Merge pull request #3311 from raman-bt/develop

916: Device Accounts should be created one per file instead of on…

InternalPythonModules/android/calllog.py

@@ -87,13 +87,7 @@ def fromType(t):
     def analyze(self, dataSource, fileManager, context):
         try:
 
-            # Create a 'Device' account using the data source device id
-            datasourceObjId = dataSource.getDataSource().getId()
-            ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
-            deviceID = ds.getDeviceId()
-
-            global deviceAccountInstance
-            deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
+
 
             absFiles = fileManager.findFiles(dataSource, "logs.db")
             absFiles.addAll(fileManager.findFiles(dataSource, "contacts.db"))
@@ -102,23 +96,29 @@ def analyze(self, dataSource, fileManager, context):
                 try:
                     file = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
                     ContentUtils.writeToFile(abstractFile, file, context.dataSourceIngestIsCancelled)
-                    self.__findCallLogsInDB(file.toString(), abstractFile)
+                    self.__findCallLogsInDB(file.toString(), abstractFile, dataSource)
                 except IOException as ex:
                     self._logger.log(Level.SEVERE, "Error writing temporary call log db to disk", ex)
                     self._logger.log(Level.SEVERE, traceback.format_exc())
         except TskCoreException as ex:
             self._logger.log(Level.SEVERE, "Error finding call logs", ex)
             self._logger.log(Level.SEVERE, traceback.format_exc())
 
-    def __findCallLogsInDB(self, databasePath, abstractFile):
+    def __findCallLogsInDB(self, databasePath, abstractFile, dataSource):
         if not databasePath:
             return
 
+
         bbartifacts = list()
         try:
             connection = DriverManager.getConnection("jdbc:sqlite:" + databasePath)
             statement = connection.createStatement()
 
+ 	    # Create a 'Device' account using the data source device id
+            datasourceObjId = dataSource.getDataSource().getId()
+            ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
+            deviceID = ds.getDeviceId()
+            deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
 
             for tableName in CallLogAnalyzer._tableNames:
                 try:

InternalPythonModules/android/contact.py

@@ -48,8 +48,6 @@
 import traceback
 import general
 
-deviceAccountInstance = None
-
 """
 Locates a variety of different contacts databases, parses them, and populates the blackboard.
 """
@@ -61,14 +59,6 @@ def __init__(self):
     def analyze(self, dataSource, fileManager, context):
         try:
 
-            # Create a 'Device' account using the data source device id
-            datasourceObjId = dataSource.getDataSource().getId()
-            ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
-            deviceID = ds.getDeviceId()
-
-            global deviceAccountInstance
-            deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance  (Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
-
             absFiles = fileManager.findFiles(dataSource, "contacts.db")
             absFiles.addAll(fileManager.findFiles(dataSource, "contacts2.db"))
             if absFiles.isEmpty():
@@ -77,7 +67,7 @@ def analyze(self, dataSource, fileManager, context):
                 try:
                     jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
                     ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
-                    self.__findContactsInDB(str(jFile.toString()), abstractFile)
+                    self.__findContactsInDB(str(jFile.toString()), abstractFile, dataSource)
                 except Exception as ex:
                     self._logger.log(Level.SEVERE, "Error parsing Contacts", ex)
                     self._logger.log(Level.SEVERE, traceback.format_exc())
@@ -89,7 +79,7 @@ def analyze(self, dataSource, fileManager, context):
     Will create artifact from a database given by the path
     The fileId will be the abstract file associated with the artifacts
     """
-    def __findContactsInDB(self, databasePath, abstractFile):
+    def __findContactsInDB(self, databasePath, abstractFile, dataSource):
         if not databasePath:
             return
 
@@ -103,6 +93,14 @@ def __findContactsInDB(self, databasePath, abstractFile):
             self._logger.log(Level.SEVERE, traceback.format_exc())
             return
 
+
+    	# Create a 'Device' account using the data source device id
+    	datasourceObjId = dataSource.getDataSource().getId()
+    	ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
+    	deviceID = ds.getDeviceId()
+
+    	deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance  (Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
+
         try:
             # get display_name, mimetype(email or phone number) and data1 (phonenumber or email address depending on mimetype)
             # sorted by name, so phonenumber/email would be consecutive for a person if they exist.

InternalPythonModules/android/tangomessage.py

@@ -47,8 +47,6 @@
 import traceback
 import general
 
-deviceAccountInstance = None
-
 """
 Locates database for the Tango app and adds info to blackboard.
 """
@@ -59,28 +57,21 @@ def __init__(self):
 
     def analyze(self, dataSource, fileManager, context):
         try:
-            # Create a 'Device' account using the data source device id
-            datasourceObjId = dataSource.getDataSource().getId()
-            ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
-            deviceID = ds.getDeviceId()
-
-            global deviceAccountInstance
-            deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
-
+
             absFiles = fileManager.findFiles(dataSource, "tc.db")
             for abstractFile in absFiles:
                 try:
                     jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
                     ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
-                    self.__findTangoMessagesInDB(jFile.toString(), abstractFile)
+                    self.__findTangoMessagesInDB(jFile.toString(), abstractFile, dataSource)
                 except Exception as ex:
                     self._logger.log(Level.SEVERE, "Error parsing Tango messages", ex)
                     self._logger.log(Level.SEVERE, traceback.format_exc())
         except TskCoreException as ex:
             self._logger.log(Level.SEVERE, "Error finding Tango messages", ex)
             self._logger.log(Level.SEVERE, traceback.format_exc())
 
-    def __findTangoMessagesInDB(self, databasePath, abstractFile):
+    def __findTangoMessagesInDB(self, databasePath, abstractFile, dataSource):
         if not databasePath:
             return
 
@@ -93,6 +84,12 @@ def __findTangoMessagesInDB(self, databasePath, abstractFile):
             self._logger.log(Level.SEVERE, traceback.format_exc())
             return
 
+ 	# Create a 'Device' account using the data source device id
+        datasourceObjId = dataSource.getDataSource().getId()
+        ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
+        deviceID = ds.getDeviceId()
+        deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
+
         try:
             resultSet = statement.executeQuery(
                 "SELECT conv_id, create_time, direction, payload FROM messages ORDER BY create_time DESC;")

InternalPythonModules/android/textmessage.py

@@ -49,7 +49,6 @@
 import traceback
 import general
 
-deviceAccountInstance = None
 
 """
 Finds database with SMS/MMS messages and adds them to blackboard.
@@ -62,28 +61,21 @@ def __init__(self):
     def analyze(self, dataSource, fileManager, context):
         try:
 
-            # Create a 'Device' account using the data source device id
-            datasourceObjId = dataSource.getDataSource().getId()
-            ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
-            deviceID = ds.getDeviceId()
-
-            global deviceAccountInstance
-            deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
-
+
             absFiles = fileManager.findFiles(dataSource, "mmssms.db")
             for abstractFile in absFiles:
                 try:
                     jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
                     ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
-                    self.__findTextsInDB(jFile.toString(), abstractFile)
+                    self.__findTextsInDB(jFile.toString(), abstractFile, dataSource)
                 except Exception as ex:
                     self._logger.log(Level.SEVERE, "Error parsing text messages", ex)
                     self._logger.log(Level.SEVERE, traceback.format_exc())
         except TskCoreException as ex:
             self._logger.log(Level.SEVERE, "Error finding text messages", ex)
             self._logger.log(Level.SEVERE, traceback.format_exc())
 
-    def __findTextsInDB(self, databasePath, abstractFile):
+    def __findTextsInDB(self, databasePath, abstractFile, dataSource):
         if not databasePath:
             return
 
@@ -97,6 +89,12 @@ def __findTextsInDB(self, databasePath, abstractFile):
             self._logger.log(Level.SEVERE, traceback.format_exc())
             return
 
+	# Create a 'Device' account using the data source device id
+        datasourceObjId = dataSource.getDataSource().getId()
+        ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
+        deviceID = ds.getDeviceId()
+        deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
+
         try:
             resultSet = statement.executeQuery(
                 "SELECT address, date, read, type, subject, body FROM sms;")

InternalPythonModules/android/wwfmessage.py

@@ -46,7 +46,7 @@
 import general
 
 wwfAccountType = None
-deviceAccountInstance = None
+
 
 """
 Analyzes messages from Words With Friends
@@ -62,28 +62,20 @@ def analyze(self, dataSource, fileManager, context):
             global wwfAccountType
             wwfAccountType = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().addAccountType("WWF", "Words with Friends")
 
-            # Create a 'Device' account using the data source device id
-            datasourceObjId = dataSource.getDataSource().getId()
-            ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
-            deviceID = ds.getDeviceId()
-
-            global deviceAccountInstance
-            deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, dataSource)
-
             absFiles = fileManager.findFiles(dataSource, "WordsFramework")
             for abstractFile in absFiles:
                 try:
                     jFile = File(Case.getCurrentCase().getTempDirectory(), str(abstractFile.getId()) + abstractFile.getName())
                     ContentUtils.writeToFile(abstractFile, jFile, context.dataSourceIngestIsCancelled)
-                    self.__findWWFMessagesInDB(jFile.toString(), abstractFile)
+                    self.__findWWFMessagesInDB(jFile.toString(), abstractFile, dataSource)
                 except Exception as ex:
                     self._logger.log(Level.SEVERE, "Error parsing WWF messages", ex)
                     self._logger.log(Level.SEVERE, traceback.format_exc())
         except TskCoreException as ex:
             self._logger.log(Level.SEVERE, "Error finding WWF messages", ex)
             self._logger.log(Level.SEVERE, traceback.format_exc())
 
-    def __findWWFMessagesInDB(self, databasePath, abstractFile):
+    def __findWWFMessagesInDB(self, databasePath, abstractFile, dataSource):
         if not databasePath:
             return
 
@@ -96,6 +88,12 @@ def __findWWFMessagesInDB(self, databasePath, abstractFile):
             self._logger.log(Level.SEVERE, traceback.format_exc())
             return
 
+	# Create a 'Device' account using the data source device id
+        datasourceObjId = dataSource.getDataSource().getId()
+        ds = Case.getCurrentCase().getSleuthkitCase().getDataSource(datasourceObjId)
+        deviceID = ds.getDeviceId()
+        deviceAccountInstance = Case.getCurrentCase().getSleuthkitCase().getCommunicationsManager().createAccountFileInstance(Account.Type.DEVICE, deviceID, general.MODULE_NAME, abstractFile)
+
         try:
             resultSet = statement.executeQuery(
                     "SELECT message, strftime('%s' ,created_at) as datetime, user_id, game_id FROM chat_messages ORDER BY game_id DESC, created_at DESC;")