fix media artifact

labcif · May 14, 2020 · c181691 · c181691
1 parent fd81437
commit c181691
Show file tree

Hide file tree

Showing 4 changed files with 96 additions and 26 deletions.
diff --git a/modules/autopsy/tiktok.py b/modules/autopsy/tiktok.py
@@ -34,6 +34,8 @@ def process_report(self, datasource_name, file, report_number, path):
         self.process_videos(data.get("videos"), report_number, file, os.path.dirname(path), datasource_name)
         self.process_logs(data.get("log"), file)
         self.process_published_videos(data.get("published_videos"), file)
+        self.process_open_events(data.get("open_events"), file)
+        self.process_media(data.get("AF_media"), file)
 
     def initialize(self, context):
         self.context = context
@@ -88,6 +90,15 @@ def initialize(self, context):
         self.att_vid_key = self.utils.create_attribute_type('TIKTOK_VIDEO_KEY', BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Key")
         self.att_vid_last_modified = self.utils.create_attribute_type('TIKTOK_VIDEO_LAST_MODIFIED', BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, "Last Modified")
 
+        #media
+
+        # self.att_media_path
+        self.att_media_type = self.utils.create_attribute_type('TIKTOK_MEDIA_TYPE', BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING, "Media Type")
+
+
+
+
+
         #published videos
 
         self.att_publish_vid_created_time = self.utils.create_attribute_type('TIKTOK_PUBLISHED_VIDEOS_CREATED_TIME', BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME, "Created TIme")
@@ -126,11 +137,46 @@ def initialize(self, context):
         self.art_publish_videos = self.utils.create_artifact_type(self.module_name, "TIKTOK_PUBLISHED_VIDEOS", "Published Videos")
         self.art_deleted_rows = self.utils.create_artifact_type(self.module_name, "TIKTOK_DELETED_ROWS", "Deleted rows")
         self.art_logs = self.utils.create_artifact_type(self.module_name, "TIKTOK_LOGS", "Logs")
+        self.art_media = self.utils.create_artifact_type(self.module_name, "TIKTOK_MEDIA", "Media")
+        self.art_open_app = self.utils.create_artifact_type(self.module_name, "TIKTOK_OPEN_PP", "Open Application")
 
 
-
+    def process_media(self, media, file):
+
+        logging.info("Indexing media files")
+
+        if not media:
+            return
+
+        for m in media:
+            try: 
+                art = file.newArtifact(self.art_media.getTypeID())
+                attributes = []
+                attributes.append(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH, m.get("path"), m.get("path")))
+                attributes.append(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_FILE_TYPE_SIG, m.get("path"), m.get("mime")))
+                attributes.append(BlackboardAttribute(self.att_media_type, m.get("path"), m.get("type")))
+                art.addAttributes(attributes)
+                self.utils.index_artifact(art, self.art_media)        
+            except Exception as e:
+                logging.warning("Error getting user: " + str(e))
+
+
+    def process_open_events(self, open_events, file):
+        logging.info("Indexing appication open events.")
+
+        if not open_events:
+            return
+
+        for e in open_events:
+            try: 
+                art = file.newArtifact(self.art_open_app.getTypeID())
+                art.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, "TIKTOK.db", e))
+                self.utils.index_artifact(art, self.art_open_app)        
+            except Exception as e:
+                logging.warning("Error getting a application event entry: " + str(e))
+
+
     def process_user_profile(self, profile, file):
-
         logging.info("Indexing user profile.")
 
         if not profile:

diff --git a/modules/report/tiktok.py b/modules/report/tiktok.py
@@ -28,6 +28,7 @@ def generate_report(self):
         self.report["published_videos"] = self.get_videos_publish()
         self.report["cache_images"] = self.get_fresco_cache()
         self.report["log"] = self.get_last_session()
+        self.report["open_events"] = self.get_open_events()
 
         self.add_model(self.timeline)
         self.add_model(self.media)
@@ -106,6 +107,27 @@ def get_user_messages(self):
 
         return conversations_list
 
+
+    def get_open_events(self):
+        logging.info("Get application open events...")
+
+        open_events=[]
+        db = os.path.join(self.internal_cache_path, "databases", "TIKTOK.db")
+        database = Database(db)
+        results = database.execute_query("select open_time/1000 from app_open;")
+
+        for event in results:
+            open_events.append(event[0])
+            timeline_event = {}
+            timeline_event["event"]= "Open Application"
+            self.timeline.add(event[0],"AF_system", timeline_event)
+
+        return open_events
+
+
+
+
+
     def get_user_profile(self):
 
         logging.info("Get User Profile...")
@@ -276,7 +298,7 @@ def get_fresco_cache(self):
         for directory in numerate_dirs:
             for cache_file in os.listdir(os.path.join(cache_path, directory)):
                 fresco_images.append(cache_file)
-                self.media.add(os.path.join(cache_path, directory, cache_file), False, False)
+                self.media.add(os.path.join(cache_path, directory, cache_file), False)
 
         return fresco_images
 
@@ -331,6 +353,12 @@ def parse_body_message_by_id(message_type, message_dump):
             body=message_dump.get("url").get("url_list")[0]
         elif message_type == 15:
             body=message_dump.get("joker_stickers")[0].get("static_url").get("url_list")[0]
+        elif message_type == 25:
+            body = "https://www.tiktok.com/@{}".format(message_dump.get("desc")) # or body = "https://m.tiktok.com/h5/share/usr/{}.html".format(message_dump.get("uid"))
+        elif message_type == 19:
+            body = message_dump.get("push_detail")
+        elif message_type == 22:
+            body = "https://www.tiktok.com/music/tiktok-{}".format(message_dump.get("music_id"))
         else:
             body= str(message_dump)
 
@@ -343,5 +371,10 @@ def get_message_type_by_id(message_type_id):
         if  message_type_id == 8: return "video"
         if  message_type_id == 5: return "gif"
         if  message_type_id == 15: return "gif"
+        if  message_type_id == 22: return "audio"
+        if  message_type_id == 25: return "profile"
+        if  message_type_id == 19: return "hashtag"
         return "unknown"
 
+
+
diff --git a/package/models.py b/package/models.py
@@ -42,34 +42,25 @@ def get_category(filetype):
         if filetype in ["audio/midi","audio/mpeg","audio/m4a","audio/ogg","audio/x-flac","audio/x-wav","audio/amr"]: return "audio"
         return "unknown"
 
-    def add(self, path,from_web=False, is_h265=False):
+    def add(self, path, from_web=False):
         media = {}
+        media["path"] = path
+        media["type"]="unknown"
+        media["mime"]="unknown"
+
         if not from_web:
             media["path"]= os.path.join("Contents", path)
-            media["is_h265"]= is_h265
-            # TODO TO REMOVE--
             try:
                 file_type = filetype.guess(path) #TODO FIX PATH 
-
-                media["type"]= ""
-                media["mime"]= ""
                 if file_type:
-                    # media["type"]= self.get_category(file_type.mime) 
-                    # media["mime"]= file_type.mime
-
                     media["type"]= self.get_category(file_type.mime)
                     media["mime"]= file_type.mime
-                else:
-                    media["type"]= "unknown"
-                    media["mime"]= "unknown"
             except:
                 pass
-        else:
-            media["path"] = path
-            media["is_h265"]= is_h265
-            media["type"]= "image" #get mime/type
-            media["mime"]= "image/jpeg" #url
-
+
+        else:  #Web
+            media["mime"]= "image/jpeg"
+            media["type"]= self.get_category(media["mime"])
 
         self.media.append(media)
 

diff --git a/template/assets/js/report.js b/template/assets/js/report.js
@@ -220,7 +220,7 @@ function renderMedia() {
 
   // src = `C:\\Users\\josef\\Desktop\\ee\\test.mp4`
   // src2 = `C:\\Users\\josef\\Desktop\\ee\\test.jpg`
-  content = `
+  var content = `
   ${getHeader("Media")}
   <div class="row">
   `
@@ -248,6 +248,7 @@ function renderMedia() {
     // </div>`
     media_id += 1;
     content += `<div class="col">`;
+    console.log(item)
 
     if (item["type"] == "video") {
       content += `<video width="320" height="240" controls><source src="${item["path"]}" type="${item["mime"]}"></video>`;
@@ -256,12 +257,11 @@ function renderMedia() {
       content += `<img width="320" height="240" src="${item["path"]}"></img>`;
       content += `<figcaption class="mt-2 mb-5"><img src="assets/svg/image.svg" alt="${item["mime"]}" class="minilogo"></img>`;
     } else if (item["type"] == "http") {
-      content += `<div class="row"><button type="button" class="btn btn-outline-primary" onclick="window.open('${item["path"]}','_blank')">Open external media</button>`;
-      content += `<figcaption><img src="assets/svg/http.svg" class="minilogo" alt="${item["mime"]}"></img></div>`;
+      content += `<button type="button" class="btn btn-outline-primary" onclick="window.open('${item["path"]}','_blank')">Open external media</button>`;
+      content += `<figcaption><img src="assets/svg/http.svg" class="minilogo" alt="${item["mime"]}"></img>`;
     } else if (item["type"] == "audio") {
       content += `<audio controls><source src="${item["path"]}" type="${item["mime"]}"></audio>`;
-      content += `<figcaption><img src="assets/svg/audio.svg" alt="${item["mime"]}" class="minilogo"></img>`;
-    }
+      content += `<figcaption><img src="assets/svg/audio.svg" alt="${item["mime"]}" class="minilogo"></img>`;}
     if (item["is_h265"]) {
       content += '<img src="assets/svg/h265.svg" class="minilogo"></img>';
     }