mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-13 00:16:16 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch '5446-file-transfer-apps' of https://github.com/raman-bt/autopsy into 5419-browsers-maps-apps

Browse Source
This commit is contained in:
Raman 2019-09-19 17:47:06 -04:00
commit ac189e9a4b
4 changed files with 71 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
InternalPythonModules/android/imo.py
View File

@ -138,7 +138,7 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for IMO friends", ex) self._logger.log(Level.WARNING, "Error processing query result for IMO friends", ex)
except (TskCoreException, BlackboardException) as ex: except (TskCoreException, BlackboardException) as ex:
self._logger.log(Level.WARNING, "Failed to message artifacts.", ex) self._logger.log(Level.WARNING, "Failed to create IMO message artifacts.", ex)
finally: finally:
friendsDb.close() friendsDb.close()

29
InternalPythonModules/android/shareit.py
View File

@ -39,6 +39,7 @@ from org.sleuthkit.datamodel import BlackboardArtifact
from org.sleuthkit.datamodel import BlackboardAttribute from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.datamodel import Content from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
@ -53,18 +54,20 @@ and adds artifacts to the case.
""" """
class ShareItAnalyzer(general.AndroidComponentAnalyzer): class ShareItAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "ShareIT Analyzer"
progName = "ShareIt"
def __init__(self): def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__) self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "com.lenovo.anyshare.gps"
self._MODULE_NAME = "ShareIt Analyzer"
self._MESSAGE_TYPE = "ShareIt Message"
self._VERSION = "5.0.28_ww"
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, "com.lenovo.anyshare.gps") historyDbs = AppSQLiteDB.findAppDatabases(dataSource, "history.db", True, self._PACKAGE_NAME)
for historyDb in historyDbs: for historyDb in historyDbs:
try: try:
historyDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), current_case = Case.getCurrentCaseThrows()
self.moduleName, historyDb.getDBFile(), historyDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, historyDb.getDBFile(),
Account.Type.SHAREIT) Account.Type.SHAREIT)
queryString = "SELECT history_type, device_id, device_name, description, timestamp, import_path FROM history" queryString = "SELECT history_type, device_id, device_name, description, timestamp, import_path FROM history"
@ -88,7 +91,7 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = historyResultSet.getLong("timestamp") / 1000 timeStamp = historyResultSet.getLong("timestamp") / 1000
messageArtifact = transferDbHelper.addMessage( messageArtifact = transferDbHelper.addMessage(
"ShareIt Message", self._MESSAGE_TYPE,
direction, direction,
fromAddress, fromAddress,
toAddress, toAddress,
@ -96,14 +99,22 @@ class ShareItAnalyzer(general.AndroidComponentAnalyzer):
MessageReadStatus.UNKNOWN, MessageReadStatus.UNKNOWN,
None, # subject None, # subject
msgBody, msgBody,
"" ) None ) # thread id
# TBD: add the file as attachment ?? # TBD: add the file as attachment ??
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for ShareIt history.", ex) self._logger.log(Level.WARNING, "Error processing query result for ShareIt history.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except TskCoreException as ex: except TskCoreException as ex:
self._logger.log(Level.WARNING, "Failed to create CommunicationArtifactsHelper for adding artifacts.", ex) self._logger.log(Level.SEVERE, "Failed to create ShareIt message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally: finally:
historyDb.close() historyDb.close()

37
InternalPythonModules/android/xender.py
View File

@ -39,6 +39,7 @@ from org.sleuthkit.datamodel import BlackboardArtifact
from org.sleuthkit.datamodel import BlackboardAttribute from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.datamodel import Content from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
@ -52,27 +53,35 @@ and adds artifacts to the case.
""" """
class XenderAnalyzer(general.AndroidComponentAnalyzer): class XenderAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "Xender Analyzer"
progName = "Xender"
def __init__(self): def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__) self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "cn.xender"
self._MODULE_NAME = "Xender Analyzer"
self._MESSAGE_TYPE = "Xender Message"
self._VERSION = "4.6.5"
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
selfAccountAddress = None selfAccountAddress = None
transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, "cn.xender") transactionDbs = AppSQLiteDB.findAppDatabases(dataSource, "trans-history-db", True, self._PACKAGE_NAME)
for transactionDb in transactionDbs: for transactionDb in transactionDbs:
try: try:
current_case = Case.getCurrentCaseThrows()
# get the profile with connection_times 0, that's the self account. # get the profile with connection_times 0, that's the self account.
profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0") profilesResultSet = transactionDb.runQuery("SELECT device_id, nick_name FROM profile WHERE connect_times = 0")
if profilesResultSet: if profilesResultSet:
while profilesResultSet.next(): while profilesResultSet.next():
if not selfAccountAddress: if not selfAccountAddress:
selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name")) selfAccountAddress = Account.Address(profilesResultSet.getString("device_id"), profilesResultSet.getString("nick_name"))
# create artifacts helper
transactionDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), if selfAccountAddress is not None:
self.moduleName, transactionDb.getDBFile(), transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress ) Account.Type.XENDER, Account.Type.XENDER, selfAccountAddress )
else:
transactionDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transactionDb.getDBFile(),
Account.Type.XENDER)
queryString = "SELECT f_path, f_display_name, f_size_str, f_create_time, c_direction, c_session_id, s_name, s_device_id, r_name, r_device_id FROM new_history " queryString = "SELECT f_path, f_display_name, f_size_str, f_create_time, c_direction, c_session_id, s_name, s_device_id, r_name, r_device_id FROM new_history "
messagesResultSet = transactionDb.runQuery(queryString) messagesResultSet = transactionDb.runQuery(queryString)
@ -95,13 +104,13 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = messagesResultSet.getLong("f_create_time") / 1000 timeStamp = messagesResultSet.getLong("f_create_time") / 1000
messageArtifact = transactionDbHelper.addMessage( messageArtifact = transactionDbHelper.addMessage(
"Xender Message", self._MESSAGE_TYPE,
direction, direction,
fromAddress, fromAddress,
toAddress, toAddress,
timeStamp, timeStamp,
MessageReadStatus.UNKNOWN, MessageReadStatus.UNKNOWN,
None, None, # subject
msgBody, msgBody,
messagesResultSet.getString("c_session_id") ) messagesResultSet.getString("c_session_id") )
@ -109,8 +118,16 @@ class XenderAnalyzer(general.AndroidComponentAnalyzer):
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for profiles", ex) self._logger.log(Level.WARNING, "Error processing query result for profiles", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except TskCoreException as ex: except TskCoreException as ex:
self._logger.log(Level.WARNING, "Failed to create CommunicationArtifactsHelper for adding artifacts.", ex) self._logger.log(Level.SEVERE, "Failed to create Xender message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally: finally:
transactionDb.close() transactionDb.close()

33
InternalPythonModules/android/zapya.py
View File

@ -39,6 +39,7 @@ from org.sleuthkit.datamodel import BlackboardArtifact
from org.sleuthkit.datamodel import BlackboardAttribute from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.datamodel import Content from org.sleuthkit.datamodel import Content
from org.sleuthkit.datamodel import TskCoreException from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel import Account from org.sleuthkit.datamodel import Account
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
@ -53,18 +54,21 @@ and adds artifacts to the case.
""" """
class ZapyaAnalyzer(general.AndroidComponentAnalyzer): class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
moduleName = "Zapya Analyzer"
progName = "Zapya"
def __init__(self): def __init__(self):
self._logger = Logger.getLogger(self.__class__.__name__) self._logger = Logger.getLogger(self.__class__.__name__)
self._PACKAGE_NAME = "com.dewmobile.kuaiya.play"
self._MODULE_NAME = "Zapya Analyzer"
self._MESSAGE_TYPE = "Zapya Message"
self._VERSION = "5.8.3"
def analyze(self, dataSource, fileManager, context): def analyze(self, dataSource, fileManager, context):
transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, "com.dewmobile.kuaiya.play") transferDbs = AppSQLiteDB.findAppDatabases(dataSource, "transfer20.db", True, self._PACKAGE_NAME)
for transferDb in transferDbs: for transferDb in transferDbs:
try: try:
transferDbHelper = CommunicationArtifactsHelper(Case.getCurrentCase().getSleuthkitCase(), current_case = Case.getCurrentCaseThrows()
self.moduleName, transferDb.getDBFile(), #
transferDbHelper = CommunicationArtifactsHelper(current_case.getSleuthkitCase(),
self._MODULE_NAME, transferDb.getDBFile(),
Account.Type.ZAPYA) Account.Type.ZAPYA)
queryString = "SELECT device, name, direction, createtime, path, title FROM transfer" queryString = "SELECT device, name, direction, createtime, path, title FROM transfer"
@ -88,23 +92,30 @@ class ZapyaAnalyzer(general.AndroidComponentAnalyzer):
timeStamp = transfersResultSet.getLong("createtime") / 1000 timeStamp = transfersResultSet.getLong("createtime") / 1000
messageArtifact = transferDbHelper.addMessage( messageArtifact = transferDbHelper.addMessage(
"Zapya Message", self._MESSAGE_TYPE,
direction, direction,
fromAddress, fromAddress,
toAddress, toAddress,
timeStamp, timeStamp,
MessageReadStatus.UNKNOWN, MessageReadStatus.UNKNOWN,
None, None, # subject
msgBody, msgBody,
"" ) None ) # thread id
# TBD: add the file as attachment ?? # TBD: add the file as attachment ??
except SQLException as ex: except SQLException as ex:
self._logger.log(Level.WARNING, "Error processing query result for transfer", ex) self._logger.log(Level.WARNING, "Error processing query result for transfer", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except TskCoreException as ex: except TskCoreException as ex:
self._logger.log(Level.WARNING, "Failed to create CommunicationArtifactsHelper for adding artifacts.", ex) self._logger.log(Level.SEVERE, "Failed to create Zapya message artifacts.", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
except BlackboardException as ex:
self._logger.log(Level.WARNING, "Failed to post artifacts.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
except NoCurrentCaseException as ex:
self._logger.log(Level.WARNING, "No case currently open.", ex)
self._logger.log(Level.WARNING, traceback.format_exc())
finally: finally:
transferDb.close() transferDb.close()