mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-15 09:17:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #3311 from raman-bt/develop

Browse Source 
916: Device Accounts should be created one per file instead of on…
This commit is contained in:
Richard Cordovano 2017-12-13 09:03:40 -05:00 committed by GitHub
commit bd62377c84
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 46 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
InternalPythonModules/android/calllog.py
View File

@ -87,13 +87,7 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
def analyze(self, dataSource, fileManager, context):
try:
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
global deviceAccountInstance
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
absFiles = fileManager.findFiles(dataSource, "logs.db")
absFiles.addAll(fileManager.findFiles(dataSource, "contacts.db"))
@ -102,7 +96,7 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
try:
file = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, file, context.dataSourceIngestIsCancelled)
self.__findCallLogsInDB(file.toString(), abstractFile)
self.__findCallLogsInDB(file.toString(), abstractFile, dataSource)
except IOException as ex:
self._logger.log(Level.SEVERE, "Error writing temporary call log db to disk", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -110,15 +104,21 @@ class CallLogAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, "Error finding call logs", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
def __findCallLogsInDB(self, databasePath, abstractFile):
def __findCallLogsInDB(self, databasePath, abstractFile, dataSource):
if not databasePath:
return
bbartifacts = list()
try:
connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
statement = connection.createStatement()
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
for tableName in CallLogAnalyzer._tableNames:
try:

22
InternalPythonModules/android/contact.py
View File

@ -48,8 +48,6 @@ from org.sleuthkit.datamodel import Relationship
import traceback
import general
deviceAccountInstance = None
"""
Locates a variety of different contacts databases, parses them, and populates the blackboard.
"""
@ -61,14 +59,6 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
def analyze(self, dataSource, fileManager, context):
try:
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
global deviceAccountInstance
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance (Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
absFiles = fileManager.findFiles(dataSource, "contacts.db")
absFiles.addAll(fileManager.findFiles(dataSource, "contacts2.db"))
if absFiles.isEmpty():
@ -77,7 +67,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
try:
jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
self.__findContactsInDB(str(jFile.toString()), abstractFile)
self.__findContactsInDB(str(jFile.toString()), abstractFile, dataSource)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -89,7 +79,7 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
Will create artifact from a database given by the path
The fileId will be the abstract file associated with the artifacts
"""
def __findContactsInDB(self, databasePath, abstractFile):
def __findContactsInDB(self, databasePath, abstractFile, dataSource):
if not databasePath:
return
@ -103,6 +93,14 @@ class ContactAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, traceback.format_exc())
return
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance (Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
try:
# get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
# sorted by name, so phonenumber/email would be consecutive for a person if they exist.

19
InternalPythonModules/android/tangomessage.py
View File

@ -47,8 +47,6 @@ from org.sleuthkit.datamodel import Account
import traceback
import general
deviceAccountInstance = None
"""
Locates database for the Tango app and adds info to blackboard.
"""
@ -59,20 +57,13 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
def analyze(self, dataSource, fileManager, context):
try:
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
global deviceAccountInstance
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
absFiles = fileManager.findFiles(dataSource, "tc.db")
for abstractFile in absFiles:
try:
jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
self.__findTangoMessagesInDB(jFile.toString(), abstractFile)
self.__findTangoMessagesInDB(jFile.toString(), abstractFile, dataSource)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -80,7 +71,7 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, "Error finding Tango messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
def __findTangoMessagesInDB(self, databasePath, abstractFile):
def __findTangoMessagesInDB(self, databasePath, abstractFile, dataSource):
if not databasePath:
return
@ -93,6 +84,12 @@ class TangoMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, traceback.format_exc())
return
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
try:
resultSet = statement.executeQuery(
"SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")

18
InternalPythonModules/android/textmessage.py
View File

@ -49,7 +49,6 @@ from org.sleuthkit.datamodel import Relationship
import traceback
import general
deviceAccountInstance = None
"""
Finds database with SMS/MMS messages and adds them to blackboard.
@ -62,20 +61,13 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
def analyze(self, dataSource, fileManager, context):
try:
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
global deviceAccountInstance
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
absFiles = fileManager.findFiles(dataSource, "mmssms.db")
for abstractFile in absFiles:
try:
jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
self.__findTextsInDB(jFile.toString(), abstractFile)
self.__findTextsInDB(jFile.toString(), abstractFile, dataSource)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing text messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -83,7 +75,7 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, "Error finding text messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
def __findTextsInDB(self, databasePath, abstractFile):
def __findTextsInDB(self, databasePath, abstractFile, dataSource):
if not databasePath:
return
@ -97,6 +89,12 @@ class TextMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, traceback.format_exc())
return
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
try:
resultSet = statement.executeQuery(
"SELECT address, date, read, type, subject, body FROM sms;")

20
InternalPythonModules/android/wwfmessage.py
View File

@ -46,7 +46,7 @@ import traceback
import general
wwfAccountType = None
deviceAccountInstance = None
"""
Analyzes messages from Words With Friends
@ -62,20 +62,12 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
global wwfAccountType
wwfAccountType = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().addAccountType("WWF", "Words with Friends")
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
global deviceAccountInstance
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
absFiles = fileManager.findFiles(dataSource, "WordsFramework")
for abstractFile in absFiles:
try:
jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
self.__findWWFMessagesInDB(jFile.toString(), abstractFile)
self.__findWWFMessagesInDB(jFile.toString(), abstractFile, dataSource)
except Exception as ex:
self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
@ -83,7 +75,7 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, "Error finding WWF messages", ex)
self._logger.log(Level.SEVERE, traceback.format_exc())
def __findWWFMessagesInDB(self, databasePath, abstractFile):
def __findWWFMessagesInDB(self, databasePath, abstractFile, dataSource):
if not databasePath:
return
@ -96,6 +88,12 @@ class WWFMessageAnalyzer(general.AndroidComponentAnalyzer):
self._logger.log(Level.SEVERE, traceback.format_exc())
return
# Create a 'Device' account using the data source device id
datasourceObjId = dataSource.getDataSource().getId()
ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
deviceID = ds.getDeviceId()
deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
try:
resultSet = statement.executeQuery(
"SELECT message, strftime('%s' ,created_at) as datetime, user_id, game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;")