19 package org.sleuthkit.autopsy.datasourceprocessors.xry;
21 import java.util.ArrayList;
22 import java.util.HashMap;
23 import java.util.List;
25 import java.util.Optional;
26 import java.util.logging.Level;
36 final class XRYDeviceGenInfoFileParser
extends AbstractSingleEntityParser {
38 private static final Logger logger = Logger.getLogger(XRYDeviceGenInfoFileParser.class.getName());
41 private static final String ATTRIBUTE_KEY =
"attribute";
42 private static final String DATA_KEY =
"data";
49 private static final Map<String, BlackboardAttribute.ATTRIBUTE_TYPE> XRY_ATTRIBUTE_VALUES
50 =
new HashMap<String, BlackboardAttribute.ATTRIBUTE_TYPE>() {
52 put(
"device name", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_NAME);
53 put(
"device type", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE);
54 put(
"mobile id (imei)", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI);
55 put(
"security code", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PASSWORD);
56 put(
"unlock code", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PASSWORD);
57 put(
"imei/meid", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI);
58 put(
"model", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL);
59 put(
"wifi address", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MAC_ADDRESS);
60 put(
"subscriber id (imsi)", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMSI);
64 put(
"device clock", null);
65 put(
"pc clock", null);
68 put(
"device family", null);
69 put(
"advertising id", null);
70 put(
"device status", null);
71 put(
"baseband version", null);
72 put(
"sim status", null);
73 put(
"manufacturer", null);
74 put(
"revision", null);
80 boolean canProcess(XRYKeyValuePair pair) {
81 String key = pair.getKey().trim().toLowerCase();
82 return key.equals(DATA_KEY) || key.equals(ATTRIBUTE_KEY);
86 boolean isNamespace(String nameSpace) {
92 void makeArtifact(List<XRYKeyValuePair> keyValuePairs, Content parent)
throws TskCoreException {
93 List<BlackboardAttribute> attributes =
new ArrayList<>();
94 for(
int i = 0; i < keyValuePairs.size(); i+=2) {
95 Optional<BlackboardAttribute> attribute;
96 if(i + 1 == keyValuePairs.size()) {
97 attribute = getBlackboardAttribute(keyValuePairs.get(i));
99 attribute = getBlackboardAttribute(keyValuePairs.get(i), keyValuePairs.get(i+1));
101 if(attribute.isPresent()) {
102 attributes.add(attribute.get());
105 if(!attributes.isEmpty()) {
106 BlackboardArtifact artifact = parent.newArtifact(
107 BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO);
108 artifact.addAttributes(attributes);
117 private Optional<BlackboardAttribute> getBlackboardAttribute(XRYKeyValuePair pair) {
118 if (pair.hasKey(DATA_KEY)) {
119 return Optional.of(
new BlackboardAttribute(
120 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
121 PARSER_NAME, pair.getValue()));
124 logger.log(Level.WARNING,
"Expected a 'Data' key value pair, but [ %s ] "
125 +
"was found.", pair);
127 return Optional.empty();
136 private Optional<BlackboardAttribute> getBlackboardAttribute(XRYKeyValuePair firstPair, XRYKeyValuePair secondPair) {
137 String attributeValue;
139 if (firstPair.hasKey(DATA_KEY) && secondPair.hasKey(ATTRIBUTE_KEY)) {
140 dataValue = firstPair.getValue();
141 attributeValue = secondPair.getValue();
142 }
else if (firstPair.hasKey(ATTRIBUTE_KEY) && secondPair.hasKey(DATA_KEY)) {
143 dataValue = secondPair.getValue();
144 attributeValue = firstPair.getValue();
146 logger.log(Level.WARNING, String.format(
"[XRY DSP] Expected these key value"
147 +
" pairs (in brackets) [ %s ], [ %s ] to be an 'Attribute' and 'Data' "
148 +
"pair.", firstPair, secondPair));
149 return Optional.empty();
152 String normalizedAttributeValue = attributeValue.toLowerCase();
153 if (!XRY_ATTRIBUTE_VALUES.containsKey(normalizedAttributeValue)) {
154 logger.log(Level.WARNING, String.format(
"[XRY DSP] Key value pair "
155 +
"(in brackets) [ %s : %s ] was not recognized. Discarding... ",
156 attributeValue, dataValue));
157 return Optional.empty();
160 BlackboardAttribute.ATTRIBUTE_TYPE attrType = XRY_ATTRIBUTE_VALUES.get(normalizedAttributeValue);
161 if (attrType == null) {
162 logger.log(Level.WARNING, String.format(
"[XRY DSP] Key value pair "
163 +
"(in brackets) [ %s : %s ] was recognized but we need "
164 +
"more data or time to finish implementation. Discarding... ",
165 attributeValue, dataValue));
166 return Optional.empty();
169 return Optional.of(
new BlackboardAttribute(attrType, PARSER_NAME, dataValue));