diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
index ca2da24cdf6d1d7599860d99f3ddbaa468d55388..ce5b066d1e4ec9772990d2fe97c8a1e41847ffd0 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java
@@ -165,7 +165,8 @@ boolean isRequired() {
.put("Contacts.tsv", "contact")
.put("IMO - AccountId.tsv", "contact")
.put("IMO - messages.tsv", "message")
-
+ .put("SMS - iMessage.tsv", "message")
+ .put("Call History.tsv", "calllog")
.build();
Blackboard blkBoard;
@@ -447,7 +448,9 @@ private void createMessageRelationship(Collection<BlackboardAttribute> bbattribu
}
}
AbstractFile absFile = findAbstractFile(dataSource, sourceFile);
- Account.Type accountType = getAccountType(fileName);
+ if (absFile == null) {
+ absFile = (AbstractFile) dataSource;
+ } Account.Type accountType = getAccountType(fileName);
if ((absFile != null) || (accountType != null)) {
CommunicationArtifactsHelper accountArtifact = new CommunicationArtifactsHelper(Case.getCurrentCaseThrows().getSleuthkitCase(),
moduleName, absFile, accountType);
@@ -628,8 +631,10 @@ private Account.Type getAccountType(String AccountTypeName) {
return Account.Type.TANGO;
case "shareit file transfer.tsv":
return Account.Type.SHAREIT;
+ case "sms - imessage.tsv":
+ return Account.Type.PHONE;
default:
- return null;
+ return Account.Type.PHONE;
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml
index 16409f42c7b2bdb720acbeb306236bd75e71bd3c..70725fd0c606154b4cd220d37fec82301c2d14c1 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml
+++ b/Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/ileap-artifact-attribute-reference.xml
@@ -50,9 +50,9 @@
<FileName filename="App Snapshots.tsv" description="App Snapshots (screenshots)">
<ArtifactName artifactname="TSK_SCREEN_SHOTS" comment="null">
<AttributeName attributename="TSK_PROG_NAME" columnName="App Name" required="yes" />
- <AttributeName attributename="TSK_PATH" columnName="SOurce Path" required="yes" />
+ <AttributeName attributename="TSK_PATH" columnName="Source Path" required="yes" />
<AttributeName attributename="TSK_DATETIME" columnName="Date Modified" required="yes" />
- <AttributeName attributename="null" columnName="Source File Located" required="no" />
+ <AttributeName attributename="null" columnName="Png Path" required="no" />
</ArtifactName>
</FileName>
@@ -101,6 +101,7 @@
<AttributeName attributename="null" columnName="ISO County Code" required="no" />
<AttributeName attributename="null" columnName="Location" required="no" />
<AttributeName attributename="null" columnName="Service Provider" required="no" />
+ <AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
@@ -743,16 +744,14 @@
</ArtifactName>
</FileName>
-<!-- This section is commented out as the iLeapp program needs to be changed in order to properly process the mail. It appears that the
- TSK_TEXT can contain carriage/line returns and this messes reading the tsv file line by line
<FileName filename="SMS - iMessage.tsv" description="SMS - iMessage">
- <ArtifactName artifactname="TSK_MESSAGE" comment="null">
+ <ArtifactName artifactname="TSK_MESSAGE" comment="SMS - iMessage">
<AttributeName attributename="TSK_DATETIME" columnName="Message Date" required="yes" />
- <AttributeName attributename="TSK_DATETIME_RCVD" columnName="Date Delivered" required="yes" />
- <AttributeName attributename="TSK_DATETIME_ACCESSED" columnName="Date Read" required="yes" />
+ <AttributeName attributename="null" columnName="Date Delivered" required="no" />
+ <AttributeName attributename="null" columnName="Date Read" required="no" />
<AttributeName attributename="TSK_TEXT" columnName="Message" required="yes" />
<AttributeName attributename="TSK_PHONE_NUMBER_FROM" columnName="Contact ID" required="yes" />
- <AttributeName attributename="TSK_MESSAGE_TYPE" columnName="Service" required="yes" />
+ <AttributeName attributename="null" columnName="Service" required="no" />
<AttributeName attributename="TSK_PHONE_NUMBER_TO" columnName="Account" required="yes" />
<AttributeName attributename="null" columnName="Is Delivered" required="no" />
<AttributeName attributename="null" columnName="Is from Me" required="no" />
@@ -760,9 +759,9 @@
<AttributeName attributename="null" columnName="MIME Type" required="no" />
<AttributeName attributename="null" columnName="Transfer Type" required="no" />
<AttributeName attributename="null" columnName="Total Bytes" required="no" />
+ <AttributeName attributename="TSK_TEXT_FILE" columnName="source file" required="yes"/>
</ArtifactName>
</FileName>
--->
<FileName filename="Wifi.tsv" description="Wifi">
<ArtifactName artifactname="TSK_WIFI_NETWORK" comment="Wifi">
diff --git a/thirdparty/iLeapp/ileapp.exe b/thirdparty/iLeapp/ileapp.exe
index 0456c3c7262696341682065a9320a2a1aaba0b66..f1d395e93036d41cdf6b92a1d5c4acb49687ef4a 100644
Binary files a/thirdparty/iLeapp/ileapp.exe and b/thirdparty/iLeapp/ileapp.exe differ