Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
CallLogAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.android;
20 
21 import java.io.File;
22 import java.io.IOException;
23 import java.sql.Connection;
24 import java.sql.DriverManager;
25 import java.sql.ResultSet;
26 import java.sql.SQLException;
27 import java.sql.Statement;
28 import java.util.Arrays;
29 import java.util.List;
30 import java.util.logging.Level;
31 import java.util.stream.Collectors;
32 import java.util.stream.Stream;
44 
48 class CallLogAnalyzer {
49 
50  private static final String moduleName = AndroidModuleFactory.getModuleName();
51  private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName());
52 
53 
55  private static final Iterable<String> tableNames = Arrays.asList("calls", "logs"); //NON-NLS
56 
57  public static void findCallLogs(Content dataSource, FileManager fileManager) {
58  try {
59  List<AbstractFile> absFiles = fileManager.findFiles(dataSource, "logs.db"); //NON-NLS
60  absFiles.addAll(fileManager.findFiles(dataSource, "contacts.db")); //NON-NLS
61  absFiles.addAll(fileManager.findFiles(dataSource, "contacts2.db")); //NON-NLS
62  for (AbstractFile abstractFile : absFiles) {
63  try {
64  File file = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
65  ContentUtils.writeToFile(abstractFile, file);
66  findCallLogsInDB(file.toString(), abstractFile);
67  } catch (IOException e) {
68  logger.log(Level.SEVERE, "Error writing temporary call log db to disk", e); //NON-NLS
69  }
70  }
71  } catch (TskCoreException e) {
72  logger.log(Level.SEVERE, "Error finding call logs", e); //NON-NLS
73  }
74  }
75 
76  private static void findCallLogsInDB(String DatabasePath, AbstractFile f) {
77 
78  if (DatabasePath == null || DatabasePath.isEmpty()) {
79  return;
80  }
81  try (Connection connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
82  Statement statement = connection.createStatement();) {
83 
84  for (String tableName : tableNames) {
85  try (ResultSet resultSet = statement.executeQuery(
86  "SELECT number,date,duration,type, name FROM " + tableName + " ORDER BY date DESC;");) { //NON-NLS
87  logger.log(Level.INFO, "Reading call log from table {0} in db {1}", new Object[]{tableName, DatabasePath}); //NON-NLS
88  while (resultSet.next()) {
89  Long date = resultSet.getLong("date") / 1000;
90  final CallDirection direction = CallDirection.fromType(resultSet.getInt("type")); //NON-NLS
91  String directionString = direction != null ? direction.getDisplayName() : "";
92  final String number = resultSet.getString("number"); //NON-NLS
93  final long duration = resultSet.getLong("duration"); //NON-NLS //duration of call is in seconds
94  final String name = resultSet.getString("name"); //NON-NLS // name of person dialed or called. null if unregistered
95 
96  try {
97  BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
98  if(direction == CallDirection.OUTGOING) {
99  bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO.getTypeID(), moduleName, number));
100  }
101  else {
102  bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM.getTypeID(), moduleName, number));
103  }
104  bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
105  bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
106  bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, directionString));
107  bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
108  } catch (TskCoreException ex) {
109  logger.log(Level.SEVERE, "Error posting call log record to the Blackboard", ex); //NON-NLS
110  }
111  }
112  } catch (SQLException e) {
113  logger.log(Level.WARNING, "Could not read table {0} in db {1}", new Object[]{tableName, DatabasePath}); //NON-NLS
114  }
115  }
116  } catch (SQLException e) {
117  logger.log(Level.SEVERE, "Could not parse call log; error connecting to db " + DatabasePath, e); //NON-NLS
118  }
119  }
120 
121  private static enum CallDirection {
122 
123  INCOMING(1, "Incoming"), OUTGOING(2, "Outgoing"), MISSED(3, "Missed"); //NON-NLS
124 
125  private final int type;
126 
127  private final String displayName;
128 
129  public String getDisplayName() {
130  return displayName;
131  }
132 
133  private CallDirection(int type, String displayName) {
134  this.type = type;
135  this.displayName = displayName;
136  }
137 
138  static CallDirection fromType(int t) {
139  switch (t) {
140  case 1:
141  return INCOMING;
142  case 2:
143  return OUTGOING;
144  case 3:
145  return MISSED;
146  default:
147  return null;
148  }
149  }
150  }
151 }

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.