Android Parser Contactos

iped-api/src/main/java/iped/properties/ExtraProperties.java

@@ -147,6 +147,20 @@ public class ExtraProperties {
 
     public static final String FACE_ENCODINGS = "face_encodings";
 
+    public static final String CONTACT_CONTACTID = "contact_contactid";
+
+    public static final String CONTACT_DISPLAY_NAME = "contact_display_name";
+
+    public static final String CONTACT_PHONE_NUMBERS = "contact_phone_numbers";
+
+    public static final String CONTACT_ACCOUNTS = "contact_accounts";
+
+    public static final String CONTACT_EMAILS = "contact_emails";
+
+    public static final String CONTACT_NOTES = "contact_notes";
+
+    public static final String CONTACT_DELETED = "contact_deleted";
+
     public static final List<String> COMMUNICATION_BASIC_PROPS = Arrays.asList(MESSAGE_SUBJECT, COMMUNICATION_DATE.getName(),
             MESSAGE_BODY, COMMUNICATION_FROM, COMMUNICATION_TO, Message.MESSAGE_CC, Message.MESSAGE_BCC,
             Message.MESSAGE_RECIPIENT_ADDRESS, MESSAGE_IS_ATTACHMENT, MESSAGE_ATTACHMENT_COUNT.getName());

iped-app/resources/config/conf/CategoriesConfig.json

@@ -73,9 +73,12 @@
       {"name": "GDrive Synced Files", "mimes": ["application/x-gdrive-cloud-graph", "application/x-gdrive-snapshot"]},
       {"name": "GDrive File Entries", "mimes": ["application/x-gdrive-cloud-graph-registry", "application/x-gdrive-snapshot-registry"]}
     ]},
-    {"name": "Databases", "mimes": ["application/x-edb", "application/x-edb-table", "application/irpf", "application/x-msaccess", "application/x-dbf", "application/vnd.oasis.opendocument.database", "application/x-sqlite3", "application/x-mysql-db", "application/x-berkeley-db", "application/x-mssql-data", "application/x-database-table"]},
+    {"name": "Databases", "mimes": ["application/x-edb", "application/x-edb-table", "application/irpf", "application/x-msaccess", "application/x-dbf", "application/vnd.oasis.opendocument.database", "application/x-sqlite3", "application/x-mysql-db", "application/x-berkeley-db", "application/x-mssql-data", "application/x-database-table", "application/x-android_sqlite_contactos", "application/x-android_sqlite_contactos2"]},
     {"name": "Compressed Archives", "mimes": ["application/x-tika-ooxml", "application/zlib", "application/applefile", "application/vnd.ms-tnef", "application/zip", "application/x-rar-compressed", "application/x-tar", "application/gzip", "application/x-gzip", "application/x-xz", "application/x-bzip", "application/x-bzip2", "application/x-7z-compressed", "application/x-arj", "application/x-gtar", "application/x-archive", "application/x-cpio", "application/x-tika-unix-dump", "application/x-snappy-framed", "application/x-snappy", "application/x-snappy-raw", "application/x-compress", "application/x-java-pack200", "application/x-lzma", "application/x-lz4", "application/x-lz4-block", "application/x-brotli", "application/zstd", "application/deflate64", "image/x-emf-compressed"]},
-    {"name": "Contacts", "mimes": ["text/x-vcard", "application/x-vcard-html", "application/windows-adress-book", "application/outlook-contact", "application/x-livecontacts", "application/x-livecontacts-table", "contact/x-skype-contact", "application/x-whatsapp-wadb", "application/x-whatsapp-contactsv2", "contact/x-whatsapp-contact", "application/x-ufed-html-contacts", "application/x-ufed-contact", "contact/x-telegram-contact", "application/x-ios-addressbook-db", "application/x-win10-mail-contact"]},
+    {"name": "Contacts", "categories":[
+        {"name": "Contact", "mimes":["text/x-vcard", "application/x-vcard-html", "application/windows-adress-book", "application/outlook-contact", "application/x-livecontacts", "application/x-livecontacts-table", "contact/x-skype-contact", "application/x-whatsapp-wadb", "application/x-whatsapp-contactsv2", "contact/x-whatsapp-contact", "application/x-ufed-html-contacts", "application/x-ufed-contact", "contact/x-telegram-contact", "application/x-ios-addressbook-db", "application/x-win10-mail-contact", "application/x-android_contactos_registry", "application/x-android_contactos_registry2"]},
+        {"name": "List Of Contact", "mimes":["application/x-android_contactos", "application/x-android_contactos2"]}
+    ]},
     {"name": "Chats", "categories":[
         {"name": "WhatsApp", "mimes":["application/x-whatsapp-db", "application/x-whatsapp-chatstorage", "application/x-whatsapp-chat","application/x-ufed-chat-whatsapp","application/x-ufed-chat-preview-whatsapp"]},
         {"name": "Messenger", "mimes":["application/messenger-plus", "application/messenger-chat"]},

iped-app/resources/config/conf/CustomSignatures.xml

@@ -1460,5 +1460,24 @@
     	<sub-class-of type="message/x-chat-message"/>
     </mime-type>
 
+    <mime-type type="application/x-android_contactos">
+        <sub-class-of type="text/html"/>
+    </mime-type>
+
+    <mime-type type="application/x-android_contactos_registry">
+        <sub-class-of type="text/html"/>
+    </mime-type>
+
+    <mime-type type="application/x-android_contactos2">
+        <sub-class-of type="text/html"/>
+    </mime-type>
+
+    <mime-type type="application/x-android_contactos_registry2">
+        <sub-class-of type="text/html"/>
+    </mime-type>
+
+
+
+
 </mime-info>
 

iped-app/resources/config/conf/IndexTaskConfig.txt

@@ -1,4 +1,4 @@
-# Added unallocated space will be indexed. "addUnallocated" and "indexUnknownFiles" must be enabled.
+# Added unallocated space will be indexed. "addUnallocated" (FileSystemConfig.txt) and "parseUnknownFiles" (ParsingTaskConfig.txt) must be enabled.
 indexUnallocated = false
 
 # Converts text to lowercase before indexing, making the search case-insensitive.

iped-app/resources/config/conf/ParserConfig.xml

@@ -353,6 +353,9 @@
         <parser class="iped.parsers.mail.win10.Win10MailParser"></parser>
         <parser class="iped.parsers.discord.DiscordParser"></parser>
 
+        <parser class="iped.parsers.android.contact.ContactParser"></parser>
+        <parser class="iped.parsers.android.contactdb2.ContactParserDb2"></parser>
+
     </parsers>
 
     <encodingDetectors>

iped-app/resources/localization/iped-categories.properties

@@ -160,3 +160,5 @@ Journeys=Journeys
 Networks\ Usage=Networks\ Usage
 Recognized\ Devices=Recognized\ Devices
 Social\ Media\ Activities=Social\ Media\ Activities
+Contact=Contact
+List\ Of\ Contact=List\ Of\ Contact

iped-app/resources/localization/iped-categories_de_DE.properties

@@ -160,3 +160,5 @@ Journeys=Reisen
 Networks\ Usage=Netzwerknutzung
 Recognized\ Devices=erkannte Geräte
 Social\ Media\ Activities=Social\ Media\ Aktivitäten
+Contact=Contact
+List\ Of\ Contact=List\ Of\ Contact

iped-app/resources/localization/iped-categories_es_AR.properties

@@ -160,3 +160,5 @@ Journeys=Viajes
 Networks\ Usage=Uso\ de\ Redes
 Recognized\ Devices=Dispositivos\ Reconocidos
 Social\ Media\ Activities=Actividades\ Multimedia\ Sociales
+Contact=Contact
+List\ Of\ Contact=List\ Of\ Contact

iped-app/resources/localization/iped-categories_it_IT.properties

@@ -159,4 +159,6 @@ Fuzzy\ Data=Fuzzy\ Data[TBT]
 Journeys=Viaggi
 Networks\ Usage=Utilizzo\ Rete
 Recognized\ Devices=Dispositivi\ Riconosciuti
-Social\ Media\ Activities=Actività\ su\ Social\ Media
+Social\ Media\ Activities=Actività\ su\ Social\ Media
+Contact=Contact
+List\ Of\ Contact=List\ Of\ Contact

iped-app/resources/localization/iped-categories_pt_BR.properties

@@ -160,3 +160,5 @@ Journeys=Jornadas
 Networks\ Usage=Uso\ de\ Redes
 Recognized\ Devices=Dispositivos\ Identificados
 Social\ Media\ Activities=Atividades\ em\ Redes\ Sociais
+Contact=Contact
+List\ Of\ Contact=List\ Of\ Contact

iped-app/src/main/java/iped/app/ui/IconManager.java

@@ -285,6 +285,11 @@ private static Map<String, QualityIcon> initMimeToIconMap(int size) {
             mimeIconMap.put("application/outlook-contact", icon);
             mimeIconMap.put("contact/x-skype-account", icon);
             mimeIconMap.put("contact/x-skype-contact", icon);
+            mimeIconMap.put("application/x-android_contactos_registry", icon);
+            mimeIconMap.put("application/x-android_contactos", icon);
+            mimeIconMap.put("application/x-android_contactos_registry2", icon);
+            mimeIconMap.put("application/x-android_contactos2", icon);
+
         }
 
         icon = availableIconsMap.get("user-telegram");

iped-engine/src/main/java/iped/engine/data/IPEDMultiSource.java

@@ -98,7 +98,7 @@ private List<File> loadCasesFromTxtFile(File file) {
                     continue;
                 }
                 File path = new File(pathStr);
-                if (!new File(path, MODULE_DIR).exists()) {
+                if (!checkIfIsCaseFolder(path)) {
                     throw new IllegalArgumentException("Invalid case path: " + path.getAbsolutePath());
                 }
                 files.add(path);
@@ -121,7 +121,7 @@ private List<File> searchCasesinFolder(File folder) {
         if (subFiles != null)
             for (File file : subFiles) {
                 if (file.isDirectory()) {
-                    if (new File(file, MODULE_DIR).exists())
+                    if (checkIfIsCaseFolder(file))
                         files.add(file);
                     else
                         files.addAll(searchCasesinFolder(file));

iped-engine/src/main/java/iped/engine/data/IPEDSource.java

@@ -83,10 +83,12 @@ public class IPEDSource implements IIPEDSource {
 
     private static Logger LOGGER = LoggerFactory.getLogger(IPEDSource.class);
 
-    public static final String INDEX_DIR = "index"; //$NON-NLS-1$
     public static final String MODULE_DIR = "iped"; //$NON-NLS-1$
+    public static final String INDEX_DIR = "index"; //$NON-NLS-1$
+    public static final String DATA_DIR = "data"; //$NON-NLS-1$
+    public static final String LIB_DIR = "lib"; //$NON-NLS-1$
     public static final String SLEUTH_DB = "sleuth.db"; //$NON-NLS-1$
-    public static final String PREV_TEMP_INFO_PATH = "data/prevTempDir.txt"; //$NON-NLS-1$
+    public static final String PREV_TEMP_INFO_PATH = DATA_DIR + "/prevTempDir.txt"; //$NON-NLS-1$
 
     /**
      * workaround para JVM não coletar objeto, nesse caso Sleuthkit perde referencia
@@ -130,6 +132,14 @@ public class IPEDSource implements IIPEDSource {
 
     boolean isReport = false;
 
+    public static boolean checkIfIsCaseFolder(File dir) {
+        File module = new File(dir, MODULE_DIR);
+        if (new File(module, INDEX_DIR).exists() && new File(module, LIB_DIR).exists() && new File(module, DATA_DIR).exists()) {
+            return true;
+        }
+        return false;
+    }
+
     public static File getTempDirInfoFile(File moduleDir) {
         return new File(moduleDir, IPEDSource.PREV_TEMP_INFO_PATH);
     }

iped-engine/src/main/java/iped/engine/task/transcript/AbstractTranscriptTask.java

@@ -4,6 +4,7 @@
 import java.io.Closeable;
 import java.io.File;
 import java.io.IOException;
+import java.net.NoRouteToHostException;
 import java.nio.file.Files;
 import java.sql.Connection;
 import java.sql.PreparedStatement;
@@ -403,10 +404,10 @@ protected void process(IItem evidence) throws Exception {
             }
 
         } catch (Exception e) {
-            if (e instanceof TooManyConnectException || e instanceof IPEDException) {
+            if (e instanceof TooManyConnectException || e instanceof IPEDException || e instanceof NoRouteToHostException) {
                 throw e;
             }
-            LOGGER.warn("Unexpected exception while transcribing: " + evidence.getPath(), e);
+            LOGGER.error("Unexpected exception while transcribing: " + evidence.getPath(), e);
         } finally {
             tmp.close();
         }

iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/android/AbstractSqliteAndroidParser.java

@@ -0,0 +1,23 @@
+package iped.parsers.android;
+
+import org.apache.tika.config.Field;
+
+import iped.parsers.sqlite.SQLite3DBParser;
+
+public abstract class AbstractSqliteAndroidParser extends SQLite3DBParser {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 1L;
+
+    private static final String SQLITE_CLASS_NAME = "org.sqlite.JDBC"; //$NON-NLS-1$
+
+    protected boolean extractEntries = true;
+
+    @Field
+    public void setExtractEntries(boolean extractEntries) {
+        this.extractEntries = extractEntries;
+    }
+
+}

iped-parsers/iped-parsers-impl/src/main/java/iped/parsers/android/Contacto.java

@@ -0,0 +1,80 @@
+package iped.parsers.android;
+
+public class Contacto {
+    private String id;
+    private String displayName;
+    private String phoneNumbers;
+    private String accounts;
+    private String emails;
+    private String notes;
+    private String deleted;
+    public Contacto(String id, String displayName, String phoneNumbers, String accounts, String emails, String notes, String deleted) {
+        this.id = id;
+        this.displayName = displayName;
+        this.phoneNumbers = phoneNumbers;
+        this.accounts = accounts;
+        this.emails = emails;
+        this.notes = notes;
+        this.deleted = deleted;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    public String getDisplayName() {
+        return displayName;
+    }
+
+    public void setDisplayName(String displayName) {
+        this. displayName = displayName;
+    }
+
+    public String getPhoneNumbers() {
+        return phoneNumbers;
+    }
+
+    public void setPhoneNumbers(String phoneNumbers) {
+        this. phoneNumbers = phoneNumbers;
+    }
+
+    public String getAccounts() {
+        return accounts;
+    }
+
+    public void setAccounts(String accounts) {
+        this. accounts = accounts;
+    }
+
+    public String getEmails() {
+        return emails;
+    }
+
+    public void setEmails(String emails) {
+        this. emails = emails;
+    }
+
+    public String getNotes() {
+        return notes;
+    }
+
+    public void setNotes(String notes) {
+        this. notes = notes;
+    }
+
+    public String getDeleted() {
+        return deleted;
+    }
+
+    public void setDeleted(String deleted) {
+        this. deleted = deleted;
+    }
+
+
+
+
+}