Autopsy  4.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
ContactAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.android;
20 
21 import java.io.File;
22 import java.sql.Connection;
23 import java.sql.DatabaseMetaData;
24 import java.sql.DriverManager;
25 import java.sql.ResultSet;
26 import java.sql.SQLException;
27 import java.sql.Statement;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle.Messages;
31 import org.sleuthkit.autopsy.casemodule.Case;
32 import org.sleuthkit.autopsy.casemodule.services.Blackboard;
33 import org.sleuthkit.autopsy.casemodule.services.FileManager;
34 import org.sleuthkit.autopsy.coreutils.Logger;
35 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
36 import org.sleuthkit.autopsy.datamodel.ContentUtils;
37 import org.sleuthkit.autopsy.ingest.IngestJobContext;
38 import org.sleuthkit.datamodel.AbstractFile;
39 import org.sleuthkit.datamodel.BlackboardArtifact;
40 import org.sleuthkit.datamodel.BlackboardAttribute;
41 import org.sleuthkit.datamodel.Content;
42 import org.sleuthkit.datamodel.TskCoreException;
43 
48 class ContactAnalyzer {
49 
50  private static final String moduleName = AndroidModuleFactory.getModuleName();
51  private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName());
52 
53  public static void findContacts(Content dataSource, FileManager fileManager,
54  IngestJobContext context) {
55  List<AbstractFile> absFiles;
56  try {
57  absFiles = fileManager.findFiles(dataSource, "contacts.db"); //NON-NLS
58  absFiles.addAll(fileManager.findFiles(dataSource, "contacts2.db")); //NON-NLS
59  if (absFiles.isEmpty()) {
60  return;
61  }
62  for (AbstractFile AF : absFiles) {
63  try {
64  File jFile = new File(Case.getCurrentCase().getTempDirectory(), AF.getName());
65  ContentUtils.writeToFile(AF, jFile, context::dataSourceIngestIsCancelled);
66  findContactsInDB(jFile.toString(), AF);
67  } catch (Exception e) {
68  logger.log(Level.SEVERE, "Error parsing Contacts", e); //NON-NLS
69  }
70  }
71  } catch (TskCoreException e) {
72  logger.log(Level.SEVERE, "Error finding Contacts", e); //NON-NLS
73  }
74  }
75 
83  @Messages({"ContactAnalyzer.indexError.message=Failed to index contact artifact for keyword search."})
84  private static void findContactsInDB(String databasePath, AbstractFile f) {
85  Connection connection = null;
86  ResultSet resultSet = null;
87  Statement statement = null;
88  Blackboard blackboard = Case.getCurrentCase().getServices().getBlackboard();
89 
90  if (databasePath == null || databasePath.isEmpty()) {
91  return;
92  }
93  try {
94  Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
95  connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath); //NON-NLS
96  statement = connection.createStatement();
97  } catch (ClassNotFoundException | SQLException e) {
98  logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
99  return;
100  }
101 
102  try {
103  // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
104  //sorted by name, so phonenumber/email would be consecutive for a person if they exist.
105  // check if contacts.name_raw_contact_id exists. Modify the query accordingly.
106  Boolean column_found = false;
107  DatabaseMetaData metadata = connection.getMetaData();
108  ResultSet columnListResultSet = metadata.getColumns(null, null, "contacts", null); //NON-NLS
109  while (columnListResultSet.next()) {
110  if (columnListResultSet.getString("COLUMN_NAME").equals("name_raw_contact_id")) { //NON-NLS
111  column_found = true;
112  break;
113  }
114  }
115  if (column_found) {
116  resultSet = statement.executeQuery(
117  "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" //NON-NLS
118  + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" //NON-NLS
119  + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " //NON-NLS
120  + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" //NON-NLS
121  + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" //NON-NLS
122  + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" //NON-NLS
123  + "ORDER BY name_raw_contact.display_name ASC;"); //NON-NLS
124  } else {
125  resultSet = statement.executeQuery(
126  "SELECT mimetype,data1, raw_contacts.display_name AS display_name \n" //NON-NLS
127  + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" //NON-NLS
128  + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" //NON-NLS
129  + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" //NON-NLS
130  + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" //NON-NLS
131  + "ORDER BY raw_contacts.display_name ASC;"); //NON-NLS
132  }
133 
134  BlackboardArtifact bba;
135  bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
136  String name;
137  String oldName = "";
138  String mimetype; // either phone or email
139  String data1; // the phone number or email
140  while (resultSet.next()) {
141  name = resultSet.getString("display_name"); //NON-NLS
142  data1 = resultSet.getString("data1"); //NON-NLS
143  mimetype = resultSet.getString("mimetype"); //NON-NLS
144  if (name.equals(oldName) == false) {
145  bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
146  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
147  }
148  if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS
149  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, moduleName, data1));
150  } else {
151  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL, moduleName, data1));
152  }
153  oldName = name;
154 
155  try {
156  // index the artifact for keyword search
157  blackboard.indexArtifact(bba);
158  } catch (Blackboard.BlackboardException ex) {
159  logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS
160  MessageNotifyUtil.Notify.error(
161  Bundle.ContactAnalyzer_indexError_message(), bba.getDisplayName());
162  }
163  }
164 
165  } catch (SQLException e) {
166  logger.log(Level.WARNING, "Unable to execute contacts SQL query against {0} : {1}", new Object[]{databasePath, e}); //NON-NLS
167  } catch (TskCoreException e) {
168  logger.log(Level.SEVERE, "Error posting to blackboard", e); //NON-NLS
169  } finally {
170  try {
171  if (resultSet != null) {
172  resultSet.close();
173  }
174  statement.close();
175  connection.close();
176  } catch (Exception e) {
177  logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
178  }
179  }
180  }
181 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:53

Copyright © 2012-2016 Basis Technology. Generated on: Mon Jan 2 2017
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.