Autopsy  4.16.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
XRYContactsFileParser.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datasourceprocessors.xry;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.List;
24 import java.util.logging.Level;
25 import org.sleuthkit.autopsy.coreutils.Logger;
26 import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
27 import org.sleuthkit.datamodel.Account;
28 import org.sleuthkit.datamodel.Blackboard;
29 import org.sleuthkit.datamodel.BlackboardArtifact;
30 import org.sleuthkit.datamodel.BlackboardAttribute;
31 import org.sleuthkit.datamodel.Content;
32 import org.sleuthkit.datamodel.SleuthkitCase;
33 import org.sleuthkit.datamodel.TskCoreException;
34 import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper;
35 
39 final class XRYContactsFileParser extends AbstractSingleEntityParser {
40 
41  private static final Logger logger = Logger.getLogger(XRYContactsFileParser.class.getName());
42 
43  @Override
44  boolean canProcess(XRYKeyValuePair pair) {
45  return XryKey.contains(pair.getKey());
46  }
47 
48  @Override
49  boolean isNamespace(String nameSpace) {
50  //No namespaces are currently known for this report type.
51  return false;
52  }
53 
54  @Override
55  void makeArtifact(List<XRYKeyValuePair> keyValuePairs, Content parent, SleuthkitCase currentCase) throws TskCoreException, Blackboard.BlackboardException {
56  // Transform all the data from XRY land into the appropriate CommHelper
57  // data types.
58  String contactName = null;
59  String phoneNumber = null;
60  String homePhoneNumber = null;
61  String mobilePhoneNumber = null;
62  String emailAddr = null;
63  boolean hasAnEmail = false;
64  final Collection<BlackboardAttribute> additionalAttributes = new ArrayList<>();
65 
66  for (XRYKeyValuePair pair : keyValuePairs) {
67  XryKey xryKey = XryKey.fromDisplayName(pair.getKey());
68  switch (xryKey) {
69  case NAME:
70  if (contactName != null) {
71  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, PARSER_NAME, pair.getValue()));
72  } else {
73  contactName = pair.getValue();
74  }
75  break;
76  case TEL:
77  if (!XRYUtils.isPhoneValid(pair.getValue())) {
78  continue;
79  }
80 
81  if (phoneNumber != null) {
82  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, PARSER_NAME, pair.getValue()));
83  } else {
84  phoneNumber = pair.getValue();
85  }
86  break;
87  case MOBILE:
88  if (!XRYUtils.isPhoneValid(pair.getValue())) {
89  continue;
90  }
91 
92  if (mobilePhoneNumber != null) {
93  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE, PARSER_NAME, pair.getValue()));
94  } else {
95  mobilePhoneNumber = pair.getValue();
96  }
97  break;
98  case HOME:
99  if (!XRYUtils.isPhoneValid(pair.getValue())) {
100  continue;
101  }
102 
103  if (homePhoneNumber != null) {
104  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME, PARSER_NAME, pair.getValue()));
105  } else {
106  homePhoneNumber = pair.getValue();
107  }
108  break;
109  case EMAIL_HOME:
110  if (!XRYUtils.isEmailValid(pair.getValue())) {
111  continue;
112  }
113 
114  hasAnEmail = true;
115  additionalAttributes.add(new BlackboardAttribute(
116  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_HOME,
117  PARSER_NAME, pair.getValue()));
118  break;
119  default:
120  //Otherwise, the XryKey enum contains the correct BlackboardAttribute
121  //type.
122  if (xryKey.getType() != null) {
123  additionalAttributes.add(new BlackboardAttribute(xryKey.getType(),
124  PARSER_NAME, pair.getValue()));
125  }
126 
127  logger.log(Level.INFO, String.format("[XRY DSP] Key value pair "
128  + "(in brackets) [ %s ] was recognized but "
129  + "more data or time is needed to finish implementation. Discarding... ",
130  pair));
131  }
132  }
133 
134  // Make sure we have the required fields, otherwise the CommHelper will
135  // complain about illegal arguments.
136  if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) {
137  CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
138  currentCase, PARSER_NAME, parent, Account.Type.DEVICE);
139 
140  helper.addContact(contactName, phoneNumber, homePhoneNumber,
141  mobilePhoneNumber, emailAddr, additionalAttributes);
142  } else {
143  // Just create an artifact with the attributes that we do have.
144  if (!additionalAttributes.isEmpty()) {
145  BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
146  artifact.addAttributes(additionalAttributes);
147 
148  currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
149  }
150  }
151  }
152 
159  private enum XryKey {
160  NAME("name", null),
161  TEL("tel", null),
162  MOBILE("mobile", null),
163  HOME("home", null),
164  RELATED_APPLICATION("related application", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),
165  ADDRESS_HOME("address home", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION),
166  EMAIL_HOME("email home", null),
167  DELETED("deleted", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ISDELETED),
168  //Ignoring or need more information to decide.
169  STORAGE("storage", null),
170  OTHER("other", null),
171  PICTURE("picture", null),
172  INDEX("index", null),
173  ACCOUNT_NAME("account name", null);
174 
175  private final String name;
176  private final BlackboardAttribute.ATTRIBUTE_TYPE type;
177 
178  XryKey(String name, BlackboardAttribute.ATTRIBUTE_TYPE type) {
179  this.name = name;
180  this.type = type;
181  }
182 
183  BlackboardAttribute.ATTRIBUTE_TYPE getType() {
184  return type;
185  }
186 
190  static boolean contains(String key) {
191  try {
192  XryKey.fromDisplayName(key);
193  return true;
194  } catch (IllegalArgumentException ex) {
195  return false;
196  }
197  }
198 
206  static XryKey fromDisplayName(String key) {
207  String normalizedKey = key.trim().toLowerCase();
208  for (XryKey keyChoice : XryKey.values()) {
209  if (normalizedKey.equals(keyChoice.name)) {
210  return keyChoice;
211  }
212  }
213 
214  throw new IllegalArgumentException(String.format("Key [%s] was not found."
215  + " All keys should be tested with contains.", key));
216  }
217  }
218 }

Copyright © 2012-2020 Basis Technology. Generated on: Tue Sep 22 2020
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.