#1728 Extract user SID, username and Full name

sepinf-inc · Jun 23, 2023 · 6327c22 · 6327c22
1 parent 4245aae
commit 6327c22
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/iped-api/src/main/java/iped/properties/ExtraProperties.java b/iped-api/src/main/java/iped/properties/ExtraProperties.java
@@ -147,6 +147,12 @@ public class ExtraProperties {
 
     public static final String FACE_ENCODINGS = "face_encodings";
 
+    public static final String OWNER_SID = "ownerSID";
+
+    public static final String OWNER_LOGIN = "ownerLogin";
+
+    public static final String OWNER_FULL_NAME = "ownerFullName";
+
     public static final List<String> COMMUNICATION_BASIC_PROPS = Arrays.asList(MESSAGE_SUBJECT, COMMUNICATION_DATE.getName(),
             MESSAGE_BODY, COMMUNICATION_FROM, COMMUNICATION_TO, Message.MESSAGE_CC, Message.MESSAGE_BCC,
             Message.MESSAGE_RECIPIENT_ADDRESS, MESSAGE_IS_ATTACHMENT, MESSAGE_ATTACHMENT_COUNT.getName());

diff --git a/iped-engine/src/main/java/iped/engine/datasource/SleuthkitReader.java b/iped-engine/src/main/java/iped/engine/datasource/SleuthkitReader.java
@@ -88,6 +88,7 @@
 import iped.engine.util.Util;
 import iped.exception.IPEDException;
 import iped.properties.BasicProps;
+import iped.properties.ExtraProperties;
 import iped.properties.MediaTypes;
 import iped.utils.IOUtil;
 import iped.utils.UTF8Properties;
@@ -928,6 +929,20 @@ private IItem addItem(AbstractFile absFile, Item evidence, boolean unalloc) thro
             evidence.setLength(absFile.getSize());
         }
 
+        if (absFile.getOwnerUid().isPresent()) {
+            evidence.setExtraAttribute(ExtraProperties.OWNER_SID, absFile.getOwnerUid().get());
+        }
+        if (absFile.getOsAccountObjectId().isPresent()) {
+            OsAccount user = sleuthCase.getOsAccountManager()
+                    .getOsAccountByObjectId(absFile.getOsAccountObjectId().get());
+            if (user != null) {
+                if (user.getLoginName().isPresent())
+                    evidence.setExtraAttribute(ExtraProperties.OWNER_LOGIN, user.getLoginName().get());
+                if (user.getFullName().isPresent())
+                    evidence.setExtraAttribute(ExtraProperties.OWNER_FULL_NAME, user.getFullName().get());
+            }
+        }
+
         if (listOnly || fastmode || embeddedDisk) {
             itemCount++;
             caseData.incDiscoveredEvidences(1);