From ade3855156fa9e0bfc6aff36ac704fc41f42d93c Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 30 Aug 2023 15:33:57 -0400
Subject: [PATCH 1/4] remove physical drive mentions from case

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index eb279febe7..2b6eedb092 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -194,8 +194,6 @@ public class Case {
     private final SleuthkitEventListener sleuthkitEventListener;
     private CollaborationMonitor collaborationMonitor;
     private Services caseServices;
-    // matches something like '\\.\PHYSICALDRIVE0'
-    private static final String PLACEHOLDER_DS_PATH_REGEX = "^\\s*\\\\\\\\\\.\\\\PHYSICALDRIVE\\d*\\s*$";
 
     private volatile boolean hasDataSource = false;
     private volatile boolean hasData = false;
@@ -1307,13 +1305,6 @@ public class Case {
             String path = entry.getValue();
             boolean fileExists = (new File(path).exists()|| DriveUtils.driveExists(path));
             if (!fileExists) {
-                // CT-7336: ignore relocating datasources if file provider is present and placeholder path is used.
-                if (newCurrentCase.getMetadata() != null
-                        && !StringUtils.isBlank(newCurrentCase.getMetadata().getContentProviderName())
-                        && (path == null || path.matches(PLACEHOLDER_DS_PATH_REGEX))) {
-                    continue;
-                }
-                
                 try {
                     DataSource ds = newCurrentCase.getSleuthkitCase().getDataSource(obj_id);
                     String hostName = StringUtils.defaultString(ds.getHost() == null ? "" : ds.getHost().getName());

From 18c5fecf30122c45e6fc5c94a30127bba9f37200 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Tue, 12 Sep 2023 11:49:12 -0400
Subject: [PATCH 2/4] include justification in AR tab

---
 .../analysisresults/AnalysisResultsViewModel.java            | 5 ++++-
 .../contentviewers/analysisresults/Bundle.properties-MERGED  | 1 +
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java b/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java
index e556c39e7d..8a3d08ea87 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java
@@ -175,7 +175,8 @@ public class AnalysisResultsViewModel {
         "AnalysisResultsViewModel_displayAttributes_score=Score",
         "AnalysisResultsViewModel_displayAttributes_type=Type",
         "AnalysisResultsViewModel_displayAttributes_configuration=Configuration",
-        "AnalysisResultsViewModel_displayAttributes_conclusion=Conclusion"
+        "AnalysisResultsViewModel_displayAttributes_conclusion=Conclusion",
+        "AnalysisResultsViewModel_displayAttributes_justification=Justification"
     })
     private ResultDisplayAttributes getDisplayAttributes(AnalysisResult analysisResult) {
         // The type of BlackboardArtifact.Type of the analysis result.
@@ -188,6 +189,8 @@ public class AnalysisResultsViewModel {
 
         // The standard attributes to display (score, type, configuration, conclusion)
         Stream<Pair<String, String>> baseAnalysisAttrs = Stream.of(
+                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_justification(),
+                        normalizeAttr(analysisResult.getJustification())),
                 Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_score(),
                         normalizeAttr(analysisResult.getScore().getSignificance().getDisplayName())),
                 Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_type(),
diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/Bundle.properties-MERGED
index ae4d0b3b6b..fc4ba9ee8c 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/Bundle.properties-MERGED
@@ -8,5 +8,6 @@ AnalysisResultsContentViewer_title=Analysis Results
 AnalysisResultsContentViewer_tooltip=Viewer for Analysis Results related to the selected node.
 AnalysisResultsViewModel_displayAttributes_conclusion=Conclusion
 AnalysisResultsViewModel_displayAttributes_configuration=Configuration
+AnalysisResultsViewModel_displayAttributes_justification=Justification
 AnalysisResultsViewModel_displayAttributes_score=Score
 AnalysisResultsViewModel_displayAttributes_type=Type

From 96fdc77f30f51efd05b4b698958df8057c6aa22a Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Tue, 12 Sep 2023 11:54:17 -0400
Subject: [PATCH 3/4] order change

---
 .../analysisresults/AnalysisResultsViewModel.java           | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java b/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java
index 8a3d08ea87..f1a707531a 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/analysisresults/AnalysisResultsViewModel.java
@@ -189,8 +189,6 @@ public class AnalysisResultsViewModel {
 
         // The standard attributes to display (score, type, configuration, conclusion)
         Stream<Pair<String, String>> baseAnalysisAttrs = Stream.of(
-                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_justification(),
-                        normalizeAttr(analysisResult.getJustification())),
                 Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_score(),
                         normalizeAttr(analysisResult.getScore().getSignificance().getDisplayName())),
                 Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_type(),
@@ -198,7 +196,9 @@ public class AnalysisResultsViewModel {
                 Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_configuration(),
                         normalizeAttr(analysisResult.getConfiguration())),
                 Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_conclusion(),
-                        normalizeAttr(analysisResult.getConclusion()))
+                        normalizeAttr(analysisResult.getConclusion())),
+                Pair.of(Bundle.AnalysisResultsViewModel_displayAttributes_justification(),
+                        normalizeAttr(analysisResult.getJustification()))
         );
 
         // The BlackboardAttributes sorted by type display name.

From 425d45324e8029243e5dbdacb9960425c8a54ed1 Mon Sep 17 00:00:00 2001
From: Greg DiCristofaro <gregd@basistech.com>
Date: Wed, 20 Sep 2023 16:20:37 -0400
Subject: [PATCH 4/4] fail if no provider and no image paths

---
 .../casemodule/Bundle.properties-MERGED       |  3 ++
 .../sleuthkit/autopsy/casemodule/Case.java    | 38 +++++++++++++++++++
 2 files changed, 41 insertions(+)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED
index ce1fb9aa70..1f9719688f 100755
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Bundle.properties-MERGED
@@ -107,6 +107,9 @@ Case.servicesException.notificationTitle={0} Error
 Case.servicesException.serviceResourcesCloseError=Could not close case resources for {0} service: {1}
 Case_caseType_multiUser=Multi-user case
 Case_caseType_singleUser=Single-user case
+Case_checkImagePaths_exceptionOccurred=An exception occurred while checking if image paths are present
+# {0} - paths
+Case_checkImagePaths_noPaths=The following images had no associated paths: {0}
 CaseDetailsPanel.casePanel.border.title=Case
 CaseDetailsPanel.examinerLabel.text=Name:
 CaseDetailsPanel.examinerPanel.border.title=Examiner
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index 2b6eedb092..3f9c440122 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -41,6 +41,7 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.sql.Statement;
 import java.text.SimpleDateFormat;
+import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Date;
 import java.util.HashMap;
@@ -64,6 +65,7 @@ import javax.annotation.concurrent.GuardedBy;
 import javax.annotation.concurrent.ThreadSafe;
 import javax.swing.JOptionPane;
 import javax.swing.SwingUtilities;
+import org.apache.commons.lang3.ArrayUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.openide.util.Lookup;
 import org.openide.util.NbBundle;
@@ -2284,6 +2286,8 @@ public class Case {
             checkForCancellation();
             openCommunicationChannels(progressIndicator);
             checkForCancellation();
+            checkImagePaths();
+            checkForCancellation();
             openFileSystemsInBackground();
             return null;
 
@@ -2302,6 +2306,40 @@ public class Case {
             throw ex;
         }
     }
+    
+    /**
+     * Check if content provider is present, all images have paths, or throw an error.
+     * @throws CaseActionException 
+     */
+    @Messages({
+        "# {0} - paths",
+        "Case_checkImagePaths_noPaths=The following images had no associated paths: {0}",
+        "Case_checkImagePaths_exceptionOccurred=An exception occurred while checking if image paths are present"
+    })
+    private void checkImagePaths() throws CaseActionException {
+        // if there is a content provider, images don't necessarily need paths
+        if (StringUtils.isNotBlank(this.metadata.getContentProviderName())) {
+            return;
+        }
+        
+        // identify images without paths
+        try {
+            List<Image> noPathImages = new ArrayList<>();
+            List<Image> images = this.caseDb.getImages();
+            for (Image img: images) {
+                if (ArrayUtils.isEmpty(img.getPaths())) {
+                    noPathImages.add(img);
+                }
+            }
+            
+            if (!noPathImages.isEmpty()) {
+                String imageListStr = noPathImages.stream().map(Image::getName).collect(Collectors.joining(", "));
+                throw new CaseActionException(Bundle.Case_checkImagePaths_noPaths(imageListStr));
+            }
+        } catch (TskCoreException ex) {
+            throw new CaseActionException(Bundle.Case_checkImagePaths_exceptionOccurred(), ex);
+        }
+    }
 
     /**
      * Starts a background task that reads a sector from each file system of