From 199c347a79abb4407b0e70d6b42aad1c74c969b4 Mon Sep 17 00:00:00 2001 From: Jeff Wallace Date: Fri, 13 Dec 2013 13:28:17 -0500 Subject: [PATCH] Updated attributes associated with encryption artifact. --- Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java | 6 +++++- .../sleuthkit/autopsy/sevenzip/SevenZipIngestModule.java | 6 +----- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java b/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java index 11be1cf4c3..7a71d8a0af 100644 --- a/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java +++ b/Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java @@ -998,7 +998,7 @@ public class ReportGenerator { columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Program Name", "Text", "Source File"})); break; case TSK_ENCRYPTION_DETECTED: - columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Program Name", "Entropy", "Source File"})); + columnHeaders = new ArrayList<>(Arrays.asList(new String[] {"Name", "Source File"})); break; default: return null; @@ -1324,6 +1324,10 @@ public class ReportGenerator { orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_TEXT.getTypeID())); orderedRowData.add(getFileUniquePath(getObjectID())); break; + case TSK_ENCRYPTION_DETECTED: + orderedRowData.add(mappedAttributes.get(ATTRIBUTE_TYPE.TSK_NAME.getTypeID())); + orderedRowData.add(getFileUniquePath(getObjectID())); + break; } orderedRowData.add(makeCommaSeparatedList(getTags())); diff --git a/SevenZip/src/org/sleuthkit/autopsy/sevenzip/SevenZipIngestModule.java b/SevenZip/src/org/sleuthkit/autopsy/sevenzip/SevenZipIngestModule.java index a88eb51489..56c23fcf71 100644 --- a/SevenZip/src/org/sleuthkit/autopsy/sevenzip/SevenZipIngestModule.java +++ b/SevenZip/src/org/sleuthkit/autopsy/sevenzip/SevenZipIngestModule.java @@ -555,11 +555,7 @@ public final class SevenZipIngestModule extends IngestModuleAbstractFile { String encryptionType = fullEncryption ? ENCRYPTION_FULL : ENCRYPTION_FILE_LEVEL; try { BlackboardArtifact artifact = archiveFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED); - artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ENCRYPTION_DETECTED.getTypeID(), - MODULE_NAME, encryptionType)); - //artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), MODULE_NAME, ...); - //artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_ENTROPY.getTypeID(), MODULE_NAME, ...); - //@@@ We don't fire here because GEN_INFO isn't displayed in the tree.... Need to address how these should be displayed + artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), MODULE_NAME, encryptionType)); services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED)); } catch (TskCoreException ex) { logger.log(Level.SEVERE, "Error creating blackboard artifact for encryption detected for file: " + archiveFile, ex);