19 package org.sleuthkit.autopsy.datasourceprocessors.xry;
21 import java.util.ArrayList;
22 import java.util.HashMap;
23 import java.util.List;
25 import java.util.Optional;
26 import java.util.logging.Level;
38 final class XRYDeviceGenInfoFileParser
extends AbstractSingleEntityParser {
40 private static final Logger logger = Logger.getLogger(XRYDeviceGenInfoFileParser.class.getName());
43 private static final String ATTRIBUTE_KEY =
"attribute";
44 private static final String DATA_KEY =
"data";
51 private static final Map<String, BlackboardAttribute.ATTRIBUTE_TYPE> XRY_ATTRIBUTE_VALUES
52 =
new HashMap<String, BlackboardAttribute.ATTRIBUTE_TYPE>() {
54 put(
"device name", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_NAME);
55 put(
"device type", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE);
56 put(
"mobile id (imei)", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI);
57 put(
"security code", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PASSWORD);
58 put(
"unlock code", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PASSWORD);
59 put(
"imei/meid", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI);
60 put(
"model", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL);
61 put(
"wifi address", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MAC_ADDRESS);
62 put(
"subscriber id (imsi)", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMSI);
66 put(
"device clock", null);
67 put(
"pc clock", null);
70 put(
"device family", null);
71 put(
"advertising id", null);
72 put(
"device status", null);
73 put(
"baseband version", null);
74 put(
"sim status", null);
75 put(
"manufacturer", null);
76 put(
"revision", null);
82 boolean canProcess(XRYKeyValuePair pair) {
83 String key = pair.getKey().trim().toLowerCase();
84 return key.equals(DATA_KEY) || key.equals(ATTRIBUTE_KEY);
88 boolean isNamespace(String nameSpace) {
94 void makeArtifact(List<XRYKeyValuePair> keyValuePairs, Content parent, SleuthkitCase currentCase)
throws TskCoreException, Blackboard.BlackboardException {
95 List<BlackboardAttribute> attributes =
new ArrayList<>();
96 for(
int i = 0; i < keyValuePairs.size(); i+=2) {
97 Optional<BlackboardAttribute> attribute;
98 if(i + 1 == keyValuePairs.size()) {
99 attribute = getBlackboardAttribute(keyValuePairs.get(i));
101 attribute = getBlackboardAttribute(keyValuePairs.get(i), keyValuePairs.get(i+1));
103 if(attribute.isPresent()) {
104 attributes.add(attribute.get());
107 if(!attributes.isEmpty()) {
108 BlackboardArtifact artifact = parent.newArtifact(
109 BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO);
110 artifact.addAttributes(attributes);
119 private Optional<BlackboardAttribute> getBlackboardAttribute(XRYKeyValuePair pair) {
120 if (pair.hasKey(DATA_KEY)) {
121 return Optional.of(
new BlackboardAttribute(
122 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
123 PARSER_NAME, pair.getValue()));
126 logger.log(Level.WARNING,
"Expected a 'Data' key value pair, but [ %s ] "
127 +
"was found.", pair);
129 return Optional.empty();
138 private Optional<BlackboardAttribute> getBlackboardAttribute(XRYKeyValuePair firstPair, XRYKeyValuePair secondPair) {
139 String attributeValue;
141 if (firstPair.hasKey(DATA_KEY) && secondPair.hasKey(ATTRIBUTE_KEY)) {
142 dataValue = firstPair.getValue();
143 attributeValue = secondPair.getValue();
144 }
else if (firstPair.hasKey(ATTRIBUTE_KEY) && secondPair.hasKey(DATA_KEY)) {
145 dataValue = secondPair.getValue();
146 attributeValue = firstPair.getValue();
148 logger.log(Level.WARNING, String.format(
"[XRY DSP] Expected these key value"
149 +
" pairs (in brackets) [ %s ], [ %s ] to be an 'Attribute' and 'Data' "
150 +
"pair.", firstPair, secondPair));
151 return Optional.empty();
154 String normalizedAttributeValue = attributeValue.toLowerCase();
155 if (!XRY_ATTRIBUTE_VALUES.containsKey(normalizedAttributeValue)) {
156 logger.log(Level.WARNING, String.format(
"[XRY DSP] Key value pair "
157 +
"(in brackets) [ %s : %s ] was not recognized. Discarding... ",
158 attributeValue, dataValue));
159 return Optional.empty();
162 BlackboardAttribute.ATTRIBUTE_TYPE attrType = XRY_ATTRIBUTE_VALUES.get(normalizedAttributeValue);
163 if (attrType == null) {
164 logger.log(Level.WARNING, String.format(
"[XRY DSP] Key value pair "
165 +
"(in brackets) [ %s : %s ] was recognized but we need "
166 +
"more data or time to finish implementation. Discarding... ",
167 attributeValue, dataValue));
168 return Optional.empty();
171 return Optional.of(
new BlackboardAttribute(attrType, PARSER_NAME, dataValue));