From f11e3cbc5e9ec582cc97c42bedf6d09ea37740c9 Mon Sep 17 00:00:00 2001 From: Alex Ebadirad Date: Tue, 12 Jun 2012 16:41:20 -0700 Subject: [PATCH] Most recent changes to mbox. --- .../autopsy/mboxparser/MboxEmailParser.java | 23 ++++++++++++++++--- .../mboxparser/MboxFileIngestService.java | 2 ++ 2 files changed, 22 insertions(+), 3 deletions(-) diff --git a/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxEmailParser.java b/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxEmailParser.java index 7cb7eab156..898781b4fa 100644 --- a/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxEmailParser.java +++ b/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxEmailParser.java @@ -65,9 +65,10 @@ public class MboxEmailParser { this.mimeType = tika.detect(this.stream); this.parser = new MboxParser(); this.context = new ParseContext(); - this.contentHandler = new BodyContentHandler(10*1024*1024); + + this.contentHandler = new BodyContentHandler(-1); //Seems like setting this causes the metadata not to output all of it. - this.metadata.set(Metadata.CONTENT_TYPE, this.mimeType); + // this.metadata.set(Metadata.CONTENT_TYPE, this.mimeType); } public void parse() throws FileNotFoundException, IOException, SAXException, TikaException @@ -82,6 +83,7 @@ public class MboxEmailParser { { init(); parser.parse(inStream,this.contentHandler, this.metadata, context); + String blbha = "stop"; } public Metadata getMetadata() @@ -147,6 +149,21 @@ public class MboxEmailParser { return ftime; } + public String getApplication() + { + String client; + String userAgent = ""; + userAgent = this.metadata.get("MboxParser-user-agent"); + if(userAgent.matches("(?i).*Thunderbird.*")) + { + client = "Thunderbird"; + } + else{ + client = "Unknown"; + } + return client; + } + public String getContenType() { return this.metadata.get(Metadata.CONTENT_TYPE); @@ -159,7 +176,7 @@ public class MboxEmailParser { public String getFrom() { - return this.metadata.get(Metadata.MESSAGE_FROM); + return this.metadata.get(Metadata.AUTHOR); } public String getTo() diff --git a/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxFileIngestService.java b/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxFileIngestService.java index 36a4355897..e8993058dd 100644 --- a/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxFileIngestService.java +++ b/MboxEmailModule/src/org/sleuthkit/autopsy/mboxparser/MboxFileIngestService.java @@ -77,6 +77,7 @@ public class MboxFileIngestService implements IngestServiceAbstractFile { ReadContentInputStream contentStream = new ReadContentInputStream(fsContent); mbox.parse(contentStream); String content = mbox.getContent(); + String client = mbox.getApplication(); String from = mbox.getFrom(); String to = mbox.getTo(); Long date = mbox.getDateCreated(); @@ -95,6 +96,7 @@ public class MboxFileIngestService implements IngestServiceAbstractFile { bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_RCVD.getTypeID(), classname, "", date)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_SENT.getTypeID(), classname, "", date)); bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), classname, "", subject)); + bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), classname, "", client)); BlackboardArtifact bbart; try { bbart = fsContent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG);