mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
Update oruxmaps.py
Use new geoPointList with geoArtifactHelper along with changing point of interest from trackpoint to bookmark.
This commit is contained in:
Mark McKinnon
parent
e8e05d634e
commit
cb52b73fcf
@ -44,6 +44,8 @@ from org.sleuthkit.datamodel import BlackboardAttribute
|
|||||||
from org.sleuthkit.datamodel import Content
|
from org.sleuthkit.datamodel import Content
|
||||||
from org.sleuthkit.datamodel import TskCoreException
|
from org.sleuthkit.datamodel import TskCoreException
|
||||||
from org.sleuthkit.datamodel.Blackboard import BlackboardException
|
from org.sleuthkit.datamodel.Blackboard import BlackboardException
|
||||||
|
from org.sleuthkit.datamodel.blackboardutils import GeoArtifactsHelper
|
||||||
|
from org.sleuthkit.datamodel.blackboardutils.attributes import TskGeoTrackpointsUtil
|
||||||
|
|
||||||
import traceback
|
import traceback
|
||||||
import general
|
import general
|
||||||
@ -68,7 +70,10 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
try:
|
try:
|
||||||
current_case = Case.getCurrentCaseThrows()
|
current_case = Case.getCurrentCaseThrows()
|
||||||
|
|
||||||
poiQueryString = "SELECT poilat, poilon, poitime, poiname FROM pois"
|
skCase = Case.getCurrentCase().getSleuthkitCase()
|
||||||
|
geoArtifactHelper = GeoArtifactsHelper(skCase, self._MODULE_NAME, self._PROGRAM_NAME, oruxMapsTrackpointsDb.getDBFile())
|
||||||
|
|
||||||
|
poiQueryString = "SELECT poilat, poilon, poialt, poitime, poiname FROM pois"
|
||||||
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
|
poisResultSet = oruxMapsTrackpointsDb.runQuery(poiQueryString)
|
||||||
abstractFile = oruxMapsTrackpointsDb.getDBFile()
|
abstractFile = oruxMapsTrackpointsDb.getDBFile()
|
||||||
if poisResultSet is not None:
|
if poisResultSet is not None:
|
||||||
@ -77,12 +82,14 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
longitude = poisResultSet.getDouble("poilon")
|
longitude = poisResultSet.getDouble("poilon")
|
||||||
time = poisResultSet.getLong("poitime") / 1000 # milliseconds since unix epoch
|
time = poisResultSet.getLong("poitime") / 1000 # milliseconds since unix epoch
|
||||||
name = poisResultSet.getString("poiname")
|
name = poisResultSet.getString("poiname")
|
||||||
|
altitude = poisResultSet.getDouble("poialt")
|
||||||
|
|
||||||
attributes = ArrayList()
|
attributes = ArrayList()
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time))
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude))
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude))
|
||||||
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_ALTITUDE, self._MODULE_NAME, altitude))
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name))
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME))
|
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME))
|
||||||
|
|
||||||
@ -96,32 +103,61 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
|
|||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
MessageNotifyUtil.Notify.error("Failed to index trackpoint artifact for keyword search.", artifact.getDisplayName())
|
MessageNotifyUtil.Notify.error("Failed to index trackpoint artifact for keyword search.", artifact.getDisplayName())
|
||||||
|
|
||||||
trackpointsQueryString = "SELECT trkptlat, trkptlon, trkpttime FROM trackpoints"
|
|
||||||
|
# tracks -> segments -> trackpoints
|
||||||
|
#
|
||||||
|
# The reason that the track and the segment are put into arrays is that once the segment query is run an error occurs that it cannot find the
|
||||||
|
# trackname column in the track query. This is avoided if all the tracks/segments are found and put into an array(s) that can then be processed all at once.
|
||||||
|
trackQueryString = "SELECT _id, trackname, trackciudad FROM tracks"
|
||||||
|
trackResultSet = oruxMapsTrackpointsDb.runQuery(trackQueryString)
|
||||||
|
if trackResultSet is not None:
|
||||||
|
trackResults = ArrayList()
|
||||||
|
while trackResultSet.next():
|
||||||
|
tempTrack = ArrayList()
|
||||||
|
trackName = trackResultSet.getString("trackname") + " - " + trackResultSet.getString("trackciudad")
|
||||||
|
trackId = str(trackResultSet.getInt("_id"))
|
||||||
|
tempTrack.append(trackId)
|
||||||
|
tempTrack.append(trackName)
|
||||||
|
trackResults.append(tempTrack)
|
||||||
|
for trackResult in trackResults:
|
||||||
|
trackId = trackResult[0]
|
||||||
|
trackName = trackResult[1]
|
||||||
|
segmentQueryString = "SELECT _id, segname FROM segments WHERE segtrack = " + trackId
|
||||||
|
segmentResultSet = oruxMapsTrackpointsDb.runQuery(segmentQueryString)
|
||||||
|
if segmentResultSet is not None:
|
||||||
|
segmentResults = ArrayList()
|
||||||
|
while segmentResultSet.next():
|
||||||
|
segmentName = trackName + " - " + segmentResultSet.getString("segname")
|
||||||
|
segmentId = str(segmentResultSet.getInt("_id"))
|
||||||
|
tempSegment = ArrayList()
|
||||||
|
tempSegment.append(segmentId)
|
||||||
|
tempSegment.append(segmentName)
|
||||||
|
segmentResults.append(tempSegment)
|
||||||
|
for segmentResult in segmentResults:
|
||||||
|
segmentId = segmentResult[0]
|
||||||
|
segmentName = segmentResult[1]
|
||||||
|
trackpointsQueryString = "SELECT trkptlat, trkptlon, trkptalt, trkpttime FROM trackpoints WHERE trkptseg = " + segmentId
|
||||||
trackpointsResultSet = oruxMapsTrackpointsDb.runQuery(trackpointsQueryString)
|
trackpointsResultSet = oruxMapsTrackpointsDb.runQuery(trackpointsQueryString)
|
||||||
if trackpointsResultSet is not None:
|
if trackpointsResultSet is not None:
|
||||||
|
geoPointList = TskGeoTrackpointsUtil.GeoTrackPointList()
|
||||||
while trackpointsResultSet.next():
|
while trackpointsResultSet.next():
|
||||||
latitude = trackpointsResultSet.getDouble("trkptlat")
|
latitude = trackpointsResultSet.getDouble("trkptlat")
|
||||||
longitude = trackpointsResultSet.getDouble("trkptlon")
|
longitude = trackpointsResultSet.getDouble("trkptlon")
|
||||||
|
altitude = trackpointsResultSet.getDouble("trkptalt")
|
||||||
time = trackpointsResultSet.getLong("trkpttime") / 1000 # milliseconds since unix epoch
|
time = trackpointsResultSet.getLong("trkpttime") / 1000 # milliseconds since unix epoch
|
||||||
name = ""
|
|
||||||
|
|
||||||
attributes = ArrayList()
|
geoPointList.addPoint(latitude, longitude, altitude, segmentName, 0, 0, 0, time)
|
||||||
artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT)
|
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time))
|
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude))
|
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude))
|
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name))
|
|
||||||
attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME))
|
|
||||||
|
|
||||||
artifact.addAttributes(attributes)
|
|
||||||
try:
|
try:
|
||||||
# index the artifact for keyword search
|
geoartifact = geoArtifactHelper.addTrack(segmentName, geoPointList, None)
|
||||||
blackboard = Case.getCurrentCase().getSleuthkitCase().getBlackboard()
|
|
||||||
blackboard.postArtifact(artifact, self._MODULE_NAME)
|
|
||||||
except Blackboard.BlackboardException as ex:
|
except Blackboard.BlackboardException as ex:
|
||||||
self._logger.log(Level.SEVERE, "Unable to index blackboard artifact " + str(artifact.getArtifactID()), ex)
|
self._logger.log(Level.SEVERE, "Error using geo artifact helper with blackboard", ex)
|
||||||
self._logger.log(Level.SEVERE, traceback.format_exc())
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
MessageNotifyUtil.Notify.error("Failed to index trackpoint artifact for keyword search.", artifact.getDisplayName())
|
MessageNotifyUtil.Notify.error("Failed to add track artifact.", "geoArtifactHelper")
|
||||||
|
except TskCoreException as e:
|
||||||
|
self._logger.log(Level.SEVERE, "Error using geo artifact helper with TskCoreException", ex)
|
||||||
|
self._logger.log(Level.SEVERE, traceback.format_exc())
|
||||||
|
MessageNotifyUtil.Notify.error("Failed to add track artifact with TskCoreException.", "geoArtifactHelper")
|
||||||
|
|
||||||
except SQLException as ex:
|
except SQLException as ex:
|
||||||
self._logger.log(Level.WARNING, "Error processing query result for Orux Map trackpoints.", ex)
|
self._logger.log(Level.WARNING, "Error processing query result for Orux Map trackpoints.", ex)
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user