Autopsy  4.19.1
Graphical digital forensics platform for The Sleuth Kit and other tools.
XRYContactsFileParser.java
Go to the documentation of this file.
1 /*
2  * Autopsy Forensic Browser
3  *
4  * Copyright 2019-2020 Basis Technology Corp.
5  * Contact: carrier <at> sleuthkit <dot> org
6  *
7  * Licensed under the Apache License, Version 2.0 (the "License");
8  * you may not use this file except in compliance with the License.
9  * You may obtain a copy of the License at
10  *
11  * http://www.apache.org/licenses/LICENSE-2.0
12  *
13  * Unless required by applicable law or agreed to in writing, software
14  * distributed under the License is distributed on an "AS IS" BASIS,
15  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
16  * See the License for the specific language governing permissions and
17  * limitations under the License.
18  */
19 package org.sleuthkit.autopsy.datasourceprocessors.xry;
20 
21 import java.util.ArrayList;
22 import java.util.Collection;
23 import java.util.List;
24 import java.util.logging.Level;
25 import org.sleuthkit.autopsy.coreutils.Logger;
26 import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
27 import org.sleuthkit.datamodel.AbstractFile;
28 import org.sleuthkit.datamodel.Account;
29 import org.sleuthkit.datamodel.Blackboard;
30 import org.sleuthkit.datamodel.BlackboardArtifact;
31 import org.sleuthkit.datamodel.BlackboardAttribute;
32 import org.sleuthkit.datamodel.Content;
33 import org.sleuthkit.datamodel.SleuthkitCase;
34 import org.sleuthkit.datamodel.TskCoreException;
35 import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper;
36 
40 final class XRYContactsFileParser extends AbstractSingleEntityParser {
41 
42  private static final Logger logger = Logger.getLogger(XRYContactsFileParser.class.getName());
43 
44  @Override
45  boolean canProcess(XRYKeyValuePair pair) {
46  return XryKey.contains(pair.getKey());
47  }
48 
49  @Override
50  boolean isNamespace(String nameSpace) {
51  //No namespaces are currently known for this report type.
52  return false;
53  }
54 
55  @Override
56  void makeArtifact(List<XRYKeyValuePair> keyValuePairs, Content parent, SleuthkitCase currentCase) throws TskCoreException, Blackboard.BlackboardException {
57  // Transform all the data from XRY land into the appropriate CommHelper
58  // data types.
59  String contactName = null;
60  String phoneNumber = null;
61  String homePhoneNumber = null;
62  String mobilePhoneNumber = null;
63  String emailAddr = null;
64  boolean hasAnEmail = false;
65  final Collection<BlackboardAttribute> additionalAttributes = new ArrayList<>();
66 
67  for (XRYKeyValuePair pair : keyValuePairs) {
68  XryKey xryKey = XryKey.fromDisplayName(pair.getKey());
69  switch (xryKey) {
70  case NAME:
71  if (contactName != null) {
72  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, PARSER_NAME, pair.getValue()));
73  } else {
74  contactName = pair.getValue();
75  }
76  break;
77  case TEL:
78  if (!XRYUtils.isPhoneValid(pair.getValue())) {
79  continue;
80  }
81 
82  if (phoneNumber != null) {
83  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER, PARSER_NAME, pair.getValue()));
84  } else {
85  phoneNumber = pair.getValue();
86  }
87  break;
88  case MOBILE:
89  if (!XRYUtils.isPhoneValid(pair.getValue())) {
90  continue;
91  }
92 
93  if (mobilePhoneNumber != null) {
94  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_MOBILE, PARSER_NAME, pair.getValue()));
95  } else {
96  mobilePhoneNumber = pair.getValue();
97  }
98  break;
99  case HOME:
100  if (!XRYUtils.isPhoneValid(pair.getValue())) {
101  continue;
102  }
103 
104  if (homePhoneNumber != null) {
105  additionalAttributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_HOME, PARSER_NAME, pair.getValue()));
106  } else {
107  homePhoneNumber = pair.getValue();
108  }
109  break;
110  case EMAIL_HOME:
111  if (!XRYUtils.isEmailValid(pair.getValue())) {
112  continue;
113  }
114 
115  hasAnEmail = true;
116  additionalAttributes.add(new BlackboardAttribute(
117  BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL_HOME,
118  PARSER_NAME, pair.getValue()));
119  break;
120  default:
121  //Otherwise, the XryKey enum contains the correct BlackboardAttribute
122  //type.
123  if (xryKey.getType() != null) {
124  additionalAttributes.add(new BlackboardAttribute(xryKey.getType(),
125  PARSER_NAME, pair.getValue()));
126  }
127 
128  logger.log(Level.INFO, String.format("[XRY DSP] Key value pair "
129  + "(in brackets) [ %s ] was recognized but "
130  + "more data or time is needed to finish implementation. Discarding... ",
131  pair));
132  }
133  }
134 
135  // Make sure we have the required fields, otherwise the CommHelper will
136  // complain about illegal arguments.
137  if (phoneNumber != null || homePhoneNumber != null || mobilePhoneNumber != null || hasAnEmail) {
138  CommunicationArtifactsHelper helper = new CommunicationArtifactsHelper(
139  currentCase, PARSER_NAME, parent, Account.Type.DEVICE);
140 
141  helper.addContact(contactName, phoneNumber, homePhoneNumber,
142  mobilePhoneNumber, emailAddr, additionalAttributes);
143  } else {
144  // Just create an artifact with the attributes that we do have.
145  if (!additionalAttributes.isEmpty()) {
146  BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes);
147 
148  currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
149  }
150  }
151  }
152 
159  private enum XryKey {
160  NAME("name", null),
161  TEL("tel", null),
162  MOBILE("mobile", null),
163  HOME("home", null),
164  RELATED_APPLICATION("related application", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME),
165  ADDRESS_HOME("address home", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_LOCATION),
166  EMAIL_HOME("email home", null),
167  DELETED("deleted", BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ISDELETED),
168  //Ignoring or need more information to decide.
169  STORAGE("storage", null),
170  OTHER("other", null),
171  PICTURE("picture", null),
172  INDEX("index", null),
173  ACCOUNT_NAME("account name", null);
174 
175  private final String name;
176  private final BlackboardAttribute.ATTRIBUTE_TYPE type;
177 
178  XryKey(String name, BlackboardAttribute.ATTRIBUTE_TYPE type) {
179  this.name = name;
180  this.type = type;
181  }
182 
183  BlackboardAttribute.ATTRIBUTE_TYPE getType() {
184  return type;
185  }
186 
190  static boolean contains(String key) {
191  try {
192  XryKey.fromDisplayName(key);
193  return true;
194  } catch (IllegalArgumentException ex) {
195  return false;
196  }
197  }
198 
206  static XryKey fromDisplayName(String key) {
207  String normalizedKey = key.trim().toLowerCase();
208  for (XryKey keyChoice : XryKey.values()) {
209  if (normalizedKey.equals(keyChoice.name)) {
210  return keyChoice;
211  }
212  }
213 
214  throw new IllegalArgumentException(String.format("Key [%s] was not found."
215  + " All keys should be tested with contains.", key));
216  }
217  }
218 }

Copyright © 2012-2021 Basis Technology. Generated on: Thu Sep 30 2021
This work is licensed under a Creative Commons Attribution-Share Alike 3.0 United States License.