Examples of org.sleuthkit.datamodel.BlackboardArtifact

org.sleuthkit.datamodel.BlackboardArtifact
Represents an artifact as stored in the Blackboard. Artifacts are a collection of name value pairs and have a type that represents the type of data they are storing. This class is used to create artifacts on the blackboard and is used to represent artifacts queried from the blackboard.

            AbstractFile f = skCase.getAbstractFileById(fId);
            try {
                resultSet = statement.executeQuery(
                        "Select address,date,type,subject,body FROM sms;");


                BlackboardArtifact bba;
                String address; // may be phone number, or other addresses
                String date;//unix time
                String type; // message received in inbox = 1, message sent = 2
                String subject;//message subject
                String body; //message body
                while (resultSet.next()) {
                    address = resultSet.getString("address");
                    date = resultSet.getString("date");
                    type = resultSet.getString("type");
                    subject = resultSet.getString("subject");
                    body = resultSet.getString("body");


                    bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create Message artifact and then add attributes from result set.
                    
                    // @@@ NEed to put into more specific TO or FROM
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, address));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, date));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SUBJECT.getTypeID(), moduleName, subject));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, body));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "SMS Message"));


                }


            } catch (Exception e) {
                logger.log(Level.SEVERE, "Error parsing text messages to Blackboard", e);

View Full Code Here


            addToTotals(jobId, System.currentTimeMillis() - startTime);


            if (mismatchDetected) {
                // add artifact               
                BlackboardArtifact bart = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED);


                services.fireModuleDataEvent(new ModuleDataEvent(FileExtMismatchDetectorModuleFactory.getModuleName(), ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED, Collections.singletonList(bart)));
            }
            return ProcessResult.OK;
        } catch (TskException ex) {

View Full Code Here

                } else {
                    direction = "Outgoing";
                }
                payload = resultSet.getString("payload");


                BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_MESSAGE); //create a call log and then add attributes from result set.
                bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), moduleName, create_time));
                bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, direction));
                bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TEXT.getTypeID(), moduleName, decodeMessage(conv_id, payload)));
                bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_MESSAGE_TYPE.getTypeID(), moduleName, "Tango Message"));


            }


        } catch (Exception e) {
            logger.log(Level.SEVERE, "Error parsing Tango messages to the Blackboard", e);

View Full Code Here

                        + "LEFT OUTER JOIN data ON (data.raw_contact_id=raw_contacts._id) \n"
                        + "LEFT OUTER JOIN mimetypes ON (data.mimetype_id=mimetypes._id) \n"
                        + "WHERE mimetype = 'vnd.android.cursor.item/phone_v2' OR mimetype = 'vnd.android.cursor.item/email_v2'\n"
                        + "ORDER BY name_raw_contact.display_name ASC;");


                BlackboardArtifact bba;
                bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
                String name;
                String oldName = "";
                String mimetype; // either phone or email
                String data1; // the phone number or email
                while (resultSet.next()) {
                    name = resultSet.getString("display_name");
                    data1 = resultSet.getString("data1");
                    mimetype = resultSet.getString("mimetype");
//                    System.out.println(resultSet.getString("data1") + resultSet.getString("mimetype") + resultSet.getString("display_name")); //Test code
                    if (name.equals(oldName) == false) {
                        bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
                        bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
                    }
                    if (mimetype.equals("vnd.android.cursor.item/phone_v2")) {
                        bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, data1));
                    } else {
                        bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_EMAIL.getTypeID(), moduleName, data1));
                    }
                    oldName = name;
                }


            } catch (Exception e) {

View Full Code Here

                        final String number = resultSet.getString("number");
                        final long duration = resultSet.getLong("duration");//duration of call is in seconds
                        final String name = resultSet.getString("name");// name of person dialed or called. null if unregistered


                        try {
                            BlackboardArtifact bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
                            bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
                            bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
                            bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
                            bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, directionString));
                            bba.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));
                        } catch (TskCoreException ex) {
                            logger.log(Level.SEVERE, "Error posting call log record to the Blackboard", ex);
                        }
                    }
                } catch (SQLException e) {

View Full Code Here

            AbstractFile f = skCase.getAbstractFileById(fId);
            try {
                resultSet = statement.executeQuery(
                        "SELECT number,date,duration,type, name FROM calls ORDER BY date DESC;");


                BlackboardArtifact bba;
                String name; // name of person dialed or called. null if unregistered
                String number; //string phone number
                String duration; //duration of call in seconds
                String date; // Unix time
                String type; // 1 incoming, 2 outgoing, 3 missed


                while (resultSet.next()) {
                    name = resultSet.getString("name");
                    number = resultSet.getString("number");
                    duration = resultSet.getString("duration");
                    date = resultSet.getString("date");
                    type = resultSet.getString("type");


                    bba = f.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG); //create a call log and then add attributes from result set.
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PHONE_NUMBER.getTypeID(), moduleName, number));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_START.getTypeID(), moduleName, date));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_END.getTypeID(), moduleName, duration + date));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DIRECTION.getTypeID(), moduleName, type));
                    bba.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), moduleName, name));


                }
            } catch (Exception e) {
                logger.log(Level.SEVERE, "Error parsing Call logs to the Blackboard", e);
            } finally {

View Full Code Here

        Action[] superActions = super.getActions(context);
        List<Action> actionsList = new ArrayList<>();
        actionsList.addAll(Arrays.asList(superActions));


        final Content content = getLookup().lookup(Content.class);
        final BlackboardArtifact artifact = getLookup().lookup(BlackboardArtifact.class);


        final List<Action> factoryActions = DataModelActionsFactory.getActions(content, artifact != null);


        actionsList.addAll(factoryActions);
        return actionsList.toArray(new Action[0]);

View Full Code Here

                try {
                    if (eventById.getType().getSuperType() == BaseTypes.FILE_SYSTEM) {
                        return new EventNode(eventById, Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(eventById.getFileID()));
                    } else {
                        AbstractFile file = Case.getCurrentCase().getSleuthkitCase().getAbstractFileById(eventById.getFileID());
                        BlackboardArtifact blackboardArtifact = Case.getCurrentCase().getSleuthkitCase().getBlackboardArtifact(eventById.getArtifactID());


                        return new EventNode(eventById, file, blackboardArtifact);
                    }


                } catch (TskCoreException tskCoreException) {

View Full Code Here

0 1 2 3

TOP

Related Classes of org.sleuthkit.datamodel.BlackboardArtifact

org.sleuthkit.autopsy.corecomponents.DataContentViewerArtifact

org.sleuthkit.autopsy.corecomponents.DataContentViewerArtifact$SelectedNodeChangedTask

org.sleuthkit.autopsy.datamodel.EmailExtracted$MessageFactory

org.sleuthkit.autopsy.datamodel.HashsetHits$HitFactory

org.sleuthkit.autopsy.datamodel.KeywordHits$HitsFactory

org.sleuthkit.autopsy.directorytree.DataResultFilterNode$GetPopupActionsDisplayableItemNodeVisitor

org.sleuthkit.autopsy.examples.SampleFileIngestModule

org.sleuthkit.autopsy.externalresults.ExternalResultsImporter

org.sleuthkit.autopsy.ingest.IngestMessageDetailsPanel

org.sleuthkit.autopsy.keywordsearch.ExtractedContentViewer

All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.