Skip to content

Commit

Permalink
fix: string formatting errors in Autopsy
Browse files Browse the repository at this point in the history
  • Loading branch information
lxndrblz committed Jun 30, 2024
1 parent 1c76a69 commit 9dc6fa0
Showing 1 changed file with 47 additions and 32 deletions.
79 changes: 47 additions & 32 deletions tools/Forensicsim_Parser.py
Original file line number Diff line number Diff line change
Expand Up @@ -42,36 +42,39 @@
from java.lang import ProcessBuilder
from java.util import ArrayList
from java.util.logging import Level
from org.sleuthkit.autopsy.casemodule import Case, NoCurrentCaseException
from org.sleuthkit.autopsy.coreutils import ExecUtil, Logger, PlatformUtil
from org.sleuthkit.autopsy.casemodule import Case
from org.sleuthkit.autopsy.casemodule import NoCurrentCaseException
from org.sleuthkit.autopsy.coreutils import ExecUtil
from org.sleuthkit.autopsy.coreutils import Logger
from org.sleuthkit.autopsy.coreutils import PlatformUtil
from org.sleuthkit.autopsy.datamodel import ContentUtils
from org.sleuthkit.autopsy.ingest import (
DataSourceIngestModule,
DataSourceIngestModuleProcessTerminator,
IngestMessage,
IngestModule,
IngestModuleFactoryAdapter,
IngestServices,
)
from org.sleuthkit.autopsy.ingest import DataSourceIngestModule
from org.sleuthkit.autopsy.ingest import DataSourceIngestModuleProcessTerminator
from org.sleuthkit.autopsy.ingest import IngestMessage
from org.sleuthkit.autopsy.ingest import IngestModule
from org.sleuthkit.autopsy.ingest import IngestModuleFactoryAdapter
from org.sleuthkit.autopsy.ingest import IngestServices
from org.sleuthkit.autopsy.ingest.IngestModule import IngestModuleException
from org.sleuthkit.datamodel import (
BlackboardArtifact,
BlackboardAttribute,
CommunicationsManager,
TskCoreException,
TskData,
)
from org.sleuthkit.datamodel import BlackboardArtifact
from org.sleuthkit.datamodel import BlackboardAttribute
from org.sleuthkit.datamodel import CommunicationsManager
from org.sleuthkit.datamodel import TskCoreException
from org.sleuthkit.datamodel import TskData
from org.sleuthkit.datamodel.Blackboard import BlackboardException
from org.sleuthkit.datamodel.blackboardutils import CommunicationArtifactsHelper
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import (
URLAttachment,
)
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import (
CallMediaType,
)
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import (
CommunicationDirection,
)
from org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper import (
MessageReadStatus,
)
from org.sleuthkit.datamodel.blackboardutils.attributes import MessageAttachments
from org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments import (
URLAttachment,
)

# Common Prefix Shared for all artefacts
ARTIFACT_PREFIX = "Microsoft Teams"
Expand Down Expand Up @@ -210,11 +213,11 @@ def _parse_databases(self, content, progress_bar):
os.makedirs(temp_path_to_content)
self.log(
Level.INFO,
f"Created temporary directory: {temp_path_to_content}.",
"Created temporary directory: {}.".format(temp_path_to_content),
)
except OSError:
raise IngestModuleException(
f"Could not create directory: {temp_path_to_content}."
"Could not create directory: {}.".format(temp_path_to_content)
)

# At first extract the desired artefacts to our newly created temp directory
Expand All @@ -238,15 +241,15 @@ def _extract(self, content, path):
# ignore relative paths
if child_name == "." or child_name == "..":
continue
elif child.isFile(): # noqa: RET507
elif child.isFile():
ContentUtils.writeToFile(child, File(child_path))
elif child.isDir():
os.mkdir(child_path)
self._extract(child, child_path)
self.log(Level.INFO, f"Successfully extracted to {path}")
self.log(Level.INFO, "Successfully extracted to {}".format(path))
except OSError:
raise IngestModuleException(
f"Could not extract files to directory: {path}."
"Could not extract files to directory: {}.".format(path)
)

def _analyze(self, content, path, progress_bar):
Expand Down Expand Up @@ -520,6 +523,14 @@ def parse_messages(self, messages, helper, teams_leveldb_file_path):
message_text = message["content"]
# Group by the conversationId, these can be direct messages, but also posts
thread_id = message["conversationId"]
# Additional Attributes
message_date_time_edited = 0
message_date_time_deleted = 0

if "edittime" in message["properties"]:
message_date_time_edited = int(message["properties"]["edittime"])
if "deletetime" in message["properties"]:
message_date_time_edited = int(message["properties"]["deletetime"])

additional_attributes = ArrayList()
additional_attributes.add(
Expand Down Expand Up @@ -692,17 +703,19 @@ def get_level_db_file(self, content, filepath):
dir_name = os.path.join(content.getParentPath(), content.getName())
results = file_manager.findFiles(data_source, filename, dir_name)
if results.isEmpty():
self.log(Level.INFO, f"Unable to locate {filename}")
return None
return results.get(
self.log(Level.INFO, "Unable to locate {}".format(filename))
return
db_file = results.get(
0
) # Expect a single match so retrieve the first (and only) file
return db_file

def date_to_long(self, formatted_date):
# Timestamp
dt = datetime.strptime(formatted_date[:19], "%Y-%m-%dT%H:%M:%S")
time_struct = dt.timetuple()
return int(calendar.timegm(time_struct))
timestamp = int(calendar.timegm(time_struct))
return timestamp

# Extract the direction of a phone call
def deduce_call_direction(self, direction):
Expand Down Expand Up @@ -768,7 +781,9 @@ def process(self, data_source, progress_bar):

self.log(
Level.INFO,
f"Found {directories_to_process} {directory} directories to process.",
"Found {} {} directories to process.".format(
directories_to_process, directory
),
)

for i, content in enumerate(all_ms_teams_leveldbs):
Expand Down Expand Up @@ -803,4 +818,4 @@ def process(self, data_source, progress_bar):
"Finished analysing the LeveLDB from Microsoft Teams.",
)
IngestServices.getInstance().postMessage(message)
return IngestModule.ProcessResult.OK
return IngestModule.ProcessResult.OK

0 comments on commit 9dc6fa0

Please sign in to comment.