CommunicationArtifactsHelper.java

Go to the documentation of this file.

/*
 * Sleuth Kit Data Model
 *
 * Copyright 2019-2021 Basis Technology Corp.
 * Contact: carrier <at> sleuthkit <dot> org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.sleuthkit.datamodel.blackboardutils;
 
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.logging.Level;
import java.util.logging.Logger;
import org.apache.commons.lang3.StringUtils;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
import org.sleuthkit.datamodel.Account;
import org.sleuthkit.datamodel.AccountFileInstance;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.DataArtifact;
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.InvalidAccountIDException;
import org.sleuthkit.datamodel.Relationship;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskDataException;
import org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments;
import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.FileAttachment;

public final class CommunicationArtifactsHelper extends ArtifactHelperBase {
 
        private static final Logger LOGGER = Logger.getLogger(CommunicationArtifactsHelper.class.getName());
 
        private static final BlackboardArtifact.Type CONTACT_TYPE = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_CONTACT);
        private static final BlackboardArtifact.Type MESSAGE_TYPE = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_MESSAGE);
        private static final BlackboardArtifact.Type CALLOG_TYPE = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_CALLLOG);
        private static final BlackboardArtifact.Type ASSOCIATED_OBJ_TYPE = new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT);

        public enum MessageReadStatus {
 
                UNKNOWN("Unknown"), 
                UNREAD("Unread"), 
                READ("Read");     
 
                private final String msgReadStr;
 
                MessageReadStatus(String readStatus) {
                        this.msgReadStr = readStatus;
                }
 
                public String getDisplayName() {
                        return msgReadStr;
                }
        }

        public enum CommunicationDirection {
                UNKNOWN("Unknown"),
                INCOMING("Incoming"),
                OUTGOING("Outgoing");
 
                private final String dirStr;
 
                CommunicationDirection(String dir) {
                        this.dirStr = dir;
                }
 
                public String getDisplayName() {
                        return dirStr;
                }
        }

        public enum CallMediaType {
                UNKNOWN("Unknown"),
                AUDIO("Audio"), // Audio only call
                VIDEO("Video"); // Video/multimedia call
 
                private final String typeStr;
 
                CallMediaType(String type) {
                        this.typeStr = type;
                }
 
                public String getDisplayName() {
                        return typeStr;
                }
        }
 
        private static final BlackboardAttribute.Type ATTACHMENTS_ATTR_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ATTACHMENTS);
 
        // 'self' account for the application being processed by the module. 
        private final Account.Type selfAccountType;
        private final String selfAccountId;
 
        private AccountFileInstance selfAccountInstance = null;
 
        // Type of accounts to be created for the module using this helper.
        private final Account.Type moduleAccountsType;

        public CommunicationArtifactsHelper(SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Long ingestJobId) throws TskCoreException {
                super(caseDb, moduleName, srcContent, ingestJobId);
                this.moduleAccountsType = accountsType;
                this.selfAccountType = Account.Type.DEVICE;
                this.selfAccountId = ((DataSource) getContent().getDataSource()).getDeviceId();
        }

        public CommunicationArtifactsHelper(SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Account.Type selfAccountType, String selfAccountId, Long ingestJobId) throws TskCoreException {
                super(caseDb, moduleName, srcContent, ingestJobId);
                this.moduleAccountsType = accountsType;
                this.selfAccountType = selfAccountType;
                this.selfAccountId = selfAccountId;
        }

        @Deprecated
        public CommunicationArtifactsHelper(SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType) throws TskCoreException {
                this(caseDb, moduleName, srcContent, accountsType, null);
        }

        @Deprecated
        public CommunicationArtifactsHelper(SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Account.Type selfAccountType, String selfAccountId) throws TskCoreException {
                this(caseDb, moduleName, srcContent, accountsType, selfAccountType, selfAccountId, null);
        }

        public BlackboardArtifact addContact(String contactName,
                        String phoneNumber, String homePhoneNumber,
                        String mobilePhoneNumber, String emailAddr) throws TskCoreException, BlackboardException {
                return addContact(contactName, phoneNumber,
                                homePhoneNumber, mobilePhoneNumber, emailAddr,
                                Collections.emptyList());
        }

        public BlackboardArtifact addContact(String contactName,
                        String phoneNumber, String homePhoneNumber,
                        String mobilePhoneNumber, String emailAddr,
                        Collection<BlackboardAttribute> additionalAttributes) throws TskCoreException, BlackboardException {
 
                // check if the caller has included any phone/email/id in addtional attributes
                boolean hasAnyIdAttribute = false;
                if (additionalAttributes != null) {
                        for (BlackboardAttribute attr : additionalAttributes) {
                                if ((attr.getAttributeType().getTypeName().startsWith("TSK_PHONE"))
                                                || (attr.getAttributeType().getTypeName().startsWith("TSK_EMAIL"))
                                                || (attr.getAttributeType().getTypeName().startsWith("TSK_ID"))) {
                                        hasAnyIdAttribute = true;
                                        break;
                                }
                        }
                }
 
                // At least one phone number or email address 
                // or an optional attribute with phone/email/id must be provided
                if (StringUtils.isEmpty(phoneNumber) && StringUtils.isEmpty(homePhoneNumber)
                                && StringUtils.isEmpty(mobilePhoneNumber) && StringUtils.isEmpty(emailAddr)
                                && (!hasAnyIdAttribute)) {
                        throw new IllegalArgumentException("At least one phone number or email address or an id must be provided.");
                }
 
                BlackboardArtifact contactArtifact;
                Collection<BlackboardAttribute> attributes = new ArrayList<>();
 
                // create TSK_CONTACT artifact and construct attributes
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_NAME, contactName, attributes);
 
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, phoneNumber, attributes);
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME, homePhoneNumber, attributes);
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE, mobilePhoneNumber, attributes);
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_EMAIL, emailAddr, attributes);
 
                // add attributes
                attributes.addAll(additionalAttributes);
                Content content = getContent();
 
                contactArtifact = content.newDataArtifact(CONTACT_TYPE, attributes);
 
                // create an account for each specified contact method, and a relationship with self account
                createContactMethodAccountAndRelationship(Account.Type.PHONE, phoneNumber, contactArtifact, 0);
                createContactMethodAccountAndRelationship(Account.Type.PHONE, homePhoneNumber, contactArtifact, 0);
                createContactMethodAccountAndRelationship(Account.Type.PHONE, mobilePhoneNumber, contactArtifact, 0);
                createContactMethodAccountAndRelationship(Account.Type.EMAIL, emailAddr, contactArtifact, 0);
 
                // if the additional attribute list has any phone/email/id attributes, create accounts & relationships for those. 
                if ((additionalAttributes != null) && hasAnyIdAttribute) {
                        for (BlackboardAttribute bba : additionalAttributes) {
                                if (bba.getAttributeType().getTypeName().startsWith("TSK_PHONE")) {
                                        createContactMethodAccountAndRelationship(Account.Type.PHONE, bba.getValueString(), contactArtifact, 0);
                                } else if (bba.getAttributeType().getTypeName().startsWith("TSK_EMAIL")) {
                                        createContactMethodAccountAndRelationship(Account.Type.EMAIL, bba.getValueString(), contactArtifact, 0);
                                } else if (bba.getAttributeType().getTypeName().startsWith("TSK_ID")) {
                                        createContactMethodAccountAndRelationship(this.moduleAccountsType, bba.getValueString(), contactArtifact, 0);
                                }
                        }
                }
 
                // post artifact 
                Optional<Long> ingestJobId = getIngestJobId();
                getSleuthkitCase().getBlackboard().postArtifact(contactArtifact, getModuleName(), ingestJobId.orElse(null));
 
                return contactArtifact;
        }

        private void createContactMethodAccountAndRelationship(Account.Type accountType,
                        String accountUniqueID, BlackboardArtifact sourceArtifact,
                        long dateTime) throws TskCoreException {
 
                // Find/Create an account instance for each of the contact method
                // Create a relationship between selfAccount and contactAccount
                if (StringUtils.isNotBlank(accountUniqueID)) {
                        try {
                                AccountFileInstance contactAccountInstance = createAccountInstance(accountType, accountUniqueID);
 
                                // Create a relationship between self account and the contact account
                                try {
                                        getSleuthkitCase().getCommunicationsManager().addRelationships(getSelfAccountInstance(),
                                                        Collections.singletonList(contactAccountInstance), sourceArtifact, Relationship.Type.CONTACT, dateTime);
                                } catch (TskDataException ex) {
                                        throw new TskCoreException(String.format("Failed to create relationship between account = %s and account = %s.",
                                                        getSelfAccountInstance().getAccount(), contactAccountInstance.getAccount()), ex);
                                }
                        } catch (InvalidAccountIDException ex) {
                                LOGGER.log(Level.WARNING, String.format("Failed to create account with id %s", accountUniqueID));
                        }
                }
        }

        private AccountFileInstance createAccountInstance(Account.Type accountType, String accountUniqueID) throws TskCoreException, InvalidAccountIDException {
                Optional<Long> ingestJobId = getIngestJobId();
                return getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(accountType, accountUniqueID, getModuleName(), getContent(), null, ingestJobId.orElse(null));
        }

        public BlackboardArtifact addMessage(
                        String messageType,
                        CommunicationDirection direction,
                        String senderId,
                        String recipientId,
                        long dateTime, MessageReadStatus readStatus,
                        String subject, String messageText, String threadId) throws TskCoreException, BlackboardException {
                return addMessage(messageType, direction,
                                senderId, recipientId, dateTime, readStatus,
                                subject, messageText, threadId,
                                Collections.emptyList());
        }

        public BlackboardArtifact addMessage(String messageType,
                        CommunicationDirection direction,
                        String senderId,
                        String recipientId,
                        long dateTime, MessageReadStatus readStatus, String subject,
                        String messageText, String threadId,
                        Collection<BlackboardAttribute> otherAttributesList) throws TskCoreException, BlackboardException {
 
                return addMessage(messageType, direction,
                                senderId,
                                Arrays.asList(recipientId),
                                dateTime, readStatus,
                                subject, messageText, threadId,
                                otherAttributesList);
        }

        public BlackboardArtifact addMessage(String messageType,
                        CommunicationDirection direction,
                        String senderId,
                        List<String> recipientIdsList,
                        long dateTime, MessageReadStatus readStatus,
                        String subject, String messageText, String threadId) throws TskCoreException, BlackboardException {
                return addMessage(messageType, direction,
                                senderId, recipientIdsList,
                                dateTime, readStatus,
                                subject, messageText, threadId,
                                Collections.emptyList());
        }

        public BlackboardArtifact addMessage(String messageType,
                        CommunicationDirection direction,
                        String senderId,
                        List<String> recipientIdsList,
                        long dateTime, MessageReadStatus readStatus,
                        String subject, String messageText,
                        String threadId,
                        Collection<BlackboardAttribute> otherAttributesList) throws TskCoreException, BlackboardException {
 
                // Created message artifact.  
                Collection<BlackboardAttribute> attributes = new ArrayList<>();
 
                // construct attributes
                attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE, getModuleName(), messageType));
                addAttributeIfNotZero(ATTRIBUTE_TYPE.TSK_DATETIME, dateTime, attributes);
 
                addMessageReadStatusIfKnown(readStatus, attributes);
                addCommDirectionIfKnown(direction, attributes);
 
                // Get the self account instance
                AccountFileInstance selfAccountInstanceLocal = null;
                try {
                        selfAccountInstanceLocal = getSelfAccountInstance();
                } catch (InvalidAccountIDException ex) {
                        LOGGER.log(Level.WARNING, String.format("Failed to get/create self account with id %s", selfAccountId), ex);
                }
 
                // set sender attribute and create sender account
                AccountFileInstance senderAccountInstance = null;
                if (StringUtils.isNotBlank(senderId)) {
                        try {
                                senderAccountInstance = createAccountInstance(moduleAccountsType, senderId);
                        } catch (InvalidAccountIDException ex) {
                                LOGGER.log(Level.WARNING, String.format("Invalid account identifier %s", senderId));
                        }
                }
 
                // set recipient attribute and create recipient accounts
                List<AccountFileInstance> recipientAccountsList = new ArrayList<>();
                String recipientsStr = "";
                if (!isEffectivelyEmpty(recipientIdsList)) {
                        for (String recipient : recipientIdsList) {
                                if (StringUtils.isNotBlank(recipient)) {
                                        try {
                                                recipientAccountsList.add(createAccountInstance(moduleAccountsType, recipient));
                                        } catch (InvalidAccountIDException ex) {
                                                LOGGER.log(Level.WARNING, String.format("Invalid account identifier %s", recipient));
                                        }
                                }
                        }
                        // Create a comma separated string of recipients
                        recipientsStr = addressListToString(recipientIdsList);
                }
 
                switch (direction) {
                        case OUTGOING:
                                // if no sender, selfAccount substitutes caller.
                                if (StringUtils.isEmpty(senderId) && selfAccountInstanceLocal != null) {
                                        senderAccountInstance = selfAccountInstanceLocal;
                                }
                                // sender becomes PHONE_FROM
                                if (senderAccountInstance != null) {
                                        addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, senderAccountInstance.getAccount().getTypeSpecificID(), attributes);
                                }
                                // recipient becomes PHONE_TO
                                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, recipientsStr, attributes);
                                break;
 
                        case INCOMING:
                                // if no recipeint specified, selfAccount substitutes recipient
                                if (isEffectivelyEmpty(recipientIdsList) && selfAccountInstanceLocal != null) {
                                        recipientsStr = selfAccountInstanceLocal.getAccount().getTypeSpecificID();
                                        recipientAccountsList.add(selfAccountInstanceLocal);
                                }
                                // caller becomes PHONE_FROM
                                if (senderAccountInstance != null) {
                                        addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, senderAccountInstance.getAccount().getTypeSpecificID(), attributes);
                                }
                                // callee becomes PHONE_TO
                                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, recipientsStr, attributes);
                                break;
                        default:  // direction UNKNOWN
                                if (StringUtils.isEmpty(senderId) && selfAccountInstanceLocal != null) {
                                        // if no sender, selfAccount substitutes caller.
                                        senderAccountInstance = selfAccountInstanceLocal;
                                } else if (isEffectivelyEmpty(recipientIdsList) && selfAccountInstanceLocal != null) {
                                        // else if no recipient specified, selfAccount substitutes recipient
                                        recipientsStr = selfAccountInstanceLocal.getAccount().getTypeSpecificID();
                                        recipientAccountsList.add(selfAccountInstanceLocal);
                                }
 
                                // save phone numbers in direction agnostic attributes
                                if (senderAccountInstance != null) {
                                        addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, senderAccountInstance.getAccount().getTypeSpecificID(), attributes);
                                }       // callee becomes PHONE_TO
                                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, recipientsStr, attributes);
                                break;
                }
 
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_SUBJECT, subject, attributes);
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_TEXT, messageText, attributes);
                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_THREAD_ID, threadId, attributes);
 
                // add attributes to artifact
                attributes.addAll(otherAttributesList);
 
                // create TSK_MESSAGE artifact
                Content content = getContent();
                BlackboardArtifact msgArtifact = content.newDataArtifact(MESSAGE_TYPE, attributes);
 
                // create sender/recipient relationships  
                try {
                        getSleuthkitCase().getCommunicationsManager().addRelationships(senderAccountInstance,
                                        recipientAccountsList, msgArtifact, Relationship.Type.MESSAGE, dateTime);
                } catch (TskDataException ex) {
                        throw new TskCoreException(String.format("Failed to create Message relationships between sender account = %s and recipients = %s.",
                                        (senderAccountInstance != null) ? senderAccountInstance.getAccount().getTypeSpecificID() : "Unknown", recipientsStr), ex);
                }
 
                // post artifact 
                Optional<Long> ingestJobId = getIngestJobId();
                getSleuthkitCase().getBlackboard().postArtifact(msgArtifact, getModuleName(), ingestJobId.orElse(null));
 
                // return the artifact
                return msgArtifact;
        }

        public BlackboardArtifact addCalllog(CommunicationDirection direction,
                        String callerId, String calleeId,
                        long startDateTime, long endDateTime, CallMediaType mediaType) throws TskCoreException, BlackboardException {
                return addCalllog(direction, callerId, calleeId,
                                startDateTime, endDateTime, mediaType,
                                Collections.emptyList());
        }

        public BlackboardArtifact addCalllog(CommunicationDirection direction,
                        String callerId,
                        String calleeId,
                        long startDateTime, long endDateTime,
                        CallMediaType mediaType,
                        Collection<BlackboardAttribute> otherAttributesList) throws TskCoreException, BlackboardException {
                return addCalllog(direction,
                                callerId,
                                Arrays.asList(calleeId),
                                startDateTime, endDateTime,
                                mediaType,
                                otherAttributesList);
        }

        public BlackboardArtifact addCalllog(CommunicationDirection direction,
                        String callerId,
                        Collection<String> calleeIdsList,
                        long startDateTime, long endDateTime,
                        CallMediaType mediaType) throws TskCoreException, BlackboardException {
 
                return addCalllog(direction, callerId, calleeIdsList,
                                startDateTime, endDateTime,
                                mediaType,
                                Collections.emptyList());
        }

        public BlackboardArtifact addCalllog(CommunicationDirection direction,
                        String callerId,
                        Collection<String> calleeIdsList,
                        long startDateTime, long endDateTime,
                        CallMediaType mediaType,
                        Collection<BlackboardAttribute> otherAttributesList) throws TskCoreException, BlackboardException {
 
                // Either caller id or a callee id must be provided.
                if (StringUtils.isEmpty(callerId) && (isEffectivelyEmpty(calleeIdsList))) {
                        throw new IllegalArgumentException("Either a caller id, or at least one callee id must be provided for a call log.");
                }
 
                AccountFileInstance selfAccountInstanceLocal = null;
                try {
                        selfAccountInstanceLocal = getSelfAccountInstance();
                } catch (InvalidAccountIDException ex) {
                        LOGGER.log(Level.WARNING, String.format("Failed to get/create self account with id %s", selfAccountId), ex);
                }
 
                Collection<BlackboardAttribute> attributes = new ArrayList<>();
 
                // Add basic attributes 
                addAttributeIfNotZero(ATTRIBUTE_TYPE.TSK_DATETIME_START, startDateTime, attributes);
                addAttributeIfNotZero(ATTRIBUTE_TYPE.TSK_DATETIME_END, endDateTime, attributes);
                addCommDirectionIfKnown(direction, attributes);
 
                AccountFileInstance callerAccountInstance = null;
                if (StringUtils.isNotBlank(callerId)) {
                        try {
                                callerAccountInstance = createAccountInstance(moduleAccountsType, callerId);
                        } catch (InvalidAccountIDException ex) {
                                LOGGER.log(Level.WARNING, String.format("Failed to create account with id %s", callerId));
                        }
                }
 
                // Create a comma separated string of callee
                List<AccountFileInstance> recipientAccountsList = new ArrayList<>();
                String calleesStr = "";
                if (!isEffectivelyEmpty(calleeIdsList)) {
                        calleesStr = addressListToString(calleeIdsList);
                        for (String callee : calleeIdsList) {
                                if (StringUtils.isNotBlank(callee)) {
                                        try {
                                                recipientAccountsList.add(createAccountInstance(moduleAccountsType, callee));
                                        } catch (InvalidAccountIDException ex) {
                                                LOGGER.log(Level.WARNING, String.format("Failed to create account with id %s", callee));
                                        }
                                }
                        }
                }
 
                switch (direction) {
                        case OUTGOING:
                                // if no callee throw IllegalArg
                                if (isEffectivelyEmpty(calleeIdsList)) {
                                        throw new IllegalArgumentException("Callee not provided for an outgoing call.");
                                }
                                // if no caller, selfAccount substitutes caller.
                                if (StringUtils.isEmpty(callerId) && selfAccountInstanceLocal != null) {
                                        callerAccountInstance = selfAccountInstanceLocal;
                                }
                                // caller becomes PHONE_FROM
                                if (callerAccountInstance != null) {
                                        addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, callerAccountInstance.getAccount().getTypeSpecificID(), attributes);
                                }
                                // callee becomes PHONE_TO
                                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, calleesStr, attributes);
                                break;
 
                        case INCOMING:
                                // if no caller throw IllegalArg
                                if (StringUtils.isEmpty(callerId)) {
                                        throw new IllegalArgumentException("Caller Id not provided for incoming call.");
                                }
                                // if no callee specified, selfAccount substitutes callee
                                if (isEffectivelyEmpty(calleeIdsList) && selfAccountInstanceLocal != null) {
                                        calleesStr = selfAccountInstanceLocal.getAccount().getTypeSpecificID();
                                        recipientAccountsList.add(selfAccountInstanceLocal);
                                }
                                // caller becomes PHONE_FROM
                                if (callerAccountInstance != null) {
                                        addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, callerAccountInstance.getAccount().getTypeSpecificID(), attributes);
                                }
                                // callee becomes PHONE_TO
                                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, calleesStr, attributes);
                                break;
                        default:  // direction UNKNOWN
 
                                // save phone numbers in direction agnostic attributes
                                if (callerAccountInstance != null) {
                                        addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, callerAccountInstance.getAccount().getTypeSpecificID(), attributes);
                                }       // callee becomes PHONE_TO
                                addAttributeIfNotNull(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, calleesStr, attributes);
                                break;
                }
 
                // add attributes to artifact
                attributes.addAll(otherAttributesList);
                // Create TSK_CALLLOG artifact
                Content content = getContent();
                BlackboardArtifact callLogArtifact = content.newDataArtifact(CALLOG_TYPE, attributes);
 
                callLogArtifact.addAttributes(attributes);
 
                // create relationships between caller/callees
                try {
                        getSleuthkitCase().getCommunicationsManager().addRelationships(callerAccountInstance,
                                        recipientAccountsList, callLogArtifact, Relationship.Type.CALL_LOG, startDateTime);
                } catch (TskDataException ex) {
                        throw new TskCoreException(String.format("Failed to create Call log relationships between caller account = %s and callees = %s.",
                                        (callerAccountInstance != null) ? callerAccountInstance.getAccount() : "", calleesStr), ex);
                }
 
                // post artifact 
                Optional<Long> ingestJobId = getIngestJobId();
                getSleuthkitCase().getBlackboard().postArtifact(callLogArtifact, getModuleName(), ingestJobId.orElse(null));
 
                // return the artifact
                return callLogArtifact;
        }

        public void addAttachments(BlackboardArtifact message, MessageAttachments attachments) throws TskCoreException {
                // Create attribute 
                BlackboardAttribute blackboardAttribute = BlackboardJsonAttrUtil.toAttribute(ATTACHMENTS_ATTR_TYPE, getModuleName(), attachments);
                message.addAttribute(blackboardAttribute);
 
                // Associate each attachment file with the message.
                List<BlackboardArtifact> assocObjectArtifacts = new ArrayList<>();
                Collection<FileAttachment> fileAttachments = attachments.getFileAttachments();
                for (FileAttachment fileAttachment : fileAttachments) {
                        long attachedFileObjId = fileAttachment.getObjectId();
                        if (attachedFileObjId >= 0) {
                                AbstractFile attachedFile = message.getSleuthkitCase().getAbstractFileById(attachedFileObjId);
                                DataArtifact artifact = associateAttachmentWithMessage(message, attachedFile);
                                assocObjectArtifacts.add(artifact);
                        }
                }
 
                try {
                        Optional<Long> ingestJobId = getIngestJobId();
                        getSleuthkitCase().getBlackboard().postArtifacts(assocObjectArtifacts, getModuleName(), ingestJobId.orElse(null));
                } catch (BlackboardException ex) {
                        throw new TskCoreException("Error posting TSK_ASSOCIATED_ARTIFACT artifacts for attachments", ex);
                }
        }

        private DataArtifact associateAttachmentWithMessage(BlackboardArtifact message, AbstractFile attachedFile) throws TskCoreException {
                Collection<BlackboardAttribute> attributes = new ArrayList<>();
                attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, this.getModuleName(), message.getArtifactID()));
                return attachedFile.newDataArtifact(ASSOCIATED_OBJ_TYPE, attributes);
        }

        private String addressListToString(Collection<String> addressList) {
 
                String toAddresses = "";
                if (addressList != null && (!addressList.isEmpty())) {
                        StringBuilder toAddressesSb = new StringBuilder();
                        for (String address : addressList) {
                                if (!StringUtils.isEmpty(address)) {
                                        toAddressesSb = toAddressesSb.length() > 0 ? toAddressesSb.append(", ").append(address) : toAddressesSb.append(address);
                                }
                        }
                        toAddresses = toAddressesSb.toString();
                }
 
                return toAddresses;
        }

        private boolean isEffectivelyEmpty(Collection<String> idList) {
 
                if (idList == null || idList.isEmpty()) {
                        return true;
                }
 
                for (String id : idList) {
                        if (!StringUtils.isEmpty(id)) {
                                return false;
                        }
                }
 
                return true;
 
        }

        private void addCommDirectionIfKnown(CommunicationDirection direction, Collection<BlackboardAttribute> attributes) {
                if (direction != CommunicationDirection.UNKNOWN) {
                        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION, getModuleName(), direction.getDisplayName()));
                }
        }

        private void addMessageReadStatusIfKnown(MessageReadStatus readStatus, Collection<BlackboardAttribute> attributes) {
                if (readStatus != MessageReadStatus.UNKNOWN) {
                        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_READ_STATUS, getModuleName(), (readStatus == MessageReadStatus.READ) ? 1 : 0));
                }
        }

        private synchronized AccountFileInstance getSelfAccountInstance() throws TskCoreException, InvalidAccountIDException {
                if (selfAccountInstance == null) {
                        Optional<Long> ingestJobId = getIngestJobId();
                        selfAccountInstance = getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(selfAccountType, selfAccountId, this.getModuleName(), getContent(), null, ingestJobId.orElse(null));
                }
                return selfAccountInstance;
        }
}