6065: Create personas for contact book artifacts

2025-07-14 17:06:16 +00:00 · 2020-04-30 15:42:12 -04:00 · 2020-04-30 15:42:12 -04:00 · e24985cbdf
commit e24985cbdf
parent 1300983a6b
1 changed files with 96 additions and 0 deletions
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
@ -37,6 +37,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
+import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoAccount;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil;
@ -62,6 +63,11 @@ import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
+import org.sleuthkit.autopsy.centralrepository.datamodel.Persona;
+import org.sleuthkit.autopsy.centralrepository.datamodel.PersonaAccount;
+import org.sleuthkit.datamodel.Account;
+import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT;
+import org.sleuthkit.datamodel.CommunicationsUtils;

 /**
 * Listen for ingest events and update entries in the Central Repository
@ -337,6 +343,94 @@ public class IngestEventsListener {
            event = evt;
        }

+        /**
+         * Automatically creates personas from all the TSK_CONTACT artifacts
+         * found in a data source.
+         *
+         * @param dataSource Data source that was just analyzed.
+         * @throws TskCoreException If there is any error getting contact
+         * artifacts from case database.
+         * @throws CentralRepoException If there is an error in creating
+         * personas in the Central Repo.
+         */
+        private void autoGenerateContactPersonas(Content dataSource) throws TskCoreException, CentralRepoException {
+                
+            Blackboard blackboard;
+            try {
+                blackboard = Case.getCurrentCaseThrows().getSleuthkitCase().getBlackboard();
+            } catch (NoCurrentCaseException ex) {
+                LOGGER.log(Level.SEVERE, "Exception while getting open case.", ex);
+                return;
+            }
+            
+             // get all TSK_CONTACT artifacts in this data source.
+            List<BlackboardArtifact> contactArtifacts = blackboard.getArtifacts(TSK_CONTACT.getTypeID(), dataSource.getId());
+            for (BlackboardArtifact artifact : contactArtifacts) {
+
+                BlackboardAttribute nameAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME));
+                String personaName = (nameAttr != null) ? nameAttr.getValueString() : null;
+
+                // Get phone number and email attributes.
+                BlackboardAttribute phoneAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER));
+                BlackboardAttribute homePhoneAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME));
+                BlackboardAttribute mobilePhoneAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE));
+                BlackboardAttribute emailAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL));
+
+                Persona persona = personaFromContactAttribute(null, Account.Type.PHONE, phoneAttr, personaName);
+                persona = personaFromContactAttribute(persona, Account.Type.PHONE, homePhoneAttr, personaName);
+                persona = personaFromContactAttribute(persona, Account.Type.PHONE, mobilePhoneAttr, personaName);
+                personaFromContactAttribute(persona, Account.Type.EMAIL, emailAttr, personaName);
+            }
+        }
+        
+        
+            
+        /**
+         * Gets central repo account for the given attribute for a TSK_CONTACT
+         * artifact. Associates the given persona with that account. Creates a
+         * Persona, if one isn't provided.
+         *
+         * @param persona Persona to associate with the account. May be null, in
+         * which case a persona is created first.
+         * @param accountType Account type of account to be associated.
+         * @param attribute Attribute form which get the account id.
+         * @param personaName Persona name, if a persona needs to be created.
+         * @return Persona created or associated with the account.
+         *
+         * @throws TskCoreException If there is an error in normalizing the
+         * account id.
+         * @throws CentralRepoException If there is an erorr is getting the
+         * account or associating the persona with it.
+         */
+        private Persona personaFromContactAttribute(Persona persona, Account.Type accountType, BlackboardAttribute attribute, String personaName) throws CentralRepoException, TskCoreException {
+
+            Persona personaToReturn = persona;
+            if (attribute != null) {
+
+                String accountId = attribute.getValueString();
+                if (CommunicationsUtils.isValidAccountId(accountType, accountId)) {
+                    if (accountType == Account.Type.PHONE) {
+                        accountId = CommunicationsUtils.normalizePhoneNum(accountId);
+                    } else if (accountType == Account.Type.EMAIL) {
+                        accountId = CommunicationsUtils.normalizeEmailAddress(accountId);
+                    }
+
+                    CentralRepoAccount.CentralRepoAccountType crAccountType = CentralRepository.getInstance().getAccountTypeByName(accountType.getTypeName());
+                    CentralRepoAccount crAccount = CentralRepository.getInstance().getOrCreateAccount(crAccountType, accountId);
+
+                    PersonaAccount personaAccount;
+                    // If persona doesnt exist, create one
+                    if (persona == null) {
+                        personaAccount = Persona.createPersonaForAccount(personaName, "Auto generated contact persona", Persona.PersonaStatus.UNKNOWN, crAccount, "Found in contact book entry", Persona.Confidence.DERIVED);
+                        personaToReturn = personaAccount.getPersona();
+                    } else {
+                        persona.addAccountToPersona(crAccount, "Found in contact book entry", Persona.Confidence.DERIVED);
+                    }
+                }
+            }
+            return personaToReturn;
+        }
+            
        @Override
        public void run() {
            // clear the tracker to reduce memory usage
@ -411,6 +505,8 @@ public class IngestEventsListener {
                            correlationDataSource.setSha256(imageSha256Hash);
                        }
                    }
+                    // automatically generate persona from contact artifacts.
+                    autoGenerateContactPersonas(dataSource);
                }
            } catch (CentralRepoException ex) {
                LOGGER.log(Level.SEVERE, String.format(