Autopsy  3.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
ContactAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.iOS;
20 
21 import java.io.File;
22 import java.io.FileOutputStream;
23 import java.io.IOException;
24 import java.io.InputStream;
25 import java.io.OutputStream;
26 import java.sql.Connection;
27 import java.sql.DriverManager;
28 import java.sql.ResultSet;
29 import java.sql.SQLException;
30 import java.sql.Statement;
31 import java.util.List;
32 import java.util.logging.Level;
42 
43 class ContactAnalyzer {
44 
45  private Connection connection = null;
46  private ResultSet resultSet = null;
47  private Statement statement = null;
48  private String dbPath = "";
49  private long fileId = 0;
50  private java.io.File jFile = null;
51  private String moduleName = iOSModuleFactory.getModuleName();
52  private static final Logger logger = Logger.getLogger(ContactAnalyzer.class.getName());
53 
54  public void findContacts() {
55 
56  List<AbstractFile> absFiles;
57  try {
58  SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
59  absFiles = skCase.findAllFilesWhere("name LIKE '%call_history%' "); //NON-NLS //get exact file names
60  if (absFiles.isEmpty()) { //asdfkjasfakljsdfhlaksdjfhasdlkjf
61  return;
62  }
63  for (AbstractFile AF : absFiles) {
64  try {
65  jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", ""));
66  //jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), i+".txt");
67  ContentUtils.writeToFile(AF, jFile);
68  //copyFileUsingStreams(AF,jFile);
69  //copyFileUsingStream(AF,jFile);
70  dbPath = jFile.toString(); //path of file as string
71  fileId = AF.getId();
72  //findContactsInDB(dbPath, fileId);
73  } catch (Exception e) {
74  logger.log(Level.SEVERE, "Error parsing Contacts", e); //NON-NLS
75  }
76  }
77  } catch (TskCoreException e) {
78  logger.log(Level.SEVERE, "Error finding Contacts", e); //NON-NLS
79  }
80  }
81 
88  private void findContactsInDB(String DatabasePath, long fId) {
89  if (DatabasePath == null || DatabasePath.isEmpty()) {
90  return;
91  }
92  try {
93  Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
94  connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
95  statement = connection.createStatement();
96  } catch (ClassNotFoundException | SQLException e) {
97  logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
98  }
99 
100  Case currentCase = Case.getCurrentCase();
101  SleuthkitCase skCase = currentCase.getSleuthkitCase();
102  try {
103  AbstractFile f = skCase.getAbstractFileById(fId);
104  if(f == null){
105  logger.log(Level.SEVERE, "Error getting abstract file " + fId); //NON-NLS
106  return;
107  }
108 
109  try {
110  // get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
111  //sorted by name, so phonenumber/email would be consecutive for a person if they exist.
112  resultSet = statement.executeQuery(
113  "SELECT mimetype,data1, name_raw_contact.display_name AS display_name \n" //NON-NLS
114  + "FROM raw_contacts JOIN contacts ON (raw_contacts.contact_id=contacts._id) \n" //NON-NLS
115  + "JOIN raw_contacts AS name_raw_contact ON(name_raw_contact_id=name_raw_contact._id) " //NON-NLS
116  + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n" //NON-NLS
117  + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n" //NON-NLS
118  + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n" //NON-NLS
119  + "ORDER BY name_raw_contact.display_name ASC;"); //NON-NLS
120 
121  BlackboardArtifact bba;
122  bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
123  String name;
124  String oldName = "";
125  String mimetype; // either phone or email
126  String data1; // the phone number or email
127  while (resultSet.next()) {
128  name = resultSet.getString("display_name"); //NON-NLS
129  data1 = resultSet.getString("data1"); //NON-NLS
130  mimetype = resultSet.getString("mimetype"); //NON-NLS
131 // System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code
132  if (name.equals(oldName) == false) {
133  bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
134  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
135  }
136  if (mimetype.equals("vnd.android.cursor.item/phone_v2")) { //NON-NLS
137  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
138  } else {
139  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1));
140  }
141  oldName = name;
142  }
143 
144  } catch (Exception e) {
145  logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS
146  } finally {
147  try {
148  resultSet.close();
149  statement.close();
150  connection.close();
151  } catch (Exception e) {
152  logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
153  }
154  }
155  } catch (Exception e) {
156  logger.log(Level.SEVERE, "Error parsing Contacts to Blackboard", e); //NON-NLS
157  }
158 
159  }
160 
161  public static void copyFileUsingStream(AbstractFile file, File jFile) throws IOException {
162  InputStream is = new ReadContentInputStream(file);
163  OutputStream os = new FileOutputStream(jFile);
164  byte[] buffer = new byte[8192];
165  int length;
166  try {
167  while ((length = is.read(buffer)) != -1) {
168  os.write(buffer, 0, length);
169  System.out.println(length);
170  os.flush();
171 
172  }
173 
174  } finally {
175  is.close();
176  os.close();
177  }
178  }
179 
180  public static void copyFileUsingStreams(AbstractFile file, File jFile) {
181  InputStream istream;
182  OutputStream ostream = null;
183  int c;
184  final int EOF = -1;
185  istream = new ReadContentInputStream(file);
186  //File outFile = new File("Data.txt");
187  // System.out.println("Type characters to write in File – Press Ctrl+z to end ");
188  try {
189  ostream = new FileOutputStream(jFile);
190  while ((c = istream.read()) != EOF) {
191  ostream.write(c);
192  }
193  } catch (IOException e) {
194  System.out.println("Error: " + e.getMessage()); //NON-NLS
195  } finally {
196  try {
197  istream.close();
198  ostream.close();
199  } catch (IOException e) {
200  System.out.println("File did not close"); //NON-NLS
201  }
202  }
203  }
204 }

Copyright © 2012-2015 Basis Technology. Generated on: Mon Oct 19 2015
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.