19 package org.sleuthkit.autopsy.datasourceprocessors.xry;
21 import java.util.ArrayList;
22 import java.util.HashMap;
23 import java.util.List;
25 import java.util.Optional;
26 import java.util.logging.Level;
39 final class XRYDeviceGenInfoFileParser
extends AbstractSingleEntityParser {
41 private static final Logger logger = Logger.getLogger(XRYDeviceGenInfoFileParser.class.getName());
44 private static final String ATTRIBUTE_KEY =
"attribute";
45 private static final String DATA_KEY =
"data";
52 private static final Map<String, BlackboardAttribute.ATTRIBUTE_TYPE> XRY_ATTRIBUTE_VALUES
53 =
new HashMap<String, BlackboardAttribute.ATTRIBUTE_TYPE>() {
55 put(
"device name", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_NAME);
56 put(
"device type", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE);
57 put(
"mobile id (imei)", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI);
58 put(
"security code", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PASSWORD);
59 put(
"unlock code", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PASSWORD);
60 put(
"imei/meid", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMEI);
61 put(
"model", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MODEL);
62 put(
"wifi address", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MAC_ADDRESS);
63 put(
"subscriber id (imsi)", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_IMSI);
67 put(
"device clock", null);
68 put(
"pc clock", null);
71 put(
"device family", null);
72 put(
"advertising id", null);
73 put(
"device status", null);
74 put(
"baseband version", null);
75 put(
"sim status", null);
76 put(
"manufacturer", null);
77 put(
"revision", null);
83 boolean canProcess(XRYKeyValuePair pair) {
84 String key = pair.getKey().trim().toLowerCase();
85 return key.equals(DATA_KEY) || key.equals(ATTRIBUTE_KEY);
89 boolean isNamespace(String nameSpace) {
95 void makeArtifact(List<XRYKeyValuePair> keyValuePairs, Content parent, SleuthkitCase currentCase)
throws TskCoreException, Blackboard.BlackboardException {
96 List<BlackboardAttribute> attributes =
new ArrayList<>();
97 for(
int i = 0; i < keyValuePairs.size(); i+=2) {
98 Optional<BlackboardAttribute> attribute;
99 if(i + 1 == keyValuePairs.size()) {
100 attribute = getBlackboardAttribute(keyValuePairs.get(i));
102 attribute = getBlackboardAttribute(keyValuePairs.get(i), keyValuePairs.get(i+1));
104 if(attribute.isPresent()) {
105 attributes.add(attribute.get());
108 if(!attributes.isEmpty()) {
109 parent.newDataArtifact(BlackboardArtifact.Type.TSK_DEVICE_INFO, attributes);
118 private Optional<BlackboardAttribute> getBlackboardAttribute(XRYKeyValuePair pair) {
119 if (pair.hasKey(DATA_KEY)) {
120 return Optional.of(
new BlackboardAttribute(
121 BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH,
122 PARSER_NAME, pair.getValue()));
125 logger.log(Level.WARNING,
"Expected a 'Data' key value pair, but [ %s ] "
126 +
"was found.", pair);
128 return Optional.empty();
137 private Optional<BlackboardAttribute> getBlackboardAttribute(XRYKeyValuePair firstPair, XRYKeyValuePair secondPair) {
138 String attributeValue;
140 if (firstPair.hasKey(DATA_KEY) && secondPair.hasKey(ATTRIBUTE_KEY)) {
141 dataValue = firstPair.getValue();
142 attributeValue = secondPair.getValue();
143 }
else if (firstPair.hasKey(ATTRIBUTE_KEY) && secondPair.hasKey(DATA_KEY)) {
144 dataValue = secondPair.getValue();
145 attributeValue = firstPair.getValue();
147 logger.log(Level.WARNING, String.format(
"[XRY DSP] Expected these key value"
148 +
" pairs (in brackets) [ %s ], [ %s ] to be an 'Attribute' and 'Data' "
149 +
"pair.", firstPair, secondPair));
150 return Optional.empty();
153 String normalizedAttributeValue = attributeValue.toLowerCase();
154 if (!XRY_ATTRIBUTE_VALUES.containsKey(normalizedAttributeValue)) {
155 logger.log(Level.WARNING, String.format(
"[XRY DSP] Key value pair "
156 +
"(in brackets) [ %s : %s ] was not recognized. Discarding... ",
157 attributeValue, dataValue));
158 return Optional.empty();
161 BlackboardAttribute.ATTRIBUTE_TYPE attrType = XRY_ATTRIBUTE_VALUES.get(normalizedAttributeValue);
162 if (attrType == null) {
163 logger.log(Level.WARNING, String.format(
"[XRY DSP] Key value pair "
164 +
"(in brackets) [ %s : %s ] was recognized but we need "
165 +
"more data or time to finish implementation. Discarding... ",
166 attributeValue, dataValue));
167 return Optional.empty();
170 return Optional.of(
new BlackboardAttribute(attrType, PARSER_NAME, dataValue));