mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

updates to xml

Browse Source
This commit is contained in:
Greg DiCristofaro 2023-06-10 20:44:47 -04:00
parent 83c30d5640
commit c30c8aefef
2 changed files with 95 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/aleapp-artifact-attribute-reference.xml
View File

@ -36,6 +36,14 @@
</ArtifactName>
</FileName>
<FileName filename="accounts ce 10.tsv" description="Accounts_ce">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="accounts ce 0">
<AttributeName attributename="TSK_USER_ID" columnName="Name" required="yes" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Type" required="yes" />
<AttributeName attributename="TSK_PASSWORD" columnName="Password" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="authtokens 0.tsv" description="Authtokens">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="Authtokens">
<AttributeName attributename="null" columnName="ID" required="no" />
@ -54,6 +62,14 @@
</ArtifactName>
</FileName>
<FileName filename="accounts de 10.tsv" description="Accounts_de">
<ArtifactName artifactname="TSK_SERVICE_ACCOUNT" comment="accounts de 0">
<AttributeName attributename="null" columnName="Last password entry" required="no" />
<AttributeName attributename="TSK_USER_ID" columnName="Name" required="yes" />
<AttributeName attributename="TSK_PROG_NAME" columnName="Type" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="Browser - Bookmarks.tsv" description="Browser Bookmarks">
<ArtifactName artifactname="TSK_WEB_BOOKMARK" comment="Browser Bookmarks">
<AttributeName attributename="TSK_DATETIME_CREATED" columnName="Added Date" required="yes" />
@ -173,7 +189,7 @@
</ArtifactName>
</FileName>
<FileName filename="Chrome - History.tsv" description="Chrome History">
<FileName filename="Chrome - Web History.tsv" description="Chrome History">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Chrome History">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
@ -246,7 +262,7 @@
</ArtifactName>
</FileName>
<FileName filename="Edge - History.tsv" description="Edge History">
<FileName filename="Edge - Web History.tsv" description="Edge History">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="Edge History">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Visit Time" required="yes"/>
<AttributeName attributename="TSK_URL" columnName="URL" required="yes"/>
@ -329,6 +345,12 @@
</ArtifactName>
</FileName>
<FileName filename="installed apps - GMS_0.tsv" description="Installed Apps">
<ArtifactName artifactname="TSK_INSTALLED_PROG" comment="Installed Apps GSM">
<AttributeName attributename="TSK_PROG_NAME" columnName="Bundle ID" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="installed apps vending.tsv" description="Installed Apps (Vending)">
<ArtifactName artifactname="TSK_INSTALLED_PROG" comment="Installed Apps (Vending)">
<AttributeName attributename="TSK_DATETIME" columnName="First Download" required="yes" />

73
Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileapp-artifact-attribute-reference.xml
View File

@ -65,6 +65,15 @@
</ArtifactName>
</FileName>
<FileName filename="Bluetooth Other LE.tsv" description="Bluetooth Other LE">
<ArtifactName artifactname="TSK_BLUETOOTH_ADAPTER" comment="Bluetooth Other">
<AttributeName attributename="TSK_NAME" columnName="Name" required="yes" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="Address" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="Bluetooth paired.tsv" description="Bluetooth Paired">
<ArtifactName artifactname="TSK_BLUETOOTH_PAIRING" comment="Bluetooth Paired">
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
@ -77,6 +86,18 @@
</ArtifactName>
</FileName>
<FileName filename="Bluetooth paired LE.tsv" description="Bluetooth Paired LE">
<ArtifactName artifactname="TSK_BLUETOOTH_PAIRING" comment="Bluetooth Paired">
<AttributeName attributename="TSK_DEVICE_ID" columnName="UUID" required="yes" />
<AttributeName attributename="TSK_DEVICE_NAME" columnName="Name" required="yes" />
<AttributeName attributename="null" columnName="Name Origin" required="no" />
<AttributeName attributename="null" columnName="Address" required="no" />
<AttributeName attributename="null" columnName="Resolved Address" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last Seen Time" required="yes" />
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Last Connection Time" required="yes" />
</ArtifactName>
</FileName>
<FileName filename="Calendar Items.tsv" description="Calendar Items">
<ArtifactName artifactname="TSK_CALENDAR_ENTRY" comment="Calendar Items">
<AttributeName attributename="TSK_DATETIME_START" columnName="Start Date" required="yes" />
@ -712,8 +733,24 @@
<AttributeName attributename="null" columnName="Pairing ID" required="no" />
</ArtifactName>
</FileName>
<FileName filename="Recent WebSearches.tsv" description="Recent Web Searches">
<ArtifactName artifactname="TSK_WEB_SEARCH_QUERY" comment="null">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
<AttributeName attributename="TSK_TEXT" columnName="Search Term" required="yes" />
<AttributeName attributename="null" columnName="URL" required="yes" />
<AttributeName attributename="null" columnName="Visit Count" required="no" />
<AttributeName attributename="null" columnName="Title" required="no" />
<AttributeName attributename="null" columnName="iCloud Sync" required="no" />
<AttributeName attributename="null" columnName="Load Successful" required="no" />
<AttributeName attributename="null" columnName="Visit ID" required="no" />
<AttributeName attributename="null" columnName="Redirect Source" required="no" />
<AttributeName attributename="null" columnName="Redirect Destination" required="no" />
<AttributeName attributename="null" columnName="History Item ID" required="no" />
</ArtifactName>
</FileName>
<FileName filename="Safari Browser History.tsv" description="Safari Browser">
<FileName filename="Safari Browser - History.tsv" description="Safari Browser">
<ArtifactName artifactname="TSK_WEB_HISTORY" comment="null">
<AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Visit Time" required="yes" />
<AttributeName attributename="TSK_URL" columnName="URL" required="yes" />
@ -744,7 +781,7 @@
</ArtifactName>
</FileName>
<FileName filename="SMS - iMessage.tsv" description="SMS - iMessage">
<FileName filename="SMS &amp; iMessage - Messages.tsv" description="SMS - iMessage">
<ArtifactName artifactname="TSK_MESSAGE" comment="SMS - iMessage">
<AttributeName attributename="TSK_DATETIME" columnName="Message Date" required="yes" />
<AttributeName attributename="null" columnName="Date Delivered" required="no" />
@ -779,4 +816,36 @@
</ArtifactName>
</FileName>
<FileName filename="Wifi Known Networks.tsv" description="Wifi Known Networks">
<ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
<AttributeName attributename="TSK_SSID" columnName="SSID" required="yes" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="BSSID" required="yes" />
<AttributeName attributename="null" columnName="Network usage" required="no" />
<AttributeName attributename="null" columnName="Country code" required="no" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="Device name" required="yes" />
<AttributeName attributename="null" columnName="Manufacturer" required="no" />
<AttributeName attributename="null" columnName="Serial number" required="no" />
<AttributeName attributename="TSK_DEVICE_MODEL" columnName="Model name" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last joined" required="yes" />
<AttributeName attributename="null" columnName="Last autojoined" required="no" />
<AttributeName attributename="null" columnName="Enabled" required="no" />
</ArtifactName>
</FileName>
<FileName filename="Wifi Network Store Model - Networks.tsv" description="Wifi Network Store Model - Networks">
<ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
<AttributeName attributename="TSK_SSID" columnName="SSID" required="yes" />
<AttributeName attributename="TSK_MAC_ADDRESS" columnName="BSSID" required="yes" />
<AttributeName attributename="null" columnName="Network usage" required="no" />
<AttributeName attributename="null" columnName="Country code" required="no" />
<AttributeName attributename="TSK_DEVICE_ID" columnName="Device name" required="yes" />
<AttributeName attributename="null" columnName="Manufacturer" required="no" />
<AttributeName attributename="null" columnName="Serial number" required="no" />
<AttributeName attributename="TSK_DEVICE_MODEL" columnName="Model name" required="no" />
<AttributeName attributename="TSK_DATETIME" columnName="Last joined" required="yes" />
<AttributeName attributename="null" columnName="Last autojoined" required="no" />
<AttributeName attributename="null" columnName="Enabled" required="no" />
</ArtifactName>
</FileName>
</iLeap_Files_To_Process>