diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java index 303942ef59..df07fe90bc 100644 --- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java +++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java @@ -281,45 +281,17 @@ public class BlackboardArtifactNode extends DisplayableItemNode { || attributeTypeID == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID() || attributeTypeID == ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT.getTypeID() || attributeTypeID == ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID()) { + } else if (attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_RCVD.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_SENT.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID() + || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID()) { + map.put(attribute.getAttributeTypeDisplayName(), ContentUtils.getStringTime(attribute.getValueLong(), associated)); } else { - // BC: This should all be moved to the Attribute class... - switch (attribute.getValueType()) { - case STRING: - String valString = attribute.getValueString(); - map.put(attribute.getAttributeTypeDisplayName(), valString == null ? "":valString); - break; - case INTEGER: - if (attributeTypeID == ATTRIBUTE_TYPE.TSK_READ_STATUS.getTypeID()) { - if (attribute.getValueInt() == 0) { - map.put(attribute.getAttributeTypeDisplayName(), "Unread"); - } else { - map.put(attribute.getAttributeTypeDisplayName(), "Read"); - } - } else { - map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueInt()); - } - break; - case LONG: - if (attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_CREATED.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_RCVD.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_SENT.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID() - || attributeTypeID == ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID() ) { - map.put(attribute.getAttributeTypeDisplayName(), ContentUtils.getStringTime(attribute.getValueLong(), associated)); - } else { - map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueLong()); - } - break; - case DOUBLE: - map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueDouble()); - break; - case BYTE: - map.put(attribute.getAttributeTypeDisplayName(), attribute.getValueBytes()); - break; - } + map.put(attribute.getAttributeTypeDisplayName(), attribute.getDisplayString()); } } } catch (TskException ex) { diff --git a/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java b/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java index 9947e494b0..627c64f327 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java +++ b/Core/src/org/sleuthkit/autopsy/modules/android/TextMessageAnalyzer.java @@ -89,19 +89,21 @@ class TextMessageAnalyzer { while (resultSet.next()) { address = resultSet.getString("address"); Long date = Long.valueOf(resultSet.getString("date")) / 1000; - if (resultSet.getString("type").equals("1")) { - direction = "Incoming"; - } else { - direction = "Outgoing"; - } + read = resultSet.getInt("read"); subject = resultSet.getString("subject"); body = resultSet.getString("body"); BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set. - bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address)); + if (resultSet.getString("type").equals("1")) { + bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, "Incoming")); + bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, address)); + } else { + bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, "Outgoing")); + bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, address)); + } bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date)); - bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction)); + bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_READ_STATUS.getTypeID(), moduleName, read)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body)); diff --git a/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java b/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java index c2881dedab..3cf2e6ba91 100755 --- a/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java +++ b/Core/src/org/sleuthkit/autopsy/modules/iOS/TextMessageAnalyzer.java @@ -103,6 +103,8 @@ class TextMessageAnalyzer { body = resultSet.getString("body"); bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set. + + // @@@ NEed to put into more specific TO or FROM bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date)); bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type)); diff --git a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties index 99c0582b9f..1782170bc7 100644 --- a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties +++ b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties @@ -129,6 +129,7 @@ ReportGenerator.artTableColHdr.phoneNumMobile=Phone Number (Mobile) ReportGenerator.artTableColHdr.email=Email ReportGenerator.artTableColHdr.msgType=Message Type ReportGenerator.artTableColHdr.direction=Direction +ReportGenerator.artTableColHdr.readStatus=Read Status ReportGenerator.artTableColHdr.fromPhoneNum=From Phone Number ReportGenerator.artTableColHdr.fromEmail=From Email ReportGenerator.artTableColHdr.toPhoneNum=To Phone Number diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java b/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java index e1090e1adb..4c9628e8f6 100644 --- a/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java +++ b/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java @@ -418,17 +418,16 @@ import org.sleuthkit.datamodel.TskData; } } - // report on the blackboard results makeBlackboardArtifactTables(); - + // report on the tagged files and artifacts makeContentTagsTables(); makeBlackboardArtifactTagsTables(); - + // report on the tagged images makeThumbnailTable(); - + // finish progress, wrap up for (TableReportModule module : tableModules) { tableProgress.get(module).complete(); @@ -1225,6 +1224,7 @@ import org.sleuthkit.datamodel.TskData; columnHeaders = new ArrayList<>(Arrays.asList(new String[] { NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.msgType"), NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.direction"), + NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.readStatus"), NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.dateTime"), NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.fromPhoneNum"), NbBundle.getMessage(this.getClass(), "ReportGenerator.artTableColHdr.fromEmail"), @@ -1384,13 +1384,11 @@ import org.sleuthkit.datamodel.TskData; SimpleDateFormat sdf = new java.text.SimpleDateFormat("yyyy/MM/dd HH:mm:ss"); value = sdf.format(new java.util.Date((tempatt.getValueLong() * 1000))); } - } else if(type.equals(ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID()) || - type.equals(ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE.getTypeID()) || - type.equals(ATTRIBUTE_TYPE.TSK_GEO_ALTITUDE.getTypeID())) { - value = Double.toString(tempatt.getValueDouble()); - } else { - value = tempatt.getValueString(); + } + else { + value = tempatt.getDisplayString(); } + if (value == null) { value = ""; } @@ -1485,6 +1483,11 @@ import org.sleuthkit.datamodel.TskData; if (rowData == null) { try { rowData = getOrderedRowDataAsStrings(); + // replace null values if attribute was not defined + for (int i = 0; i < rowData.size(); i++) { + if (rowData.get(i) == null) + rowData.set(i, ""); + } } catch (TskCoreException ex) { logger.log(Level.WARNING, "Core exception while generating row data for artifact report.", ex); //NON-NLS rowData = Collections.emptyList(); @@ -1495,9 +1498,9 @@ import org.sleuthkit.datamodel.TskData; /** * Get a list of Strings with all the row values for the Artifact in the - * correct order to be written to the report. + * correct order to be written to the report. * - * @return List row values + * @return List row values. Values could be null if attribute is not defined in artifact * @throws TskCoreException */ private List getOrderedRowDataAsStrings() throws TskCoreException { @@ -1567,7 +1570,7 @@ import org.sleuthkit.datamodel.TskData; orderedRowData.add(getFileUniquePath(getObjectID())); break; case TSK_CONTACT: - orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID())); + orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_OFFICE.getTypeID())); @@ -1578,6 +1581,7 @@ import org.sleuthkit.datamodel.TskData; case TSK_MESSAGE: orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID())); + orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_READ_STATUS.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_EMAIL_FROM.getTypeID())); @@ -1588,9 +1592,9 @@ import org.sleuthkit.datamodel.TskData; orderedRowData.add(getFileUniquePath(getObjectID())); break; case TSK_CALLLOG: - orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID())); + orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID())); - orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID())); + orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID())); orderedRowData.add(getFileUniquePath(getObjectID())); break; @@ -1604,7 +1608,7 @@ import org.sleuthkit.datamodel.TskData; break; case TSK_SPEED_DIAL_ENTRY: orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_SHORTCUT.getTypeID())); - orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME_PERSON.getTypeID())); + orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID())); orderedRowData.add(getFileUniquePath(getObjectID())); break;