid arguments for Zapya message artifact.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())