Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
WWFMessageAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.android;
20 
21 import java.io.File;
22 import java.sql.Connection;
23 import java.sql.DriverManager;
24 import java.sql.ResultSet;
25 import java.sql.SQLException;
26 import java.sql.Statement;
27 import java.util.List;
28 import java.util.logging.Level;
29 
30 import org.openide.util.NbBundle;
31 import org.sleuthkit.autopsy.casemodule.Case;
32 import org.sleuthkit.autopsy.casemodule.services.Blackboard;
33 import org.sleuthkit.autopsy.casemodule.services.FileManager;
34 import org.sleuthkit.autopsy.coreutils.Logger;
35 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
36 import org.sleuthkit.autopsy.datamodel.ContentUtils;
37 import org.sleuthkit.datamodel.AbstractFile;
38 import org.sleuthkit.datamodel.BlackboardArtifact;
39 import org.sleuthkit.datamodel.BlackboardAttribute;
40 import org.sleuthkit.datamodel.Content;
41 import org.sleuthkit.datamodel.TskCoreException;
42 
47 class WWFMessageAnalyzer {
48 
49  private static final String moduleName = AndroidModuleFactory.getModuleName();
50  private static final Logger logger = Logger.getLogger(WWFMessageAnalyzer.class.getName());
51  private static Blackboard blackboard;
52 
53  public static void findWWFMessages(Content dataSource, FileManager fileManager) {
54  List<AbstractFile> absFiles;
55  blackboard = Case.getCurrentCase().getServices().getBlackboard();
56  try {
57  absFiles = fileManager.findFiles(dataSource, "WordsFramework"); //NON-NLS
58 
59  for (AbstractFile abstractFile : absFiles) {
60  try {
61  File jFile = new File(Case.getCurrentCase().getTempDirectory(), abstractFile.getName());
62  ContentUtils.writeToFile(abstractFile, jFile);
63 
64  findWWFMessagesInDB(jFile.toString(), abstractFile);
65  } catch (Exception e) {
66  logger.log(Level.SEVERE, "Error parsing WWF messages", e); //NON-NLS
67  }
68  }
69  } catch (TskCoreException e) {
70  logger.log(Level.SEVERE, "Error finding WWF messages", e); //NON-NLS
71  }
72  }
73 
74  private static void findWWFMessagesInDB(String DatabasePath, AbstractFile f) {
75  Connection connection = null;
76  ResultSet resultSet = null;
77  Statement statement = null;
78 
79  if (DatabasePath == null || DatabasePath.isEmpty()) {
80  return;
81  }
82  try {
83  Class.forName("org.sqlite.JDBC"); //load JDBC driver
84  connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
85  statement = connection.createStatement();
86  } catch (ClassNotFoundException | SQLException e) {
87  logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
88  return;
89  }
90 
91  try {
92  resultSet = statement.executeQuery(
93  "SELECT message,strftime('%s' ,created_at) as datetime,user_id,game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;"); //NON-NLS
94 
95  String message; // WWF Message
96  String user_id; // the ID of the user who sent the message.
97  String game_id; // ID of the game which the the message was sent.
98 
99  while (resultSet.next()) {
100  message = resultSet.getString("message"); //NON-NLS
101  Long created_at = resultSet.getLong("datetime"); //NON-NLS
102  user_id = resultSet.getString("user_id"); //NON-NLS
103  game_id = resultSet.getString("game_id"); //NON-NLS
104 
105  BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
106  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, moduleName, created_at));
107  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, user_id));
108  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MSG_ID, moduleName, game_id));
109  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT, moduleName, message));
110  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, moduleName,
111  NbBundle.getMessage(WWFMessageAnalyzer.class,
112  "WWFMessageAnalyzer.bbAttribute.wordsWithFriendsMsg")));
113 
114  try {
115  // index the artifact for keyword search
116  blackboard.indexArtifact(bba);
117  } catch (Blackboard.BlackboardException ex) {
118  logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", bba.getDisplayName()), ex); //NON-NLS
119  MessageNotifyUtil.Notify.error(
120  NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), bba.getDisplayName());
121  }
122  }
123  } catch (Exception e) {
124  logger.log(Level.SEVERE, "Error parsing WWF messages to the Blackboard", e); //NON-NLS
125  } finally {
126  try {
127  if (resultSet != null) {
128  resultSet.close();
129  }
130  statement.close();
131  connection.close();
132  } catch (Exception e) {
133  logger.log(Level.SEVERE, "Error closing database", e); //NON-NLS
134  }
135  }
136  }
137 }
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:51

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.