mirror of
https://github.com/overcuriousity/autopsy-flatpak.git
synced 2025-07-06 21:00:22 +00:00
5706: Message attachments.
This commit is contained in:
Raman Arora
parent
b2874340cb
commit
cccbde6452
@ -56,6 +56,10 @@ import org.sleuthkit.datamodel.Content;
|
||||
import org.sleuthkit.datamodel.TskCoreException;
|
||||
import org.sleuthkit.datamodel.TskException;
|
||||
import org.netbeans.swing.etable.ETable;
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.GsonBuilder;
|
||||
import com.google.gson.JsonObject;
|
||||
import com.google.gson.JsonParser;
|
||||
|
||||
/**
|
||||
* Instances of this class display the BlackboardArtifacts associated with the
|
||||
@ -552,6 +556,16 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
|
||||
value = dateFormatter.format(new java.util.Date(epoch * 1000));
|
||||
}
|
||||
break;
|
||||
case JSON:
|
||||
// @TODO: 5726 - return a multilevel bulleted list instead of prettyprint JSON
|
||||
String jsonVal = attr.getValueString();
|
||||
|
||||
JsonParser parser = new JsonParser();
|
||||
JsonObject json = parser.parse(jsonVal).getAsJsonObject();
|
||||
Gson gson = new GsonBuilder().setPrettyPrinting().create();
|
||||
|
||||
value = gson.toJson(json);
|
||||
break;
|
||||
}
|
||||
/*
|
||||
* Attribute sources column.
|
||||
|
||||
@ -122,6 +122,7 @@ public class ArtifactStringContent implements StringContent {
|
||||
case LONG:
|
||||
case DOUBLE:
|
||||
case BYTE:
|
||||
case JSON:
|
||||
default:
|
||||
value = attr.getDisplayString();
|
||||
break;
|
||||
|
||||
@ -768,6 +768,7 @@ public class PortableCaseReportModule implements ReportModule {
|
||||
oldAttr.getValueLong()));
|
||||
break;
|
||||
case STRING:
|
||||
case JSON:
|
||||
newAttrs.add(new BlackboardAttribute(newAttributeType, String.join(",", oldAttr.getSources()),
|
||||
oldAttr.getValueString()));
|
||||
break;
|
||||
|
||||
@ -50,6 +50,8 @@ final class CustomArtifactType {
|
||||
private static final String BYTES_ATTR_DISPLAY_NAME = "Custom Bytes";
|
||||
private static final String STRING_ATTR_TYPE_NAME = "CUSTOM_STRING_ATTRIBUTE";
|
||||
private static final String STRING_ATTR_DISPLAY_NAME = "Custom String";
|
||||
private static final String JSON_ATTR_TYPE_NAME = "CUSTOM_JSON_ATTRIBUTE";
|
||||
private static final String JSON_ATTR_DISPLAY_NAME = "Custom Json";
|
||||
private static BlackboardArtifact.Type artifactType;
|
||||
private static BlackboardAttribute.Type intAttrType;
|
||||
private static BlackboardAttribute.Type doubleAttrType;
|
||||
@ -57,6 +59,7 @@ final class CustomArtifactType {
|
||||
private static BlackboardAttribute.Type dateTimeAttrType;
|
||||
private static BlackboardAttribute.Type bytesAttrType;
|
||||
private static BlackboardAttribute.Type stringAttrType;
|
||||
private static BlackboardAttribute.Type jsonAttrType;
|
||||
|
||||
/**
|
||||
* Adds the custom artifact type, with its associated custom attribute
|
||||
@ -73,6 +76,7 @@ final class CustomArtifactType {
|
||||
dateTimeAttrType = blackboard.getOrAddAttributeType(DATETIME_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, DATETIME_ATTR_DISPLAY_NAME);
|
||||
bytesAttrType = blackboard.getOrAddAttributeType(BYTES_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, BYTES_ATTR_DISPLAY_NAME);
|
||||
stringAttrType = blackboard.getOrAddAttributeType(STRING_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, STRING_ATTR_DISPLAY_NAME);
|
||||
jsonAttrType = blackboard.getOrAddAttributeType(JSON_ATTR_TYPE_NAME, BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON, JSON_ATTR_DISPLAY_NAME);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -244,6 +244,8 @@ public final class FileExporterSettingsPanel extends JPanel {
|
||||
comboBoxValueType.addItem(BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING.getLabel());
|
||||
comboBoxValueType.addItem(BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME.getLabel());
|
||||
comboBoxValueType.addItem(BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE.getLabel());
|
||||
comboBoxValueType.addItem(BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON.getLabel());
|
||||
|
||||
comboBoxValueType.addItem(UNSET);
|
||||
|
||||
load();
|
||||
|
||||
@ -43,10 +43,14 @@ from org.sleuthkit.datamodel import Content
|
||||
from org.sleuthkit.datamodel import TskCoreException
|
||||
from org.sleuthkit.datamodel.Blackboard import BlackboardException
|
||||
from org.sleuthkit.datamodel import Account
|
||||
from org.sleuthkit.datamodel.blackboardutils import FileAttachment
|
||||
from org.sleuthkit.datamodel.blackboardutils import URLAttachment
|
||||
from org.sleuthkit.datamodel.blackboardutils import MessageAttachments
|
||||
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
|
||||
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import MessageReadStatus
|
||||
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import CommunicationDirection
|
||||
|
||||
import json
|
||||
import traceback
|
||||
import general
|
||||
|
||||
@ -66,6 +70,8 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
|
||||
-- A messages table which stores the message details
|
||||
--- sender/receiver buid, timestamp, message_type (1: incoming, 0: outgoing), message_read...
|
||||
--- 'imdata' column stores a json structure with all the message details, including attachments
|
||||
---- attachment file path may be specified in local_path or original_path. Original path, if available is a better candidate.
|
||||
---- For sent files, files seem to get uploaded to IMO Servers. There is no URL available in the imdata though.
|
||||
|
||||
"""
|
||||
|
||||
@ -156,7 +162,7 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
|
||||
msgReadStatus = MessageReadStatus.UNKNOWN
|
||||
|
||||
timeStamp = messagesResultSet.getLong("timestamp") / 1000000000
|
||||
|
||||
msgBody = messagesResultSet.getString("last_message")
|
||||
|
||||
messageArtifact = friendsDBHelper.addMessage(
|
||||
self._MESSAGE_TYPE,
|
||||
@ -166,12 +172,34 @@ class IMOAnalyzer(general.AndroidComponentAnalyzer):
|
||||
timeStamp,
|
||||
msgReadStatus,
|
||||
"", # subject
|
||||
messagesResultSet.getString("last_message"),
|
||||
msgBody,
|
||||
"") # thread id
|
||||
|
||||
# TBD: parse the imdata JSON structure to figure out if there is an attachment.
|
||||
# If one exists, add the attachment as a derived file and a child of the message artifact.
|
||||
|
||||
|
||||
# Parse the imdata JSON structure to check if there is an attachment.
|
||||
# If one exists, create an attachment and add to the message.
|
||||
fileAttachments = ArrayList()
|
||||
urlAttachments = ArrayList()
|
||||
|
||||
imdataJsonStr = messagesResultSet.getString("imdata")
|
||||
if imdataJsonStr is not None:
|
||||
imdata_dict = json.loads(imdataJsonStr)
|
||||
|
||||
# set to none if the key doesn't exist in the dict
|
||||
attachmentOriginalPath = imdata_dict.get('original_path', None)
|
||||
attachmentLocalPath = imdata_dict.get('local_path', None)
|
||||
if attachmentOriginalPath:
|
||||
attachmentPath = attachmentOriginalPath
|
||||
else:
|
||||
attachmentPath = attachmentLocalPath
|
||||
|
||||
if attachmentPath:
|
||||
# Create a file attachment with given path
|
||||
fileAttachment = FileAttachment(current_case.getSleuthkitCase(), friendsDb.getDBFile().getDataSource(), attachmentPath)
|
||||
fileAttachments.add(fileAttachment)
|
||||
|
||||
msgAttachments = MessageAttachments(fileAttachments, [])
|
||||
attachmentArtifact = friendsDBHelper.addAttachments(messageArtifact, msgAttachments)
|
||||
|
||||
except SQLException as ex:
|
||||
self._logger.log(Level.WARNING, "Error processing query result for IMO friends", ex)
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user