19 package org.sleuthkit.autopsy.modules.iOS;
21 import java.sql.Connection;
22 import java.sql.DriverManager;
23 import java.sql.ResultSet;
24 import java.sql.SQLException;
25 import java.sql.Statement;
26 import java.util.ArrayList;
27 import java.util.Collection;
28 import java.util.List;
29 import java.util.logging.Level;
30 import org.openide.util.NbBundle.Messages;
41 import org.
sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
48 final class CallLogAnalyzer {
50 private Connection connection = null;
51 private ResultSet resultSet = null;
52 private Statement statement = null;
53 private long fileId = 0;
54 private java.io.File jFile = null;
69 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
73 List<AbstractFile> absFiles;
76 absFiles = skCase.findAllFilesWhere(
"name ='contacts2.db' OR name ='contacts.db'");
77 if (absFiles.isEmpty()) {
80 for (AbstractFile file : absFiles) {
84 dbPath = jFile.toString();
85 fileId = file.getId();
87 findCallLogsInDB(dbPath, fileId);
88 }
catch (ReadContentInputStreamException ex) {
89 logger.log(Level.WARNING, String.format(
"Error reading content from file '%s' (id=%d).", file.getName(), fileId), ex);
90 }
catch (Exception ex) {
91 logger.log(Level.SEVERE, String.format(
"Error writing content from file '%s' (id=%d) to '%s'.", file.getName(), fileId, dbPath), ex);
94 }
catch (TskCoreException e) {
95 logger.log(Level.SEVERE,
"Error finding Call logs", e);
105 @Messages({
"CallLogAnalyzer.indexError.message=Failed to index call log artifact for keyword search."})
106 private void findCallLogsInDB(String DatabasePath,
long fileId) {
107 if (DatabasePath == null || DatabasePath.isEmpty()) {
111 Class.forName(
"org.sqlite.JDBC");
112 connection = DriverManager.getConnection(
"jdbc:sqlite:" + DatabasePath);
113 statement = connection.createStatement();
114 }
catch (ClassNotFoundException | SQLException e) {
115 logger.log(Level.SEVERE,
"Error opening database", e);
122 logger.log(Level.SEVERE,
"Exception while getting open case.", ex);
127 AbstractFile file = skCase.getAbstractFileById(fileId);
129 logger.log(Level.SEVERE,
"Error getting abstract file {0}", fileId);
134 resultSet = statement.executeQuery(
135 "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;");
137 BlackboardArtifact bba;
144 while (resultSet.next()) {
145 name = resultSet.getString(
"name");
146 number = resultSet.getString(
"number");
147 duration = resultSet.getString(
"duration");
148 date = resultSet.getString(
"date");
149 type = resultSet.getString(
"type");
151 bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG);
152 Collection<BlackboardAttribute> attributes =
new ArrayList<>();
153 if (type.equalsIgnoreCase(
"outgoing")) {
154 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_TO, moduleName, number));
156 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER_FROM, moduleName, number));
158 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START, moduleName, date));
159 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END, moduleName, duration + date));
160 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION, moduleName, type));
161 attributes.add(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, moduleName, name));
163 bba.addAttributes(attributes);
168 logger.log(Level.SEVERE,
"Unable to index blackboard artifact " + bba.getArtifactID(), ex);
170 Bundle.CallLogAnalyzer_indexError_message(), bba.getDisplayName());
173 }
catch (Exception e) {
174 logger.log(Level.SEVERE,
"Error parsing Call logs to the Blackboard", e);
180 }
catch (Exception e) {
181 logger.log(Level.SEVERE,
"Error closing the database", e);
184 }
catch (Exception e) {
185 logger.log(Level.SEVERE,
"Error parsing Call logs to the Blackboard", e);
String getTempDirectory()
static< T > long writeToFile(Content content, java.io.File outputFile, ProgressHandle progress, Future< T > worker, boolean source)
SleuthkitCase getSleuthkitCase()
Blackboard getBlackboard()
static void error(String title, String message)
synchronized void indexArtifact(BlackboardArtifact artifact)
synchronized static Logger getLogger(String name)
static Case getCurrentCaseThrows()