Autopsy  4.0
Graphical digital forensics platform for The Sleuth Kit and other tools.
CallLogAnalyzer.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2014 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.modules.iOS;
20 
21 import java.sql.Connection;
22 import java.sql.DriverManager;
23 import java.sql.ResultSet;
24 import java.sql.SQLException;
25 import java.sql.Statement;
26 import java.util.List;
27 import java.util.logging.Level;
28 import org.openide.util.NbBundle;
29 import org.sleuthkit.autopsy.casemodule.Case;
30 import org.sleuthkit.autopsy.casemodule.services.Blackboard;
31 import org.sleuthkit.autopsy.coreutils.Logger;
32 import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
33 import org.sleuthkit.autopsy.datamodel.ContentUtils;
34 import org.sleuthkit.datamodel.AbstractFile;
35 import org.sleuthkit.datamodel.BlackboardArtifact;
36 import org.sleuthkit.datamodel.BlackboardAttribute;
37 import org.sleuthkit.datamodel.SleuthkitCase;
38 import org.sleuthkit.datamodel.TskCoreException;
39 
40 class CallLogAnalyzer {
41 
42  private Connection connection = null;
43  private ResultSet resultSet = null;
44  private Statement statement = null;
45  private String dbPath = "";
46  private long fileId = 0;
47  private java.io.File jFile = null;
48  private String moduleName = iOSModuleFactory.getModuleName();
49  private static final Logger logger = Logger.getLogger(CallLogAnalyzer.class.getName());
50  private Blackboard blackboard;
51 
52  public void findCallLogs() {
53  blackboard = Case.getCurrentCase().getServices().getBlackboard();
54  List<AbstractFile> absFiles;
55  try {
56  SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
57  absFiles = skCase.findAllFilesWhere("name ='contacts2.db' OR name ='contacts.db'"); //NON-NLS //get exact file names
58  if (absFiles.isEmpty()) {
59  return;
60  }
61  for (AbstractFile AF : absFiles) {
62  try {
63  jFile = new java.io.File(Case.getCurrentCase().getTempDirectory(), AF.getName().replaceAll("[<>%|\"/:*\\\\]", ""));
64  ContentUtils.writeToFile(AF, jFile);
65  dbPath = jFile.toString(); //path of file as string
66  fileId = AF.getId();
67  findCallLogsInDB(dbPath, fileId);
68  } catch (Exception e) {
69  logger.log(Level.SEVERE, "Error parsing Call logs", e); //NON-NLS
70  }
71  }
72  } catch (TskCoreException e) {
73  logger.log(Level.SEVERE, "Error finding Call logs", e); //NON-NLS
74  }
75  }
76 
77  private void findCallLogsInDB(String DatabasePath, long fId) {
78  if (DatabasePath == null || DatabasePath.isEmpty()) {
79  return;
80  }
81  try {
82  Class.forName("org.sqlite.JDBC"); //NON-NLS //load JDBC driver
83  connection = DriverManager.getConnection("jdbc:sqlite:" + DatabasePath); //NON-NLS
84  statement = connection.createStatement();
85  } catch (ClassNotFoundException | SQLException e) {
86  logger.log(Level.SEVERE, "Error opening database", e); //NON-NLS
87  }
88 
89  Case currentCase = Case.getCurrentCase();
90  SleuthkitCase skCase = currentCase.getSleuthkitCase();
91  try {
92  AbstractFile f = skCase.getAbstractFileById(fId);
93  if (f == null) {
94  logger.log(Level.SEVERE, "Error getting abstract file " + fId); //NON-NLS
95  return;
96  }
97 
98  try {
99  resultSet = statement.executeQuery(
100  "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;"); //NON-NLS
101 
102  BlackboardArtifact bba;
103  String name; // name of person dialed or called. null if unregistered
104  String number; //string phone number
105  String duration; //duration of call in seconds
106  String date; // Unix time
107  String type; // 1 incoming, 2 outgoing, 3 missed
108 
109  while (resultSet.next()) {
110  name = resultSet.getString("name"); //NON-NLS
111  number = resultSet.getString("number"); //NON-NLS
112  duration = resultSet.getString("duration"); //NON-NLS
113  date = resultSet.getString("date"); //NON-NLS
114  type = resultSet.getString("type"); //NON-NLS
115 
116  bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
117  if (type.equalsIgnoreCase("outgoing")) { //NON-NLS
118  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, number));
119  } else {
120  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, number));
121  }
122  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, moduleName, date)); // RC: Should be long!
123  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, moduleName, duration + date)); // RC: Should be long!
124  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
125  bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
126 
127  try {
128  // index the artifact for keyword search
129  blackboard.indexArtifact(bba);
130  } catch (Blackboard.BlackboardException ex) {
131  logger.log(Level.SEVERE, NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.error.msg", bba.getDisplayName()), ex); //NON-NLS
132  MessageNotifyUtil.Notify.error(
133  NbBundle.getMessage(Blackboard.class, "Blackboard.unableToIndexArtifact.exception.msg"), bba.getDisplayName());
134  }
135  }
136  } catch (Exception e) {
137  logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS
138  } finally {
139  try {
140  resultSet.close();
141  statement.close();
142  connection.close();
143  } catch (Exception e) {
144  logger.log(Level.SEVERE, "Error closing the database", e); //NON-NLS
145  }
146  }
147  } catch (Exception e) {
148  logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e); //NON-NLS
149  }
150 
151  }
152 
153 }
org.sleuthkit.autopsy.casemodule.services.Blackboard.indexArtifact
void indexArtifact(BlackboardArtifact artifact)
Definition: Blackboard.java:45
org.sleuthkit.autopsy.datamodel.ContentUtils
Definition: ContentUtils.java:51
org.sleuthkit.autopsy.datamodel.ContentUtils.writeToFile
static< T > long writeToFile(Content content, java.io.File outputFile, ProgressHandle progress, Future< T > worker, boolean source)
Definition: ContentUtils.java:185
org.sleuthkit.autopsy.coreutils.MessageNotifyUtil.Notify.error
static void error(String title, String message)
Definition: MessageNotifyUtil.java:227
org.sleuthkit.autopsy.coreutils.Logger.getLogger
synchronized static Logger getLogger(String name)
Definition: Logger.java:166

Copyright © 2012-2015 Basis Technology. Generated on: Wed Apr 6 2016
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.