diff --git a/InternalPythonModules/android/oruxmaps.py b/InternalPythonModules/android/oruxmaps.py index 4577ea5f2f..d08414cdf4 100644 --- a/InternalPythonModules/android/oruxmaps.py +++ b/InternalPythonModules/android/oruxmaps.py @@ -44,6 +44,8 @@ from org.sleuthkit.datamodel import BlackboardAttribute from org.sleuthkit.datamodel import Content from org.sleuthkit.datamodel import TskCoreException from org.sleuthkit.datamodel.Blackboard import BlackboardException +from org.sleuthkit.datamodel.blackboardutils import GeoArtifactsHelper +from org.sleuthkit.datamodel.blackboardutils.attributes import TskGeoTrackpointsUtil import traceback import general @@ -68,7 +70,10 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): try: current_case = Case.getCurrentCaseThrows() - poiQueryString = "SELECT poilat, poilon, poitime, poiname FROM pois" + skCase = Case.getCurrentCase().getSleuthkitCase() + geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile()) + + poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois" poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString) abstractFile = oruxMapsTrackpointsDb.getDBFile() if poisResultSet is not None: @@ -77,12 +82,14 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): longitude = poisResultSet.getDouble("poilon") time = poisResultSet.getLong("poitime") / 1000 # milliseconds since unix epoch name = poisResultSet.getString("poiname") + altitude = poisResultSet.getDouble("poialt") attributes = ArrayList() - artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT) + artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time)) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude)) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude)) + attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_ALTITUDE, self._MODULE_NAME, altitude)) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name)) attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME)) @@ -96,32 +103,61 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer): self._logger.log(Level.SEVERE, traceback.format_exc()) MessageNotifyUtil.Notify.error("Failed to index trackpoint artifact for keyword search.", artifact.getDisplayName()) - trackpointsQueryString = "SELECT trkptlat, trkptlon, trkpttime FROM trackpoints" - trackpointsResultSet = oruxMapsTrackpointsDb.runQuery(trackpointsQueryString) - if trackpointsResultSet is not None: - while trackpointsResultSet.next(): - latitude = trackpointsResultSet.getDouble("trkptlat") - longitude = trackpointsResultSet.getDouble("trkptlon") - time = trackpointsResultSet.getLong("trkpttime") / 1000 # milliseconds since unix epoch - name = "" - attributes = ArrayList() - artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name)) - attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME)) - - artifact.addAttributes(attributes) - try: - # index the artifact for keyword search - blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard() - blackboard.postArtifact(artifact, self._MODULE_NAME) - except Blackboard.BlackboardException as ex: - self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex) - self._logger.log(Level.SEVERE, traceback.format_exc()) - MessageNotifyUtil.Notify.error("Failed to index trackpoint artifact for keyword search.", artifact.getDisplayName()) + # tracks -> segments -> trackpoints + # + # The reason that the track and the segment are put into arrays is that once the segment query is run an error occurs that it cannot find the + # trackname column in the track query. This is avoided if all the tracks/segments are found and put into an array(s) that can then be processed all at once. + trackQueryString = "SELECT _id, trackname, trackciudad FROM tracks" + trackResultSet = oruxMapsTrackpointsDb.runQuery(trackQueryString) + if trackResultSet is not None: + trackResults = ArrayList() + while trackResultSet.next(): + tempTrack = ArrayList() + trackName = trackResultSet.getString("trackname") + " - " + trackResultSet.getString("trackciudad") + trackId = str(trackResultSet.getInt("_id")) + tempTrack.append(trackId) + tempTrack.append(trackName) + trackResults.append(tempTrack) + for trackResult in trackResults: + trackId = trackResult[0] + trackName = trackResult[1] + segmentQueryString = "SELECT _id, segname FROM segments WHERE segtrack = " + trackId + segmentResultSet = oruxMapsTrackpointsDb.runQuery(segmentQueryString) + if segmentResultSet is not None: + segmentResults = ArrayList() + while segmentResultSet.next(): + segmentName = trackName + " - " + segmentResultSet.getString("segname") + segmentId = str(segmentResultSet.getInt("_id")) + tempSegment = ArrayList() + tempSegment.append(segmentId) + tempSegment.append(segmentName) + segmentResults.append(tempSegment) + for segmentResult in segmentResults: + segmentId = segmentResult[0] + segmentName = segmentResult[1] + trackpointsQueryString = "SELECT trkptlat, trkptlon, trkptalt, trkpttime FROM trackpoints WHERE trkptseg = " + segmentId + trackpointsResultSet = oruxMapsTrackpointsDb.runQuery(trackpointsQueryString) + if trackpointsResultSet is not None: + geoPointList = TskGeoTrackpointsUtil.GeoTrackPointList() + while trackpointsResultSet.next(): + latitude = trackpointsResultSet.getDouble("trkptlat") + longitude = trackpointsResultSet.getDouble("trkptlon") + altitude = trackpointsResultSet.getDouble("trkptalt") + time = trackpointsResultSet.getLong("trkpttime") / 1000 # milliseconds since unix epoch + + geoPointList.addPoint(latitude, longitude, altitude, segmentName, 0, 0, 0, time) + + try: + geoartifact = geoArtifactHelper.addTrack(segmentName, geoPointList, None) + except Blackboard.BlackboardException as ex: + self._logger.log(Level.SEVERE, "Error using geo artifact helper with blackboard", ex) + self._logger.log(Level.SEVERE, traceback.format_exc()) + MessageNotifyUtil.Notify.error("Failed to add track artifact.", "geoArtifactHelper") + except TskCoreException as e: + self._logger.log(Level.SEVERE, "Error using geo artifact helper with TskCoreException", ex) + self._logger.log(Level.SEVERE, traceback.format_exc()) + MessageNotifyUtil.Notify.error("Failed to add track artifact with TskCoreException.", "geoArtifactHelper") except SQLException as ex: self._logger.log(Level.WARNING, "Error processing query result for Orux Map trackpoints.", ex)