Autopsy  4.10.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CallLogAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014-2018 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.iOS;
20 
21 import java.sql.Connection;
22 import java.sql.DriverManager;
23 import java.sql.ResultSet;
24 import java.sql.SQLException;
25 import java.sql.Statement;
26 import java.util.ArrayList;
27 import java.util.Collection;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle.Messages;
31 import org.sleuthkit.autopsy.casemodule.Case;
32 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
33 import org.sleuthkit.autopsy.casemodule.services.Blackboard;
34 import org.sleuthkit.autopsy.coreutils.Logger;
35 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
36 import org.sleuthkit.autopsy.datamodel.ContentUtils;
37 import org.sleuthkit.autopsy.ingest.IngestJobContext;
38 import org.sleuthkit.datamodel.AbstractFile;
39 import org.sleuthkit.datamodel.BlackboardArtifact;
40 import org.sleuthkit.datamodel.BlackboardAttribute;
41 import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
42 import org.sleuthkit.datamodel.SleuthkitCase;
43 import org.sleuthkit.datamodel.TskCoreException;
44 
48 final class CallLogAnalyzer {
49 
50  private Connection connection = null;
51  private ResultSet resultSet = null;
52  private Statement statement = null;
53  private long fileId = 0;
54  private java.io.File jFile = null;
55  private final String moduleName = iOSModuleFactory.getModuleName();
56  private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName());
57  private Blackboard blackboard;
58 
64  public void findCallLogs(IngestJobContext context) {
65  Case openCase;
66  try {
67  openCase = Case.getCurrentCaseThrows();
68  } catch (NoCurrentCaseException ex) {
69  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
70  return;
71  }
72  blackboard = openCase.getServices().getBlackboard();
73  List<AbstractFile> absFiles;
74  try {
75  SleuthkitCase skCase = openCase.getSleuthkitCase();
76  absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //NON-NLS //get exact file names
77  if (absFiles.isEmpty()) {
78  return;
79  }
80  for (AbstractFile file : absFiles) {
81  String dbPath = "";
82  try {
83  jFile = new java.io.File(Case.getCurrentCaseThrows().getTempDirectory(), file.getName().replaceAll("[<>%|\"/:*\\\\]", ""));
84  dbPath = jFile.toString(); //path of file as string
85  fileId = file.getId();
86  ContentUtils.writeToFile(file, jFile, context::dataSourceIngestIsCancelled);
87  findCallLogsInDB(dbPath, fileId);
88  } catch (ReadContentInputStreamException ex) {
89  logger.log(Level.WARNING, String.format("Error reading content from file '%s' (id=%d).", file.getName(), fileId), ex); //NON-NLS
90  } catch (Exception ex) {
91  logger.log(Level.SEVERE, String.format("Error writing content from file '%s' (id=%d) to '%s'.", file.getName(), fileId, dbPath), ex); //NON-NLS
92  }
93  }
94  } catch (TskCoreException e) {
95  logger.log(Level.SEVERE, "Error finding Call logs", e); //NON-NLS
96  }
97  }
98 
105  @Messages({"CallLogAnalyzer.indexError.message=Failed to index call log artifact for keyword search."})
106  private void findCallLogsInDB(String DatabasePath, long fileId) {
107  if (DatabasePath == null || DatabasePath.isEmpty()) {
108  return;
109  }
110  try {
111  Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
112  connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
113  statement = connection.createStatement();
114  } catch (ClassNotFoundException | SQLException e) {
115  logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
116  }
117 
118  Case currentCase;
119  try {
120  currentCase = Case.getCurrentCaseThrows();
121  } catch (NoCurrentCaseException ex) {
122  logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
123  return;
124  }
125  SleuthkitCase skCase = currentCase.getSleuthkitCase();
126  try {
127  AbstractFile file = skCase.getAbstractFileById(fileId);
128  if (file == null) {
129  logger.log(Level.SEVERE, "Error getting abstract file {0}", fileId); //NON-NLS
130  return;
131  }
132 
133  try {
134  resultSet = statement.executeQuery(
135  "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;"); //NON-NLS
136 
137  BlackboardArtifact bba;
138  String name; // name of person dialed or called. null if unregistered
139  String number; //string phone number
140  String duration; //duration of call in seconds
141  String date; // Unix time
142  String type; // 1 incoming, 2 outgoing, 3 missed
143 
144  while (resultSet.next()) {
145  name = resultSet.getString("name"); //NON-NLS
146  number = resultSet.getString("number"); //NON-NLS
147  duration = resultSet.getString("duration"); //NON-NLS
148  date = resultSet.getString("date"); //NON-NLS
149  type = resultSet.getString("type"); //NON-NLS
150 
151  bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
152  Collection<BlackboardAttribute> attributes = new ArrayList<>();
153  if (type.equalsIgnoreCase("outgoing")) { //NON-NLS
154  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, number));
155  } else {
156  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, number));
157  }
158  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, moduleName, date)); // RC: Should be long!
159  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, moduleName, duration + date)); // RC: Should be long!
160  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
161  attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
162 
163  bba.addAttributes(attributes);
164  try {
165  // index the artifact for keyword search
166  blackboard.indexArtifact(bba);
167  } catch (Blackboard.BlackboardException ex) {
168  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS
169  MessageNotifyUtil.Notify.error(
170  Bundle.CallLogAnalyzer_indexError_message(), bba.getDisplayName());
171  }
172  }
173  } catch (Exception e) {
174  logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS
175  } finally {
176  try {
177  resultSet.close();
178  statement.close();
179  connection.close();
180  } catch (Exception e) {
181  logger.log(Level.SEVERE, "Error closing the database", e); //NON-NLS
182  }
183  }
184  } catch (Exception e) {
185  logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS
186  }
187 
188  }
189 
190 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:55
org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile
static< T > long writeToFile(Content content, java.io.File outputFile, ProgressHandle progress, Future< T > worker, boolean source)
Definition: ContentUtils.java:210
org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error
static void error(String title, String message)
Definition: MessageNotifyUtil.java:227
org.sleuthkit.autopsy.casemodule.services.Blackboard.indexArtifact
synchronized void indexArtifact(BlackboardArtifact artifact)
Definition: Blackboard.java:58
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:124

Copyright © 2012-2018 Basis Technology. Generated on: Fri Mar 22 2019
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.