Inherits org.sleuthkit.datamodel.blackboardutils.ArtifactHelperBase.

Classes
enum	CallMediaType

enum	CommunicationDirection

enum	MessageReadStatus

Public Member Functions
	CommunicationArtifactsHelper (SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType) throws TskCoreException

	CommunicationArtifactsHelper (SleuthkitCase caseDb, String moduleName, Content srcContent, Account.Type accountsType, Account.Type selfAccountType, String selfAccountId) throws TskCoreException

void	addAttachments (BlackboardArtifact message, MessageAttachments attachments) throws TskCoreException

BlackboardArtifact	addCalllog (CommunicationDirection direction, String callerId, String calleeId, long startDateTime, long endDateTime, CallMediaType mediaType) throws TskCoreException, BlackboardException

BlackboardArtifact	addCalllog (CommunicationDirection direction, String callerId, String calleeId, long startDateTime, long endDateTime, CallMediaType mediaType, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException

BlackboardArtifact	addCalllog (CommunicationDirection direction, String callerId, Collection< String > calleeIdsList, long startDateTime, long endDateTime, CallMediaType mediaType) throws TskCoreException, BlackboardException

BlackboardArtifact	addCalllog (CommunicationDirection direction, String callerId, Collection< String > calleeIdsList, long startDateTime, long endDateTime, CallMediaType mediaType, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException

BlackboardArtifact	addContact (String contactName, String phoneNumber, String homePhoneNumber, String mobilePhoneNumber, String emailAddr) throws TskCoreException, BlackboardException

BlackboardArtifact	addContact (String contactName, String phoneNumber, String homePhoneNumber, String mobilePhoneNumber, String emailAddr, Collection< BlackboardAttribute > additionalAttributes) throws TskCoreException, BlackboardException

BlackboardArtifact	addMessage (String messageType, CommunicationDirection direction, String senderId, String recipientId, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId) throws TskCoreException, BlackboardException

BlackboardArtifact	addMessage (String messageType, CommunicationDirection direction, String senderId, String recipientId, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException

BlackboardArtifact	addMessage (String messageType, CommunicationDirection direction, String senderId, List< String > recipientIdsList, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId) throws TskCoreException, BlackboardException

BlackboardArtifact	addMessage (String messageType, CommunicationDirection direction, String senderId, List< String > recipientIdsList, long dateTime, MessageReadStatus readStatus, String subject, String messageText, String threadId, Collection< BlackboardAttribute > otherAttributesList) throws TskCoreException, BlackboardException

Detailed Description

Class to help ingest modules create communication artifacts. Communication artifacts includes contacts, messages, call logs.

It creates a 'self' account Account - an account for the owner/user of the application being processed by the module. As an example, for a module analyzing Facebook application, this would be account associated with the unique Facebook user id of the device owner.

In the absence of a 'self' account, a 'device' account may be used in it's place. A 'device' account is an account meant to represent the owner of the device and uses the unique device id as the unique account identifier.

It also creates accounts for contacts, and sender/receivers of the messages, and calls.

And it also creates relationships between the self account - and the contacts and sender/receiver accounts.

Definition at line 70 of file CommunicationArtifactsHelper.java.

Constructor & Destructor Documentation

org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationArtifactsHelper	(	SleuthkitCase	caseDb,
		String	moduleName,
		Content	srcContent,
		Account.Type	accountsType
	)		throws TskCoreException

Constructs a communications artifacts helper for the given source file.

This is a constructor for modules that do not have a 'self' account, and will use a 'Device' account in lieu.

It creates a DeviceAccount instance to use as a self account.

Parameters

caseDb	Sleuthkit case db.
moduleName	Name of module using the helper.
srcContent	Source content being processed by the module.
accountsType	Account type Account.Type created by this module.

Exceptions

TskCoreException If there is an error creating the device account.

Definition at line 165 of file CommunicationArtifactsHelper.java.

References org.sleuthkit.datamodel.Account.Type.DEVICE.

org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.CommunicationArtifactsHelper	(	SleuthkitCase	caseDb,
		String	moduleName,
		Content	srcContent,
		Account.Type	accountsType,
		Account.Type	selfAccountType,
		String	selfAccountId
	)		throws TskCoreException

Constructs a communications artifacts helper for the given source file.

This constructor is for modules that have the application specific account information for the device owner to create a 'self' account.

It creates an account instance with specified type & id, and uses it as the self account.

Parameters

caseDb	Sleuthkit case db.
moduleName	Name of module using the helper.
srcContent	Source content being processed by the module.
accountsType	Account type Account.Type created by this module.
selfAccountType	Self account type to be created for this module.
selfAccountId	Account unique id for the self account.

Exceptions

TskCoreException If there is an error creating the self account

Definition at line 194 of file CommunicationArtifactsHelper.java.

Member Function Documentation

void org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addAttachments	(	BlackboardArtifact	message,
		MessageAttachments	attachments
	)		throws TskCoreException

Adds attachments to a message.

Parameters

message	Message artifact.
attachments	Attachments to add to the message.

Exceptions

TskCoreException If there is an error in adding attachments

Definition at line 880 of file CommunicationArtifactsHelper.java.

References org.sleuthkit.datamodel.SleuthkitCase.getAbstractFileById(), org.sleuthkit.datamodel.AbstractContent.getSleuthkitCase(), and org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil.toAttribute().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog	(	CommunicationDirection	direction,
		String	callerId,
		String	calleeId,
		long	startDateTime,
		long	endDateTime,
		CallMediaType	mediaType
	)		throws TskCoreException, BlackboardException

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callee, and creates a relationship between the self account and the caller account as well between the self account and the callee account.

Parameters

direction	Call direction, UNKNOWN if not available.
callerId	Caller id, may be null.
calleeId	Callee id, may be null.

At least one of the two must be provided - the caller Id, or a callee id.

Parameters

startDateTime	Start date/time, 0 if not available.
endDateTime	End date/time, 0 if not available.
mediaType	Media type.

Returns: Call log artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 650 of file CommunicationArtifactsHelper.java.

Referenced by org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog	(	CommunicationDirection	direction,
		String	callerId,
		String	calleeId,
		long	startDateTime,
		long	endDateTime,
		CallMediaType	mediaType,
		Collection< BlackboardAttribute >	otherAttributesList
	)		throws TskCoreException, BlackboardException

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callee, and creates a relationship between the self account and the caller account as well between the self account and the callee account.

Parameters

direction	Call direction, UNKNOWN if not available.
callerId	Caller id, may be null.
calleeId	Callee id, may be null.

At least one of the two must be provided - the caller Id, or a callee id.

Parameters

startDateTime	Start date/time, 0 if not available.
endDateTime	End date/time, 0 if not available.
mediaType	Media type.
otherAttributesList	Other attributes.

Returns: Call log artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 681 of file CommunicationArtifactsHelper.java.

References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog	(	CommunicationDirection	direction,
		String	callerId,
		Collection< String >	calleeIdsList,
		long	startDateTime,
		long	endDateTime,
		CallMediaType	mediaType
	)		throws TskCoreException, BlackboardException

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller/callees, and creates a relationship between the self account and the caller account as well between the self account and each callee account.

Parameters

direction	Call direction, UNKNOWN if not available.
callerId	Caller id, may be null.
calleeIdsList	Callee list, may be an empty list.

At least one of the two must be provided - the caller Id, or a callee id.

Parameters

startDateTime	Start date/time, 0 if not available.
endDateTime	End date/time, 0 if not available.
mediaType	Call media type, UNKNOWN if not available.

Returns: Call log artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 717 of file CommunicationArtifactsHelper.java.

References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addCalllog	(	CommunicationDirection	direction,
		String	callerId,
		Collection< String >	calleeIdsList,
		long	startDateTime,
		long	endDateTime,
		CallMediaType	mediaType,
		Collection< BlackboardAttribute >	otherAttributesList
	)		throws TskCoreException, BlackboardException

Adds a TSK_CALLLOG artifact.

Also creates an account instance for the caller and each of the callees, and creates relationships between caller and callees.

Parameters

direction	Call direction, UNKNOWN if not available.
callerId	Caller id, required for incoming call.
calleeIdsList	Callee ids list, required for an outgoing call.

At least one of the two must be provided - the caller Id, or a callee id.

Parameters

startDateTime	Start date/time, 0 if not available.
endDateTime	End date/time, 0 if not available.
mediaType	Call media type, UNKNOWN if not available.
otherAttributesList	other attributes, can be an empty list

Returns: Call log artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 752 of file CommunicationArtifactsHelper.java.

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addContact	(	String	contactName,
		String	phoneNumber,
		String	homePhoneNumber,
		String	mobilePhoneNumber,
		String	emailAddr
	)		throws TskCoreException, BlackboardException

Creates and adds a TSK_CONTACT artifact to the case, with specified attributes. Also creates an account instance of specified type for the contact with the specified ID.

Parameters

contactName	Contact name, required.
phoneNumber	Primary phone number for contact, may be empty or null.
homePhoneNumber	Home phone number, may be empty or null.
mobilePhoneNumber	Mobile phone number, may be empty or null.
emailAddr	Email address for the contact, may be empty or null.

At least one phone number or email address is required.

Returns: Contact artifact created.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 224 of file CommunicationArtifactsHelper.java.

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addContact	(	String	contactName,
		String	phoneNumber,
		String	homePhoneNumber,
		String	mobilePhoneNumber,
		String	emailAddr,
		Collection< BlackboardAttribute >	additionalAttributes
	)		throws TskCoreException, BlackboardException

Creates and adds a TSK_CONTACT artifact to the case, with specified attributes. Also creates an account instance for the contact with the specified ID.

Parameters

contactName	Contact name, may be empty or null.
phoneNumber	Primary phone number for contact, may be empty or null.
homePhoneNumber	Home phone number, may be empty or null.
mobilePhoneNumber	Mobile phone number, may be empty or null.
emailAddr	Email address for the contact, may be empty or null.

At least one phone number or email address or an Id is required. An Id may be passed in as a TSK_ID attribute in additionalAttributes.

Parameters

additionalAttributes Additional attributes for contact, may be an empty list.

Returns: contact artifact created.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 257 of file CommunicationArtifactsHelper.java.

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage	(	String	messageType,
		CommunicationDirection	direction,
		String	senderId,
		String	recipientId,
		long	dateTime,
		MessageReadStatus	readStatus,
		String	subject,
		String	messageText,
		String	threadId
	)		throws TskCoreException, BlackboardException

Adds a TSK_MESSAGE artifact.

Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.

Parameters

messageType	Message type, required.
direction	Message direction, UNKNOWN if not available.
senderId	Sender address id, may be null.
recipientId	Recipient id, may be null.
dateTime	Date/time of message, 0 if not available.
readStatus	Message read status, UNKNOWN if not available.
subject	Message subject, may be empty or null.
messageText	Message body, may be empty or null.
threadId	Message thread id, may be empty or null.

Returns: Message artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 394 of file CommunicationArtifactsHelper.java.

Referenced by org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage	(	String	messageType,
		CommunicationDirection	direction,
		String	senderId,
		String	recipientId,
		long	dateTime,
		MessageReadStatus	readStatus,
		String	subject,
		String	messageText,
		String	threadId,
		Collection< BlackboardAttribute >	otherAttributesList
	)		throws TskCoreException, BlackboardException

Adds a TSK_MESSAGE artifact.

Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver account.

Parameters

messageType	Message type, required.
direction	Message direction, UNKNOWN if not available.
senderId	Sender id, may be null.
recipientId	Recipient id, may be null.
dateTime	Date/time of message, 0 if not available.
readStatus	Message read status, UNKNOWN if not available.
subject	Message subject, may be empty or null.
messageText	Message body, may be empty or null.
threadId	Message thread id, may be empty or null.
otherAttributesList	Additional attributes, may be an empty list.

Returns: Message artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 429 of file CommunicationArtifactsHelper.java.

References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage	(	String	messageType,
		CommunicationDirection	direction,
		String	senderId,
		List< String >	recipientIdsList,
		long	dateTime,
		MessageReadStatus	readStatus,
		String	subject,
		String	messageText,
		String	threadId
	)		throws TskCoreException, BlackboardException

Adds a TSK_MESSAGE artifact.

Also creates an account instance for the sender/receiver, and creates a relationship between the self account and the sender/receiver accounts.

Parameters

messageType	Message type, required.
direction	Message direction, UNKNOWN if not available.
senderId	Sender id, may be null.
recipientIdsList	Recipient ids list, may be null or empty list.
dateTime	Date/time of message, 0 if not available.
readStatus	Message read status, UNKNOWN if not available.
subject	Message subject, may be empty or null.
messageText	Message body, may be empty or null.
threadId	Message thread id, may be empty or null.

Returns: Message artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 467 of file CommunicationArtifactsHelper.java.

References org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage().

BlackboardArtifact org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper.addMessage	(	String	messageType,
		CommunicationDirection	direction,
		String	senderId,
		List< String >	recipientIdsList,
		long	dateTime,
		MessageReadStatus	readStatus,
		String	subject,
		String	messageText,
		String	threadId,
		Collection< BlackboardAttribute >	otherAttributesList
	)		throws TskCoreException, BlackboardException

Adds a TSK_MESSAGE artifact.

Also creates accounts for the sender/receivers, and creates relationships between the sender/receivers account.

Parameters

messageType	Message type, required.
direction	Message direction, UNKNOWN if not available.
senderId	Sender id, may be null.
recipientIdsList	Recipient list, may be null or empty an list.
dateTime	Date/time of message, 0 if not available.
readStatus	Message read status, UNKNOWN if not available.
subject	Message subject, may be empty or null.
messageText	Message body, may be empty or null.
threadId	Message thread id, may be empty or null.
otherAttributesList	Other attributes, may be an empty list.

Returns: Message artifact.

Exceptions

TskCoreException	If there is an error creating the artifact.
BlackboardException	If there is a problem posting the artifact.

Definition at line 502 of file CommunicationArtifactsHelper.java.

The documentation for this class was generated from the following file:

/home/carriersleuth/repos/sleuthkit/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java

Classes

Public Member Functions

Detailed Description

Constructor & Destructor Documentation

Member Function Documentation