Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
BrowserLocationAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.android;
20 
21 import java.io.File;
22 import java.sql.Connection;
23 import java.sql.DriverManager;
24 import java.sql.ResultSet;
25 import java.sql.SQLException;
26 import java.sql.Statement;
27 import java.util.List;
28 import java.util.logging.Level;
29 import org.openide.util.NbBundle;
30 import org.sleuthkit.autopsy.casemodule.Case;
31 import org.sleuthkit.autopsy.casemodule.services.Blackboard;
32 import org.sleuthkit.autopsy.casemodule.services.FileManager;
33 import org.sleuthkit.autopsy.coreutils.Logger;
34 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
35 import org.sleuthkit.autopsy.datamodel.ContentUtils;
36 import org.sleuthkit.autopsy.ingest.IngestJobContext;
37 import org.sleuthkit.datamodel.AbstractFile;
38 import org.sleuthkit.datamodel.BlackboardArtifact;
39 import org.sleuthkit.datamodel.BlackboardAttribute;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.datamodel.TskCoreException;
42 
46 class BrowserLocationAnalyzer {
47 
48  private static final String moduleName = AndroidModuleFactory.getModuleName();
49  private static final Logger logger = Logger.getLogger(BrowserLocationAnalyzer.class.getName());
50  private static Blackboard blackboard;
51 
52  public static void findGeoLocations(Content dataSource, FileManager fileManager,
53  IngestJobContext context) {
54  blackboard = Case.getCurrentCase().getServices().getBlackboard();
55  try {
56  List<AbstractFile> abstractFiles = fileManager.findFiles(dataSource, "CachedGeoposition%.db"); //NON-NLS
57 
58  for (AbstractFile abstractFile : abstractFiles) {
59  try {
60  if (abstractFile.getSize() == 0) {
61  continue;
62  }
63  File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
64  ContentUtils.writeToFile(abstractFile, jFile, context::dataSourceIngestIsCancelled);
65  findGeoLocationsInDB(jFile.toString(), abstractFile);
66  } catch (Exception e) {
67  logger.log(Level.SEVERE, "Error parsing Browser Location files", e); //NON-NLS
68  }
69  }
70  } catch (TskCoreException e) {
71  logger.log(Level.SEVERE, "Error finding Browser Location files", e); //NON-NLS
72 
73  }
74  }
75 
76  @NbBundle.Messages({"BrowserLocationAnalyzer.indexError.message=Failed to index GPS trackpoint artifact for keyword search."})
77  private static void findGeoLocationsInDB(String DatabasePath, AbstractFile f) {
78  Connection connection = null;
79  ResultSet resultSet = null;
80  Statement statement = null;
81  if (DatabasePath == null || DatabasePath.isEmpty()) {
82  return;
83  }
84  try {
85  Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
86  connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
87  statement = connection.createStatement();
88  } catch (ClassNotFoundException | SQLException e) {
89  logger.log(Level.SEVERE, "Error connecting to sql database", e); //NON-NLS
90  return;
91  }
92 
93  try {
94  resultSet = statement.executeQuery(
95  "SELECT timestamp, latitude, longitude, accuracy FROM CachedPosition;"); //NON-NLS
96 
97  while (resultSet.next()) {
98  Long timestamp = Long.valueOf(resultSet.getString("timestamp")) / 1000; //NON-NLS
99  double latitude = Double.valueOf(resultSet.getString("latitude")); //NON-NLS
100  double longitude = Double.valueOf(resultSet.getString("longitude")); //NON-NLS
101 
102  BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_TRACKPOINT);
103  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, moduleName, latitude));
104  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, moduleName, longitude));
105  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, moduleName, timestamp));
106  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, moduleName,
107  NbBundle.getMessage(BrowserLocationAnalyzer.class,
108  "BrowserLocationAnalyzer.bbAttribute.browserLocationHistory")));
109  // bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy));
110 
111  try {
112  // index the artifact for keyword search
113  blackboard.indexArtifact(bba);
114  } catch (Blackboard.BlackboardException ex) {
115  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactTypeName(), ex); //NON-NLS
116  MessageNotifyUtil.Notify.error(
117  Bundle.BrowserLocationAnalyzer_indexError_message(), bba.getDisplayName());
118  }
119  }
120  } catch (Exception e) {
121  logger.log(Level.SEVERE, "Error Putting artifacts to Blackboard", e); //NON-NLS
122  } finally {
123  try {
124  if (resultSet != null) {
125  resultSet.close();
126  }
127  statement.close();
128  connection.close();
129  } catch (Exception e) {
130  logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
131  }
132  }
133 
134  }
135 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:52

Copyright © 2012-2016 Basis Technology. Generated on: Tue Oct 25 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.