First ADB Autopsy tests

labcif · Apr 5, 2020 · 010f87d · 010f87d
1 parent f66a693
commit 010f87d
Show file tree

Hide file tree

Showing 5 changed files with 154 additions and 35 deletions.
diff --git a/extract.py b/extract.py
@@ -18,7 +18,7 @@ def __init__(self):
         Utils.check_and_generate_folder(self.dumps_path)
 
     def dump_from_adb(self, app_package):
-        folders = []
+        folders = {}
 
         device_communication = DeviceCommunication()
         for serial_number in device_communication.list_devices():
@@ -67,7 +67,8 @@ def dump_from_adb(self, app_package):
                 print("[{}] File generated! {}".format(serial_number, path_dump_external))
 
             #Generated folders
-            folders.append(path_dump_folder)
+            #folders.append(path_dump_folder)
+            folders[serial_number] = path_dump_folder
 
         return folders
 

diff --git a/modules/tiktok.py b/modules/tiktok.py
@@ -57,16 +57,6 @@ def set_shared_preferences(self):
 
         return files
 
-    # def set_videos(self):
-    #     files = []
-    #     print("entrou nos videos")
-    #     for mp4 in Utils.list_files_tar(self.internal_path, [""]):
-    #         if '/cache/cache/' in mp4:
-    #             files.append(mp4)
-
-    #     print("tamanho:{}".format(len(files)))
-    #     return files
-
     def generate_report(self):
         user_id = self.get_user_id()
         report_header = {
@@ -221,4 +211,129 @@ def get_undark_db(self):
                 output[relative_name] = listing
 
         return output
+
+    ## PSY
+
+    @staticmethod
+    def get_attributes(self):
+        return {
+            'TIKTOK_MSG_UID': {
+                "type": "string",
+                "name": "Uid"
+            },
+            'TIKTOK_MSG_UNIQUE_ID': {
+                "type": "string",
+                "name": "Unique ID"
+            }, 
+            'TIKTOK_MSG_NICKNAME': {
+                "type": "string",
+                "name": "Nickname"
+            },
+            'TIKTOK_MSG_CREATED_TIME': {
+                "type": "string",
+                "name": "Created Time"
+            }, 
+            'TIKTOK_MSG_MESSAGE': {
+                "type": "string",
+                "name": "Message"
+            },
+            'TIKTOK_MSG_READ_STATUS': {
+                "type": "string",
+                "name": "Read Status"
+            }, 
+            'TIKTOK_MSG_LOCAL_INFO': {
+                "type": "string",
+                "name": "Local Info"
+            },
+            'TIKTOK_PROFILE_AVATAR': {
+                "type": "string",
+                "name": "Avatar"
+            }, 
+            'TIKTOK_PROFILE_REGION': {
+                "type": "string",
+                "name": "Region"
+            },
+            'TIKTOK_PROFILE_FOLLOWER': {
+                "type": "long",
+                "name": "Followers"
+            }, 
+            'TIKTOK_PROFILE_FOLLOWING': {
+                "type": "long",
+                "name": "Following"
+            },
+            'TIKTOK_PROFILE_GENDER': {
+                "type": "long",
+                "name": "Gender"
+            }, 
+            'TIKTOK_PROFILE_GOOGLE': {
+                "type": "string",
+                "name": "Google Account"
+            },
+            'TIKTOK_PROFILE_NICKNAME': {
+                "type": "string",
+                "name": "Nickname"
+            }, 
+            'TIKTOK_PROFILE_REGISTER_TIME': {
+                "type": "long",
+                "name": "Register Time"
+            }, 
+            'TIKTOK_PROFILE_SEC_UID': {
+                "type": "string",
+                "name": "Sec. UID"
+            }, 
+            'TIKTOK_PROFILE_SHORT_ID': {
+                "type": "string",
+                "name": "Short ID"
+            }, 
+            'TIKTOK_PROFILE_UID': {
+                "type": "string",
+                "name": "UID"
+            }, 
+            'TIKTOK_PROFILE_UNIQUE_ID': {
+                "type": "string",
+                "name": "Unique ID"
+            }, 
+            'TIKTOK_PROFILE_FOLLOW_STATUS': {
+                "type": "long",
+                "name": "Follow Status"
+            }, 
+            'TIKTOK_SEARCH': {
+                "type": "string",
+                "name": "Search"
+            }, 
+            'TIKTOK_UNDARK_KEY': {
+                "type": "string",
+                "name": "Database"
+            }, 
+            'TIKTOK_UNDARK_KEY': {
+                "type": "string",
+                "name": "Output"
+            }, 
+            'TIKTOK_UNDARK_OUTPUT': {
+                "type": "string",
+                "name": "Output"
+            }
+        }
+        # self.att_prf_is_blocked = self.create_attribute_type('TIKTOK_PROFILE_IS_BLOCKED', BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, "Is Blocked", skCase)
+        # self.att_prf_is_minor = self.create_attribute_type('TIKTOK_PROFILE_IS_MINOR', BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.BYTE, "Is Minor", skCase)
+
+    @staticmethod
+    def get_artifacts(user_id):
+        return {
+            "TIKTOK_MESSAGE_" + user_id: {
+                "name": "User " + user_id + " - MESSAGES"
+            },
+            "TIKTOK_PROFILE_" + user_id: {
+                "name": "User " + user_id + " - PROFILE"
+            },
+            "TIKTOK_PROFILES_" + user_id: {
+                "name": "User " + user_id + " - PROFILES"
+            },
+            "TIKTOK_SEARCHES_" + user_id: {
+                "name": "User " + user_id + " - SEARCHES"
+            },
+            "TIKTOK_UNDARK_" + user_id: {
+                "name": "User " + user_id + " - UNDARK"
+            }
+        }
 
diff --git a/psy/ingest.py b/psy/ingest.py
@@ -165,13 +165,19 @@ def process_users(self, users, file):
     # See: http://sleuthkit.org/autopsy/docs/api-docs/latest/classorg_1_1sleuthkit_1_1autopsy_1_1ingest_1_1_ingest_job_context.html
     def startUp(self, context):
         self.context = context
-
-        extract = Extract()
-        folders = extract.dump_from_adb("com.zhiliaoapp.musically")
-
-        for serial, folder in folders.items():
-            self.generate_new_fileset("ADBFileSet_{}".format(serial), [folder])
 
+        adb = True
+
+        if adb:
+            self.log(Level.INFO, "Starting ADB")
+            extract = Extract()
+            folders = extract.dump_from_adb("com.zhiliaoapp.musically")
+
+            for serial, folder in folders.items():
+                self.generate_new_fileset("ADBFileSet_{}".format(serial), [folder])
+
+            self.log(Level.INFO, "Ending ADB")
+
 
         skCase = Case.getCurrentCase().getSleuthkitCase()
         # Messages attributes
@@ -220,22 +226,15 @@ def startUp(self, context):
         self.art_searches = self.create_artifact_type("TIKTOK_SEARCHES_" + "UID", "User " + "UID" + " - SEARCHES", skCase)
 
         self.art_undark = self.create_artifact_type("TIKTOK_UNDARK_" + "UID", "User " + "UID" + " - UNDARK", skCase)
-
 
 
     def process(self, dataSource, progressBar):
-        extract = Extract()
-        folder = extract.dump_from_adb("com.zhiliaoapp.musically")
-
         progressBar.switchToIndeterminate()
         self.blackboard = Case.getCurrentCase().getServices().getBlackboard()
         fileManager = Case.getCurrentCase().getServices().getFileManager()
         # files = fileManager.findFiles(dataSource, "Report.json")
         # progressBar.switchToDeterminate(1)
 
-        #preencher com as settings
-        flag_adb_extraction = False
-
         fileCount = 0
 
         app_name = "com.zhiliaoapp.musically"
@@ -249,15 +248,6 @@ def process(self, dataSource, progressBar):
             pass
         os.makedirs(os.path.join(Case.getCurrentCase().getTempDirectory(), app_name))
 
-        if flag_adb_extraction:
-
-            self.log(Level.INFO, self.moduleName + "Inicio da extracao ADB")
-            extract = Extract()
-            extract.dump_from_adb(app_name)
-            self.log(Level.INFO, self.moduleName + "Fim da extracao ADB")
-
-
-
         internal_files = fileManager.findFiles(dataSource, internal)
         external_files = fileManager.findFiles(dataSource, external)
 

diff --git a/psy/progress.py b/psy/progress.py
@@ -0,0 +1,12 @@
+from org.sleuthkit.autopsy.casemodule.services.FileManager import FileAddProgressUpdater
+
+class ProgressUpdater(FileAddProgressUpdater):
+    def __init__(self):
+        self.files = []
+        pass
+
+    def fileAdded(self, newfile):
+        self.files.append(newfile)
+
+    def getFiles(self):
+        return self.files
diff --git a/start.py b/start.py
@@ -25,7 +25,8 @@ def start(args):
         folders.extend(extract.dump_from_path(args.path, args.app))
 
     if args.adb:
-        folders.extend(extract.dump_from_adb(args.app))
+        for serial, folder in extract.dump_from_adb(args.app).items():
+            folders.append(folder)
 
     if not args.output:
         args.output = Utils.get_base_path_folder()