diff --git a/InternalPythonModules/android/calllog.py b/InternalPythonModules/android/calllog.py index 7ea3fd85df..731c5f1cad 100755 --- a/InternalPythonModules/android/calllog.py +++ b/InternalPythonModules/android/calllog.py @@ -87,13 +87,7 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer): def analyze(self, dataSource, fileManager, context): try: - # Create a 'Device' account using the data source device id - datasourceObjId = dataSource.getDataSource().getId() - ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) - deviceID = ds.getDeviceId() - - global deviceAccountInstance - deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource) + absFiles = fileManager.findFiles(dataSource, "logs.db") absFiles.addAll(fileManager.findFiles(dataSource, "contacts.db")) @@ -102,7 +96,7 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer): try: file = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, file, context.dataSourceIngestIsCancelled) - self.__findCallLogsInDB(file.toString(), abstractFile) + self.__findCallLogsInDB(file.toString(), abstractFile, dataSource) except IOException as ex: self._logger.log(Level.SEVERE, "Error writing temporary call log db to disk", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -110,15 +104,21 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, "Error finding call logs", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) - def __findCallLogsInDB(self, databasePath, abstractFile): + def __findCallLogsInDB(self, databasePath, abstractFile, dataSource): if not databasePath: return + bbartifacts = list() try: connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath) statement = connection.createStatement() + # Create a 'Device' account using the data source device id + datasourceObjId = dataSource.getDataSource().getId() + ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) + deviceID = ds.getDeviceId() + deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile) for tableName in CallLogAnalyzer._tableNames: try: diff --git a/InternalPythonModules/android/contact.py b/InternalPythonModules/android/contact.py index 2a4af06859..1d556607e0 100755 --- a/InternalPythonModules/android/contact.py +++ b/InternalPythonModules/android/contact.py @@ -48,8 +48,6 @@ from org.sleuthkit.datamodel import Relationship import traceback import general -deviceAccountInstance = None - """ Locates a variety of different contacts databases, parses them, and populates the blackboard. """ @@ -61,14 +59,6 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): def analyze(self, dataSource, fileManager, context): try: - # Create a 'Device' account using the data source device id - datasourceObjId = dataSource.getDataSource().getId() - ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) - deviceID = ds.getDeviceId() - - global deviceAccountInstance - deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance (Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource) - absFiles = fileManager.findFiles(dataSource, "contacts.db") absFiles.addAll(fileManager.findFiles(dataSource, "contacts2.db")) if absFiles.isEmpty(): @@ -77,7 +67,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): try: jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findContactsInDB(str(jFile.toString()), abstractFile) + self.__findContactsInDB(str(jFile.toString()), abstractFile, dataSource) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Contacts", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -89,7 +79,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): Will create artifact from a database given by the path The fileId will be the abstract file associated with the artifacts """ - def __findContactsInDB(self, databasePath, abstractFile): + def __findContactsInDB(self, databasePath, abstractFile, dataSource): if not databasePath: return @@ -103,6 +93,14 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) return + + # Create a 'Device' account using the data source device id + datasourceObjId = dataSource.getDataSource().getId() + ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) + deviceID = ds.getDeviceId() + + deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance (Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile) + try: # get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype) # sorted by name, so phonenumber/email would be consecutive for a person if they exist. diff --git a/InternalPythonModules/android/tangomessage.py b/InternalPythonModules/android/tangomessage.py index c63f87a6af..f3a78201bd 100755 --- a/InternalPythonModules/android/tangomessage.py +++ b/InternalPythonModules/android/tangomessage.py @@ -47,8 +47,6 @@ from org.sleuthkit.datamodel import Account import traceback import general -deviceAccountInstance = None - """ Locates database for the Tango app and adds info to blackboard. """ @@ -59,20 +57,13 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): def analyze(self, dataSource, fileManager, context): try: - # Create a 'Device' account using the data source device id - datasourceObjId = dataSource.getDataSource().getId() - ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) - deviceID = ds.getDeviceId() - - global deviceAccountInstance - deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource) - + absFiles = fileManager.findFiles(dataSource, "tc.db") for abstractFile in absFiles: try: jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findTangoMessagesInDB(jFile.toString(), abstractFile) + self.__findTangoMessagesInDB(jFile.toString(), abstractFile, dataSource) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -80,7 +71,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, "Error finding Tango messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) - def __findTangoMessagesInDB(self, databasePath, abstractFile): + def __findTangoMessagesInDB(self, databasePath, abstractFile, dataSource): if not databasePath: return @@ -93,6 +84,12 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) return + # Create a 'Device' account using the data source device id + datasourceObjId = dataSource.getDataSource().getId() + ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) + deviceID = ds.getDeviceId() + deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile) + try: resultSet = statement.executeQuery( "SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;") diff --git a/InternalPythonModules/android/textmessage.py b/InternalPythonModules/android/textmessage.py index ccf7456728..8874c7aef5 100755 --- a/InternalPythonModules/android/textmessage.py +++ b/InternalPythonModules/android/textmessage.py @@ -49,7 +49,6 @@ from org.sleuthkit.datamodel import Relationship import traceback import general -deviceAccountInstance = None """ Finds database with SMS/MMS messages and adds them to blackboard. @@ -62,20 +61,13 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): def analyze(self, dataSource, fileManager, context): try: - # Create a 'Device' account using the data source device id - datasourceObjId = dataSource.getDataSource().getId() - ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) - deviceID = ds.getDeviceId() - - global deviceAccountInstance - deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource) - + absFiles = fileManager.findFiles(dataSource, "mmssms.db") for abstractFile in absFiles: try: jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findTextsInDB(jFile.toString(), abstractFile) + self.__findTextsInDB(jFile.toString(), abstractFile, dataSource) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing text messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -83,7 +75,7 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, "Error finding text messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) - def __findTextsInDB(self, databasePath, abstractFile): + def __findTextsInDB(self, databasePath, abstractFile, dataSource): if not databasePath: return @@ -97,6 +89,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) return + # Create a 'Device' account using the data source device id + datasourceObjId = dataSource.getDataSource().getId() + ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) + deviceID = ds.getDeviceId() + deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile) + try: resultSet = statement.executeQuery( "SELECT address, date, read, type, subject, body FROM sms;") diff --git a/InternalPythonModules/android/wwfmessage.py b/InternalPythonModules/android/wwfmessage.py index f2e1a8b067..5deefc79a5 100755 --- a/InternalPythonModules/android/wwfmessage.py +++ b/InternalPythonModules/android/wwfmessage.py @@ -46,7 +46,7 @@ import traceback import general wwfAccountType = None -deviceAccountInstance = None + """ Analyzes messages from Words With Friends @@ -62,20 +62,12 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): global wwfAccountType wwfAccountType = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().addAccountType("WWF", "Words with Friends") - # Create a 'Device' account using the data source device id - datasourceObjId = dataSource.getDataSource().getId() - ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) - deviceID = ds.getDeviceId() - - global deviceAccountInstance - deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource) - absFiles = fileManager.findFiles(dataSource, "WordsFramework") for abstractFile in absFiles: try: jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName()) ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled) - self.__findWWFMessagesInDB(jFile.toString(), abstractFile) + self.__findWWFMessagesInDB(jFile.toString(), abstractFile, dataSource) except Exception as ex: self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) @@ -83,7 +75,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, "Error finding WWF messages", ex) self._logger.log(Level.SEVERE, traceback.format_exc()) - def __findWWFMessagesInDB(self, databasePath, abstractFile): + def __findWWFMessagesInDB(self, databasePath, abstractFile, dataSource): if not databasePath: return @@ -96,6 +88,12 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) return + # Create a 'Device' account using the data source device id + datasourceObjId = dataSource.getDataSource().getId() + ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId) + deviceID = ds.getDeviceId() + deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile) + try: resultSet = statement.executeQuery( "SELECT message, strftime('%s' ,created_at) as datetime, user_id, game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;")