Autopsy  4.14.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
AccountSummary.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.communications.relationships;
20 
21 import com.google.gson.Gson;
22 import java.util.Collection;
23 import java.util.List;
24 import java.util.Set;
25 import java.util.logging.Level;
28 import org.sleuthkit.datamodel.AbstractFile;
29 import org.sleuthkit.datamodel.Account;
30 import org.sleuthkit.datamodel.BlackboardArtifact;
31 import org.sleuthkit.datamodel.BlackboardAttribute;
32 import org.sleuthkit.datamodel.Content;
33 import org.sleuthkit.datamodel.TskCoreException;
34 import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;
35 import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
36 import org.sleuthkit.datamodel.CommunicationsUtils;
37 
42 class AccountSummary {
43 
44  private int attachmentCnt;
45  private int messagesCnt;
46  private int emailCnt;
47  private int callLogCnt;
48  private int contactsCnt;
49  private int mediaCnt;
50  private int referenceCnt;
51 
52  private final Account selectedAccount;
53  private final Set<BlackboardArtifact> artifacts;
54 
55  private static final Logger logger = Logger.getLogger(AccountSummary.class.getName());
56 
63  AccountSummary(Account selectedAccount, Set<BlackboardArtifact> artifacts) {
64  this.selectedAccount = selectedAccount;
65  this.artifacts = artifacts;
66  initCounts();
67  }
68 
72  private void initCounts() {
73  for (BlackboardArtifact artifact : artifacts) {
74  BlackboardArtifact.ARTIFACT_TYPE fromID = BlackboardArtifact.ARTIFACT_TYPE.fromID(artifact.getArtifactTypeID());
75  if (null != fromID) {
76  switch (fromID) {
77  case TSK_EMAIL_MSG:
78  emailCnt++;
79  break;
80  case TSK_CALLLOG:
81  callLogCnt++;
82  break;
83  case TSK_MESSAGE:
84  messagesCnt++;
85  break;
86  case TSK_CONTACT:
87  if (selectedAccount.getAccountType() != Account.Type.DEVICE) {
88  String typeSpecificID = selectedAccount.getTypeSpecificID();
89 
90  List<BlackboardAttribute> attributes = null;
91 
92  try{
93  attributes = artifact.getAttributes();
94  } catch(TskCoreException ex) {
95  logger.log(Level.WARNING, String.format("Unable to getAttributes for artifact: %d", artifact.getArtifactID()), ex);
96  break;
97  }
98 
99  boolean isReference = false;
100 
101  for (BlackboardAttribute attribute : attributes) {
102 
103  String attributeTypeName = attribute.getAttributeType().getTypeName();
104  String attributeValue = attribute.getValueString();
105  try {
106  if (attributeTypeName.contains("PHONE")) {
107  attributeValue = CommunicationsUtils.normalizePhoneNum(attributeValue);
108  } else if (attributeTypeName.contains("EMAIL")) {
109  attributeValue = CommunicationsUtils.normalizeEmailAddress(attributeValue);
110  }
111 
112  if (typeSpecificID.equals(attributeValue)) {
113  isReference = true;
114  break;
115  }
116  } catch (TskCoreException ex) {
117  logger.log(Level.WARNING, String.format("Exception thrown "
118  + "in trying to normalize attribute value: %s",
119  attributeValue), ex); //NON-NLS
120  }
121 
122  }
123  if (isReference) {
124  referenceCnt++;
125  } else {
126  contactsCnt++;
127  }
128  } else {
129  contactsCnt++;
130  }
131  break;
132  default:
133  break;
134  }
135  }
136  try {
137  // count the attachments from the TSK_ATTACHMENTS attribute.
138  BlackboardAttribute attachmentsAttr = artifact.getAttribute(new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS));
139  if (attachmentsAttr != null) {
140  String jsonVal = attachmentsAttr.getValueString();
141  MessageAttachments msgAttachments = new Gson().fromJson(jsonVal, MessageAttachments.class);
142 
143  Collection<FileAttachment> fileAttachments = msgAttachments.getFileAttachments();
144  for (FileAttachment fileAttachment : fileAttachments) {
145  attachmentCnt++;
146  long attachedFileObjId = fileAttachment.getObjectId();
147  if (attachedFileObjId >= 0) {
148  AbstractFile attachedFile = artifact.getSleuthkitCase().getAbstractFileById(attachedFileObjId);
149  if (ImageUtils.thumbnailSupported(attachedFile)) {
150  mediaCnt++;
151  }
152  }
153  }
154  } else { // backward compatibility - email message attachments are derived files, children of the message.
155  attachmentCnt += artifact.getChildrenCount();
156  for (Content childContent : artifact.getChildren()) {
157  if (ImageUtils.thumbnailSupported(childContent)) {
158  mediaCnt++;
159  }
160  }
161  }
162  } catch (TskCoreException ex) {
163  logger.log(Level.WARNING, String.format("Exception thrown "
164  + "from getChildrenCount artifactID: %d",
165  artifact.getArtifactID()), ex); //NON-NLS
166  }
167  }
168  }
169 
175  public int getAttachmentCnt() {
176  return attachmentCnt;
177  }
178 
184  public int getMessagesCnt() {
185  return messagesCnt;
186  }
187 
193  public int getEmailCnt() {
194  return emailCnt;
195  }
196 
202  public int getCallLogCnt() {
203  return callLogCnt;
204  }
205 
211  public int getContactsCnt() {
212  return contactsCnt;
213  }
214 
220  public int getThumbnailCnt() {
221  return mediaCnt;
222  }
223 
229  public int getReferenceCnt() {
230  return referenceCnt;
231  }
232 }

Copyright © 2012-2020 Basis Technology. Generated on: Wed Apr 8 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.