From 6327c22947da5d765eb5fa0b90ff6b51f48ba0f8 Mon Sep 17 00:00:00 2001
From: Hauck <joaoh14@gmail.com>
Date: Fri, 23 Jun 2023 14:52:57 -0300
Subject: [PATCH] #1728 Extract user SID, username and Full name

---
 .../java/iped/properties/ExtraProperties.java     |  6 ++++++
 .../iped/engine/datasource/SleuthkitReader.java   | 15 +++++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/iped-api/src/main/java/iped/properties/ExtraProperties.java b/iped-api/src/main/java/iped/properties/ExtraProperties.java
index 4a2ea7c1ef..ace487f1f6 100644
--- a/iped-api/src/main/java/iped/properties/ExtraProperties.java
+++ b/iped-api/src/main/java/iped/properties/ExtraProperties.java
@@ -147,6 +147,12 @@ public class ExtraProperties {
 
     public static final String FACE_ENCODINGS = "face_encodings";
 
+    public static final String OWNER_SID = "ownerSID";
+
+    public static final String OWNER_LOGIN = "ownerLogin";
+
+    public static final String OWNER_FULL_NAME = "ownerFullName";
+
     public static final List<String> COMMUNICATION_BASIC_PROPS = Arrays.asList(MESSAGE_SUBJECT, COMMUNICATION_DATE.getName(),
             MESSAGE_BODY, COMMUNICATION_FROM, COMMUNICATION_TO, Message.MESSAGE_CC, Message.MESSAGE_BCC,
             Message.MESSAGE_RECIPIENT_ADDRESS, MESSAGE_IS_ATTACHMENT, MESSAGE_ATTACHMENT_COUNT.getName());
diff --git a/iped-engine/src/main/java/iped/engine/datasource/SleuthkitReader.java b/iped-engine/src/main/java/iped/engine/datasource/SleuthkitReader.java
index b559db60b4..86e3d98640 100644
--- a/iped-engine/src/main/java/iped/engine/datasource/SleuthkitReader.java
+++ b/iped-engine/src/main/java/iped/engine/datasource/SleuthkitReader.java
@@ -88,6 +88,7 @@
 import iped.engine.util.Util;
 import iped.exception.IPEDException;
 import iped.properties.BasicProps;
+import iped.properties.ExtraProperties;
 import iped.properties.MediaTypes;
 import iped.utils.IOUtil;
 import iped.utils.UTF8Properties;
@@ -928,6 +929,20 @@ private IItem addItem(AbstractFile absFile, Item evidence, boolean unalloc) thro
             evidence.setLength(absFile.getSize());
         }
 
+        if (absFile.getOwnerUid().isPresent()) {
+            evidence.setExtraAttribute(ExtraProperties.OWNER_SID, absFile.getOwnerUid().get());
+        }
+        if (absFile.getOsAccountObjectId().isPresent()) {
+            OsAccount user = sleuthCase.getOsAccountManager()
+                    .getOsAccountByObjectId(absFile.getOsAccountObjectId().get());
+            if (user != null) {
+                if (user.getLoginName().isPresent())
+                    evidence.setExtraAttribute(ExtraProperties.OWNER_LOGIN, user.getLoginName().get());
+                if (user.getFullName().isPresent())
+                    evidence.setExtraAttribute(ExtraProperties.OWNER_FULL_NAME, user.getFullName().get());
+            }
+        }
+
         if (listOnly || fastmode || embeddedDisk) {
             itemCount++;
             caseData.incDiscoveredEvidences(1);