diff --git a/API-CHANGES.txt b/API-CHANGES.txt
index 1c268170a4..05ec33a1d8 100644
--- a/API-CHANGES.txt
+++ b/API-CHANGES.txt
@@ -1,9 +1,5 @@
Changes to make to API when we are ready to make backward incompatible changes:
- HTMLReport has special API for more context on columns and special handling in REportGenerator. Change all reports to the new API.
-- DataContentViewer.isPreferred does not need isSupported to be passed in
-- DataContentViewerHex and Strings can have the public setDataView methods removed in favor of the new private ones
- Content.getUniquePath() should not thrown TskException. We should deal with it in the method.
- Make the list of events that Case fires off to be part of an enum to group them together (like IngestManager does).
-- Sub-modules in RecentActivity have a bunch of public/protected variables that do not need to be. (i.e. ExtractRegistry.rrFullFound).
-- Delete BrowserType enum and BrowserActivityType in RecentActivity.
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/AddImageTask.java b/Core/src/org/sleuthkit/autopsy/casemodule/AddImageTask.java
index 23025a82c3..9171154ab4 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/AddImageTask.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/AddImageTask.java
@@ -234,9 +234,6 @@ public class AddImageTask implements Runnable {
if (!(cancelled || hasCritError)) {
try {
- // Tell the progress monitor we're done
- progressMonitor.setProgress(100);
-
if (newContents.isEmpty()) {
if (addImageProcess != null) { // and if we're done configuring ingest
// commit anything
@@ -255,6 +252,8 @@ public class AddImageTask implements Runnable {
else { //already commited?
logger.log(Level.INFO, "Assuming image already committed, will not commit.");
}
+ // Tell the progress monitor we're done
+ progressMonitor.setProgress(100);
} catch (Exception ex) {
//handle unchecked exceptions post image add
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/docs/aboutImage.html b/Core/src/org/sleuthkit/autopsy/casemodule/docs/aboutImage.html
index 72ed8113a0..35163d0f11 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/docs/aboutImage.html
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/docs/aboutImage.html
@@ -1,51 +1,51 @@
-
-
-
- Data Source Basics
-
-
-
-
-
About Data Sources
-
-
- Autopsy supports 3 types of data sources that can be added to the Case:
-
-
Disk Image (raw, Encase, etc).
- "Image" refers to a byte-for-byte copy of a hard drive or other storage media.
-
-
Disk Device (physical or logical disk partition, plugged in the user machine and detected by Autopsy).
- Note: to correctly detect all devices, Autopsy needs to run as Administrator.
-
-
Logical Files (files and folders on the user machine file system)
-
-
-
- User needs to select the data source type from the pull down menu in the Add Data Source wizard.
-
- Autopsy populates an embedded database for each data source (image, disk device, logical files) that it imports.
- This database is a SQLite database and it contains all of the file system metadata from the input data source.
- The database is stored in the case directory, but the data source will stay in its original location.
- The data source must remain accessible for the duration of the analysis because the database contains only basic file system information (meta-data, not the actual content).
- The image / files are needed to retrieve file content.
-
-
-
Supported Image Formats
-
Currently, Autopsy supports these image formats:
-
-
Raw Single (For example: *.img, *.dd, *.raw, etc)
-
Raw Split (For example: *.001, *.002, *.aa, *.ab, etc)
-
EnCase (For example: *.e01, *e02, etc)
-
-
-
Removing a Data Source
-
You cannot currently remove an data source from a case.
-
-
-
+
+
+
+ Data Source Basics
+
+
+
+
+
About Data Sources
+
+
+ Autopsy supports 3 types of data sources that can be added to the Case:
+
+
Disk Image (raw, Encase, etc).
+ "Image" refers to a byte-for-byte copy of a hard drive or other storage media.
+
+
Disk Device (physical or logical disk partition, plugged in the user machine and detected by Autopsy).
+ Note: to correctly detect all devices, Autopsy needs to run as Administrator.
+
+
Logical Files (files and folders on the user machine file system)
+
+
+
+ User needs to select the data source type from the pull down menu in the Add Data Source wizard.
+
+ Autopsy populates an embedded database for each data source (image, disk device, logical files) that it imports.
+ This database is a SQLite database and it contains all of the file system metadata from the input data source.
+ The database is stored in the case directory, but the data source will stay in its original location.
+ The data source must remain accessible for the duration of the analysis because the database contains only basic file system information (meta-data, not the actual content).
+ The image / files are needed to retrieve file content.
+
+
+
Supported Image Formats
+
Currently, Autopsy supports these image formats:
+
+
Raw Single (For example: *.img, *.dd, *.raw, etc)
+
Raw Split (For example: *.001, *.002, *.aa, *.ab, etc)
+
EnCase (For example: *.e01, *e02, etc)
+
+
+
Removing a Data Source
+
You cannot currently remove an data source from a case.
There are two ways to add an data source to the currently opened case:
-
-
Go to "File" and select "Add Data Source..."
-
Select the icon on the toolbar
-
-
This will bring up the Add Data Source wizard. It will guide you through the process.
-
Here are some notes on what is going on during the process:
-
-
- The first panel will ask you to select the data source type and
- browse for the data source (image or files located on the computer, or select the device detected).
-
- In case of adding a disk image, you will also need to specify the timezone that the disk image came from
- so that the dates and times can be properly displayed and converted.
- As soon as you click 'Next >', Autopsy will begin analyzing the disk image and populating the database in the background.
-
-
-
-
- The second panel allows you to choose which ingest modules to run on the image.
- Refer to the Image Ingest part of the help guide for more details.
-
-
-
-
- The third panel provides a progress bar and information about the data source Autopsy is currently processing.
- If small enough, the input may have already finished processing, allowing you to continue past this panel.
- However, it may be necessary to wait for a short time while the database is populated.
-
-
-
-
- Once the input data source finishes adding, the ingest modules you selected will automatically run in the background.
- If the data source is processed before you select ingest modules, Autopsy will wait until you have done so.
-
-
-
-
- Note that in case of image, Autopsy will store the path to the image in its configuration file.
- If the image moves, then Autopsy will give an error because it can't find the image file and it will prompt user to point to the new image location.
-
There are two ways to add an data source to the currently opened case:
+
+
Go to "File" and select "Add Data Source..."
+
Select the icon on the toolbar
+
+
This will bring up the Add Data Source wizard. It will guide you through the process.
+
Here are some notes on what is going on during the process:
+
+
+ The first panel will ask you to select the data source type and
+ browse for the data source (image or files located on the computer, or select the device detected).
+
+ In case of adding a disk image, you will also need to specify the timezone that the disk image came from
+ so that the dates and times can be properly displayed and converted.
+ As soon as you click 'Next >', Autopsy will begin analyzing the disk image and populating the database in the background.
+
+
+
+
+ The second panel allows you to choose which ingest modules to run on the image.
+ Refer to the Image Ingest part of the help guide for more details.
+
+
+
+
+ The third panel provides a progress bar and information about the data source Autopsy is currently processing.
+ If small enough, the input may have already finished processing, allowing you to continue past this panel.
+ However, it may be necessary to wait for a short time while the database is populated.
+
+
+
+
+ Once the input data source finishes adding, the ingest modules you selected will automatically run in the background.
+ If the data source is processed before you select ingest modules, Autopsy will wait until you have done so.
+
+
+
+
+ Note that in case of image, Autopsy will store the path to the image in its configuration file.
+ If the image moves, then Autopsy will give an error because it can't find the image file and it will prompt user to point to the new image location.
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/docs/caseProperties.html b/Core/src/org/sleuthkit/autopsy/casemodule/docs/caseProperties.html
index a7ddaf20f2..f68eecfa03 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/docs/caseProperties.html
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/docs/caseProperties.html
@@ -1,28 +1,28 @@
-
-
-
- Case Properties Window
-
-
-
-
-
Case Properties Window
-
- Case Properties Window is where you can check some information about the currently opened case
- (case name, case creation date, case directory, and images in this case).
-
-
-
In this window, you can also do the following things:
-
-
Change/update the case name
-
Delete the current case
-
-
-
How to Open Case Properties Window
-
To open the "Case Properties" window, go to "File" and then select "Case Properties..."
-
-
Example
-
Here's an example of the "Case Properties" window:
-
-
+
+
+
+ Case Properties Window
+
+
+
+
+
Case Properties Window
+
+ Case Properties Window is where you can check some information about the currently opened case
+ (case name, case creation date, case directory, and images in this case).
+
+
+
In this window, you can also do the following things:
+
+
Change/update the case name
+
Delete the current case
+
+
+
How to Open Case Properties Window
+
To open the "Case Properties" window, go to "File" and then select "Case Properties..."
+
+
Example
+
Here's an example of the "Case Properties" window:
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/docs/casemodule-about.html b/Core/src/org/sleuthkit/autopsy/casemodule/docs/casemodule-about.html
index df21b69f50..0e7a28d65d 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/docs/casemodule-about.html
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/docs/casemodule-about.html
@@ -1,33 +1,33 @@
-
-
-
- About Cases
-
-
-
-
-
About Cases
-
- In Autopsy, a "case" is a container concept for a set of input data sources (disk images, disk devices, logical files).
- The set of data could be from multiple drives in a single computer or from multiple computers.
- When you make a case, it will create a directory to hold all of the information.
- The directory will contain the main Autopsy configuration file, other module's configuration files,
- some databases, generated reports, and some other information (temporary files, cache files).
- The main Autopsy case configuration file as a .aut extension - that is the file used to "Open" the case.
- In general, it is recommended for the user not to modify any files in the Case directory and leave it to Autopsy manage it.
-
-
- If you want to view case details or edit some case information,
- use the Case Properties window.
-
- To open a case, choose "Open Case" from the File menu or use the "Ctrl + O" keyboard shortcut.
- Navigate to the case directory and select the ".aut" file.
-
-
-
+
+
+
+ About Cases
+
+
+
+
+
About Cases
+
+ In Autopsy, a "case" is a container concept for a set of input data sources (disk images, disk devices, logical files).
+ The set of data could be from multiple drives in a single computer or from multiple computers.
+ When you make a case, it will create a directory to hold all of the information.
+ The directory will contain the main Autopsy configuration file, other module's configuration files,
+ some databases, generated reports, and some other information (temporary files, cache files).
+ The main Autopsy case configuration file as a .aut extension - that is the file used to "Open" the case.
+ In general, it is recommended for the user not to modify any files in the Case directory and leave it to Autopsy manage it.
+
+
+ If you want to view case details or edit some case information,
+ use the Case Properties window.
+
+ To open a case, choose "Open Case" from the File menu or use the "Ctrl + O" keyboard shortcut.
+ Navigate to the case directory and select the ".aut" file.
+
+
+
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/docs/createNewCase.html b/Core/src/org/sleuthkit/autopsy/casemodule/docs/createNewCase.html
index a938a3ee34..978a7ba632 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/docs/createNewCase.html
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/docs/createNewCase.html
@@ -1,25 +1,25 @@
-
-
-
- Creating A Case
-
-
-
-
-
Creating a Case
-
There are several ways to create a new case:
-
-
Go to "File" and select "New Case..."
-
Press "Ctrl + N" on the keyboard
-
-
- The "New Case" wizard dialog will open and you will need to enter the case name and base directory.
- Each case will have its own directory and the path of the directory is created by combining the "base directory" with the "case name".
- If the directory already exists, you will need to either delete the existing directory or choose a different combination of names.
-
-
-
Example:
-
Here's an example of the "New Case" wizard dialog:
-
-
+
+
+
+ Creating A Case
+
+
+
+
+
Creating a Case
+
There are several ways to create a new case:
+
+
Go to "File" and select "New Case..."
+
Press "Ctrl + N" on the keyboard
+
+
+ The "New Case" wizard dialog will open and you will need to enter the case name and base directory.
+ Each case will have its own directory and the path of the directory is created by combining the "base directory" with the "case name".
+ If the directory already exists, you will need to either delete the existing directory or choose a different combination of names.
+
+
+
Example:
+
Here's an example of the "New Case" wizard dialog:
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html b/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html
index e825d1642f..72a89dd6fc 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html
@@ -1,75 +1,75 @@
-
-
-
- Hash Database Management
-
-
-
-
-
Hash Database Management Window
-
- The Hash Database Management window is where you can set and update your hash database information.
- Hash databases are used to identify files that are 'known'.
-
-
-
- Known good files are those that can be safely ignored.
- This set of files frequently includes standard OS and application files.
- Ignoring such uninteresting to the investigator files, can greatly reduce image analysis time.
-
-
- Known bad (also called notable) files are those that should raise awareness.
- This set will vary depending on the type of investigation, but common examples include contraband images and malware.
-
-
-
-
Notable / Known Bad Hashsets
-
Autopsy allows for multiple known bad hash databases to be set. Autopsy supports three formats:
-
-
EnCase: An EnCase hashset file.
-
MD5sum: Output from running the md5, md5sum, or md5deep program on a set of files.
-
NSRL: The format of the NSRL database.
-
HashKeeper: Hashset file conforming to the HashKeeper standard.
-
-
-
NIST NSRL
-
- Autopsy can use the NIST NSRL to detect 'known files'.
- Note that the NSRL contains hashes of 'known files' that may be good or bad depending on your perspective and investigation type.
- For example, the existence of a piece of financial software may be interesting to your investigation and that software could be in the NSRL.
- Therefore, Autopsy treats files that are found in the NSRL as simply 'known' and does not specify good or bad.
- Ingest modules have the option of ignoring files that were found in the NSRL.
-
-
- To use the NSRL, you must concatenate all of the NSRLFile.txt files together.
- You can use 'cat' on a Unix system or from within Cygwin to do this.
-
-
-
Adding Hashsets
-
- Autopsy needs an index of the hashset to actualy use a hash database.
- It can create the index if you import only the hashset.
- When you select the database from within this window, it will tell you if the index needs to be created.
- Autopsy uses the hash database management system from The Sleuth Kit. You can manually create an index using the 'hfind' command line tool or you can use Autopsy.
- If you attempt proceed without indexing a database, Autopsy will offer to automatically produce an index for you.
-
-
- You can also specify only the index file and not use the full hashset - the index file is sufficient to identify known files.
- This can save space. To do this, specify the .idx file from the Hash Database Management window.
-
-
-
Using Hashsets
-
- There is an ingest module that will hash the files and look them up in the hashsets.
- It will flag files that were in the notable hashset and those results will be shown in the Results tree of the Data Explorer.
-
-
Other ingest modules are able to use the known status of a file to decide if they should ignore the file or process it.
-
- You can also see the results in the File Search window.
- There is an option to choose the 'known status'. From here, you can do a search to see all 'known bad' files.
- From here, you can also choose to ignore all 'known' files that were found in the NSRL.
- You can also see the status of the file in a column when the file is listed.
-
-
-
-
+
+
+
+ Hash Database Management
+
+
+
+
+
Hash Database Management Window
+
+ The Hash Database Management window is where you can set and update your hash database information.
+ Hash databases are used to identify files that are 'known'.
+
+
+
+ Known good files are those that can be safely ignored.
+ This set of files frequently includes standard OS and application files.
+ Ignoring such uninteresting to the investigator files, can greatly reduce image analysis time.
+
+
+ Known bad (also called notable) files are those that should raise awareness.
+ This set will vary depending on the type of investigation, but common examples include contraband images and malware.
+
+
+
+
Notable / Known Bad Hashsets
+
Autopsy allows for multiple known bad hash databases to be set. Autopsy supports three formats:
+
+
EnCase: An EnCase hashset file.
+
MD5sum: Output from running the md5, md5sum, or md5deep program on a set of files.
+
NSRL: The format of the NSRL database.
+
HashKeeper: Hashset file conforming to the HashKeeper standard.
+
+
+
NIST NSRL
+
+ Autopsy can use the NIST NSRL to detect 'known files'.
+ Note that the NSRL contains hashes of 'known files' that may be good or bad depending on your perspective and investigation type.
+ For example, the existence of a piece of financial software may be interesting to your investigation and that software could be in the NSRL.
+ Therefore, Autopsy treats files that are found in the NSRL as simply 'known' and does not specify good or bad.
+ Ingest modules have the option of ignoring files that were found in the NSRL.
+
+
+ To use the NSRL, you must concatenate all of the NSRLFile.txt files together.
+ You can use 'cat' on a Unix system or from within Cygwin to do this.
+
+
+
Adding Hashsets
+
+ Autopsy needs an index of the hashset to actualy use a hash database.
+ It can create the index if you import only the hashset.
+ When you select the database from within this window, it will tell you if the index needs to be created.
+ Autopsy uses the hash database management system from The Sleuth Kit. You can manually create an index using the 'hfind' command line tool or you can use Autopsy.
+ If you attempt proceed without indexing a database, Autopsy will offer to automatically produce an index for you.
+
+
+ You can also specify only the index file and not use the full hashset - the index file is sufficient to identify known files.
+ This can save space. To do this, specify the .idx file from the Hash Database Management window.
+
+
+
Using Hashsets
+
+ There is an ingest module that will hash the files and look them up in the hashsets.
+ It will flag files that were in the notable hashset and those results will be shown in the Results tree of the Data Explorer.
+
+
Other ingest modules are able to use the known status of a file to decide if they should ignore the file or process it.
+
+ You can also see the results in the File Search window.
+ There is an option to choose the 'known status'. From here, you can do a search to see all 'known bad' files.
+ From here, you can also choose to ignore all 'known' files that were found in the NSRL.
+ You can also see the status of the file in a column when the file is listed.
+
- Autopsy allows you to conduct a digital forensic investigation.
- It is a graphical interface to The Sleuth Kit and other tools.
- This page outlines the basic concepts of the program.
- The remainder of the help guide is organized around these concepts.
-
-
- The main Autopsy features include: importing a Data Source (image, disk, files) and exploring its file systems,
- running analysis modules (ingest), viewing ingest results, viewing content and generating reports.
-
-
- Autopsy is an extensible application; it provides a plug-in framework that allows other other parties to supply plug-ins and supply additional:
- image and file ingest for new types of analysis, different content viewers and different types of reports to be supported.
- There are plug-ins for for several ingest modules, viewers and reports that are bundled by default with Autopsy.
-
-
- All data is organized around the concept of a case.
- A case can have one or more data sources loaded into it.
-
-
The main window has three major areas:
-
-
- Data Explorer Tree:
- This area is where you go find major analysis functionality.
- It allows you to start finding the relevant files quickly.
-
-
- Result Viewers:
- This area is where the files and directories that were found from the explorer window can be viewed.
- There are different formatting options for the files.
-
-
- Content Viewers:
- This area is where file content can be viewed after they are selected from the Result Viewer area.
-
-
-
- The main take away from this should be that analysis techniques and result categories can be found on the left-hand side,
- the results from choosing something on the left are always listed in the upper right,
- and the file contents are displayed in the lower left.
-
-
-
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
index 96f3f92497..cd0895e0a2 100755
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
@@ -185,7 +185,7 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
+ public int isPreferred(Node node) {
return 1;
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java
index 6b5736b8a9..7126f0e912 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java
@@ -83,16 +83,15 @@ public interface DataContentViewer {
* Checks whether the given viewer is preferred for the Node.
* This is a bit subjective, but the idea is that Autopsy wants to display
* the most relevant tab. The more generic the viewer, the lower
- * the return value should be.
+ * the return value should be. This will only be called on viewers that
+ * support the given node.
*
* @param node Node to check for preference
- * @param isSupported true if the viewer is supported by the node, false otherwise
- * as determined by a previous check
* @return an int (0-10) higher return means the viewer has higher priority
* 0 means not supported
* 1 to 2 means the module will display all file types (such as the hex viewer)
* 3-10 are prioritized by Content viewer developer. Modules that operate on very
* few file types should be towards 10.
*/
- public int isPreferred(Node node, boolean isSupported);
+ public int isPreferred(Node node);
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
index 4967d98fb5..7ebd947691 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
@@ -181,7 +181,7 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
jTabbedPane1.setEnabledAt(i, true);
// remember the viewer with the highest preference value
- int currentPreferred = dcv.isPreferred(selectedNode, true);
+ int currentPreferred = dcv.isPreferred(selectedNode);
if (currentPreferred > maxPreferred) {
preferredViewerIndex = i;
maxPreferred = currentPreferred;
@@ -258,8 +258,8 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
return this.wrapped.isSupported(node);
}
- int isPreferred(Node node, boolean isSupported) {
- return this.wrapped.isPreferred(node, isSupported);
+ int isPreferred(Node node) {
+ return this.wrapped.isPreferred(node);
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index 945d1018e7..f979f74688 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -330,18 +330,13 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
+ public int isPreferred(Node node) {
BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class);
- if(isSupported) {
- if(artifact == null) {
- return 3;
- }
- else {
- return 5;
- }
+ if(artifact == null) {
+ return 3;
}
else {
- return 0;
+ return 5;
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java
index f1c4c4016d..0e28a337f8 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java
@@ -434,12 +434,8 @@ public class DataContentViewerHex extends javax.swing.JPanel implements DataCont
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (isSupported) {
- return 1;
- } else {
- return 0;
- }
+ public int isPreferred(Node node) {
+ return 1;
}
@Override
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
index 3d587601a8..7bd6c0d1cd 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
@@ -226,25 +226,22 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (isSupported) {
- //special case, check if deleted video, then do not make it preferred
- AbstractFile file = node.getLookup().lookup(AbstractFile.class);
- if (file == null) {
- return 0;
- }
- String name = file.getName().toLowerCase();
- boolean deleted = file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC);
-
- if (containsExt(name, videoExtensions) && deleted) {
- return 0;
- }
- else {
- return 7;
- }
- } else {
+ public int isPreferred(Node node) {
+ //special case, check if deleted video, then do not make it preferred
+ AbstractFile file = node.getLookup().lookup(AbstractFile.class);
+ if (file == null) {
return 0;
}
+ String name = file.getName().toLowerCase();
+ boolean deleted = file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC);
+
+ if (containsExt(name, videoExtensions) && deleted) {
+ return 0;
+ }
+ else {
+ return 7;
+ }
+
}
private static boolean containsExt(String name, String[] exts) {
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java
index ed87edd1df..5223f61920 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java
@@ -322,14 +322,6 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
private javax.swing.JLabel totalPageLabel;
// End of variables declaration//GEN-END:variables
- @Deprecated
- public void setDataView(Content dataSource, long offset, boolean reset) {
- if (reset) {
- resetComponent();
- return;
- }
- setDataView(dataSource, offset);
- }
/**
* Sets the DataView (The tabbed panel)
@@ -399,6 +391,30 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
this.setCursor(null);
}
+
+ private void setDataView(StringContent dataSource) {
+ this.setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
+ try {
+ this.dataSource = null;
+
+ // set the data on the bottom and show it
+ String text = dataSource.getString();
+
+ nextPageButton.setEnabled(false);
+
+ prevPageButton.setEnabled(false);
+ currentPage = 1;
+
+ int totalPage = 1;
+ totalPageLabel.setText(Integer.toString(totalPage));
+ currentPageLabel.setText(Integer.toString(currentPage));
+ outputViewPane.setText(text); // set the output view
+ setComponentsVisibility(true); // shows the components that not needed
+ outputViewPane.moveCaretPosition(0);
+ } finally {
+ this.setCursor(null);
+ }
+ }
/**
* To set the visibility of specific components in this class.
@@ -484,12 +500,8 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (node != null && isSupported) {
- return 1;
- } else {
- return 0;
- }
+ public int isPreferred(Node node) {
+ return 1;
}
@Override
@@ -497,29 +509,6 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
return this;
}
- private void setDataView(StringContent dataSource) {
- this.setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
- try {
- this.dataSource = null;
-
- // set the data on the bottom and show it
- String text = dataSource.getString();
-
- nextPageButton.setEnabled(false);
-
- prevPageButton.setEnabled(false);
- currentPage = 1;
-
- int totalPage = 1;
- totalPageLabel.setText(Integer.toString(totalPage));
- currentPageLabel.setText(Integer.toString(currentPage));
- outputViewPane.setText(text); // set the output view
- setComponentsVisibility(true); // shows the components that not needed
- outputViewPane.moveCaretPosition(0);
- } finally {
- this.setCursor(null);
- }
- }
/* Show the right click menu only if evt is the correct mouse event */
private void maybeShowPopup(java.awt.event.MouseEvent evt) {
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
index f204c293c3..083d26328b 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
@@ -1,31 +1,31 @@
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/datacontent-about.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/datacontent-about.html
index bd60326779..80f68df064 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/datacontent-about.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/datacontent-about.html
@@ -1,50 +1,50 @@
-
-
-
- About Content Viewers
-
-
-
-
-
Content Viewers
-
- The Content Viewer area is in the lower right area of the interface.
- This area is used to view a specific file in a variety of formats.
- There are different tabs for different viewers.
- Not all tabs support all file types, so only some of them will be enabled.
- To display data in this area, a file must be selected from the
- Result Viewer window.
-
-
-
- The Content Viewer area is part of a plug-in framework.
- You can install modules that will add more viewer types.
- This section describes the viewers that come by default with Autopsy.
-
-
-
Here's an example of a "Content Viewer" window:
-
-
-
Default Viewers
-
Currently, there are 5 main tabs on "Content Viewer" window:
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataexplorer-about.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataexplorer-about.html
index 5b573e738c..57c48fe62f 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataexplorer-about.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataexplorer-about.html
@@ -1,47 +1,47 @@
-
-
-
- Data Explorers
-
-
-
-
-
About the Data Explorer
-
- The Data Explorer view in Autopsy is the directory tree
- node structure seen on the left hand side.
-
-
-
The data explorer contains the following data:
-
-
Image file-system with its directory structure that can be navigated,
-
Saved results of image and file analysis, such as results produced by the ingest process,
-
Built-in views and filters on the file-system and saved results.
-
-
-
The data explorer provides different methods for finding relevant data, such as:
-
-
All files of a specific type
-
Different extracted content types (web bookmarks, web history, installed programs, devices, etc.)
-
Hash database hits
-
Keyword hits
-
File bookmarks
-
-
- The Data Explorer will publish all relevant data to the Result Viewer
- when specific nodes are clicked. In general, if you are looking for an 'analysis technique', then this is where you should look.
-
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataresult-about.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataresult-about.html
index bf2f5156ca..59d400e9a4 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataresult-about.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/dataresult-about.html
@@ -1,45 +1,45 @@
-
-
-
- Result Viewers
-
-
-
-
-
Result Viewers
-
- The Result Viewer windows are in the upper right area of the interface and display the results from selecting something in the
- Data Explorer Tree area.
- You will have the option to display the results in a variety of formats.
-
-
-
Currently, there are 2 main tabs in the Result Viewer window:
- Viewers in Result Viewers have certain right-click functions built-in into them that can be accessed when a node a certain type is selected (a file, directory or a result).
-
-
-
Here are some examples that you may see:
-
-
Open File in External Viewer:
- Opens the selected file in an "external" application as defined by the local OS.
- For example, HTML files may be opened by IE or Firefox, depending on what the local system is configured to use.
-
View in New Window:
- Opens the content in a new internal Content Viewer (instead of in the default location in the lower right).
-
Extract:
- Make a local copy of the file or directory for further analysis.
-
Search for files with the same MD5 Hash:
- Searches the entire file-system for any files with the same MD5 Hash as the one selected.
-
-
-
Example
-
Below is an example of a "Result Viewer" window:
-
-
-
-
+
+
+
+ Result Viewers
+
+
+
+
+
Result Viewers
+
+ The Result Viewer windows are in the upper right area of the interface and display the results from selecting something in the
+ Data Explorer Tree area.
+ You will have the option to display the results in a variety of formats.
+
+
+
Currently, there are 2 main tabs in the Result Viewer window:
+ Viewers in Result Viewers have certain right-click functions built-in into them that can be accessed when a node a certain type is selected (a file, directory or a result).
+
+
+
Here are some examples that you may see:
+
+
Open File in External Viewer:
+ Opens the selected file in an "external" application as defined by the local OS.
+ For example, HTML files may be opened by IE or Firefox, depending on what the local system is configured to use.
+
View in New Window:
+ Opens the content in a new internal Content Viewer (instead of in the default location in the lower right).
+
Extract:
+ Make a local copy of the file or directory for further analysis.
+
Search for files with the same MD5 Hash:
+ Searches the entire file-system for any files with the same MD5 Hash as the one selected.
- Hex Content Viewer shows you the raw and exact contents of a file.
- In this Hex Content Viewer, the data of the file is represented as hexadecimal values grouped in 2 groups of 8 bytes,
- followed by one group of 16 ASCII characters which are derived from each pair of hex values (each byte).
- Non-printable ASCII characters and characters that would take more than one character space are typically represented by a dot (".") in the following ASCII field.
-
-
-
Example
-
Below is an example of "Hex Content Viewer" window:
-
-
+
+
+
+ Hex Content Viewer
+
+
+
+
+
Hex Content Viewer
+
+ Hex Content Viewer shows you the raw and exact contents of a file.
+ In this Hex Content Viewer, the data of the file is represented as hexadecimal values grouped in 2 groups of 8 bytes,
+ followed by one group of 16 ASCII characters which are derived from each pair of hex values (each byte).
+ Non-printable ASCII characters and characters that would take more than one character space are typically represented by a dot (".") in the following ASCII field.
+
+
+
Example
+
Below is an example of "Hex Content Viewer" window:
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/picture-content-viewer.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/picture-content-viewer.html
index c2da0a187c..f6a9ba28c5 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/picture-content-viewer.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/picture-content-viewer.html
@@ -1,20 +1,20 @@
-
-
-
- Media Content Viewer
-
-
-
-
-
Media Content Viewer
-
- The Media Content Viewer will show a picture or video file.
- Video files can be played and paused.
- The size of the picture or video will be reduced to fit into the screen.
- If you want more complex analysis of the media, then you must export the file.
-
-
If you select an non-picture file or an unsupported picture format on the "Result Viewers", this tab will be disabled.
-
Here's one of the example of the "Media Content Viewer":
-
-
-
+
+
+
+ Media Content Viewer
+
+
+
+
+
Media Content Viewer
+
+ The Media Content Viewer will show a picture or video file.
+ Video files can be played and paused.
+ The size of the picture or video will be reduced to fit into the screen.
+ If you want more complex analysis of the media, then you must export the file.
+
+
If you select an non-picture file or an unsupported picture format on the "Result Viewers", this tab will be disabled.
+
Here's one of the example of the "Media Content Viewer":
Result Content Viewer shows the artifacts (saved results) associated with the item selected in the Result Viewer.
-
-
Example
-
Below is an example of "Result Content Viewer" window:
-
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html
index a1955f10a3..215b8c0a52 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html
@@ -1,23 +1,23 @@
-
-
-
- String Content Viewer
-
-
-
-
-
String Content Viewer
-
- Strings Content Viewer scans (potentially binary) data of the file / folder and searches it for data that could be text.
- When appropriate data is found, the String Content Viewer shows data strings extracted from binary, decoded, and interpreted as UTF8/16 for the selected script/language.
-
-
- Note that this is different from the Text Content Viewer, which displays the text for a file that is stored in the keyword search index.
- The results may be the same or they could be different, depending how the data were interpreted by the indexer.
-
-
-
Example
-
Below is an example of "String Content Viewer" window:
-
-
-
+
+
+
+ String Content Viewer
+
+
+
+
+
String Content Viewer
+
+ Strings Content Viewer scans (potentially binary) data of the file / folder and searches it for data that could be text.
+ When appropriate data is found, the String Content Viewer shows data strings extracted from binary, decoded, and interpreted as UTF8/16 for the selected script/language.
+
+
+ Note that this is different from the Text Content Viewer, which displays the text for a file that is stored in the keyword search index.
+ The results may be the same or they could be different, depending how the data were interpreted by the indexer.
+
+
+
Example
+
Below is an example of "String Content Viewer" window:
- Table Results Viewer (Directory Listing) displays the data catalog as a table with some details (properties) of each file.
- The properties that it shows are: name, time (modified, changed, accessed, and created), size, flags (directory and meta), mode, user ID, group ID, metadata address, attribute address, and type (directory and meta).
- Click the Table Viewer tab to select this view.
-
-
- The Results Viewer can be also activated for saved results and it can show a high level results grouped,
- or a results at a file level, depending on which node on the Directory Tree is selected to populate the Table Results Viewer.
-
-
-
Example
-
Below is an example of a "Table Results Viewer" window:
+ Table Results Viewer (Directory Listing) displays the data catalog as a table with some details (properties) of each file.
+ The properties that it shows are: name, time (modified, changed, accessed, and created), size, flags (directory and meta), mode, user ID, group ID, metadata address, attribute address, and type (directory and meta).
+ Click the Table Viewer tab to select this view.
+
+
+ The Results Viewer can be also activated for saved results and it can show a high level results grouped,
+ or a results at a file level, depending on which node on the Directory Tree is selected to populate the Table Results Viewer.
+
+
+
Example
+
Below is an example of a "Table Results Viewer" window:
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/text-content-viewer.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/text-content-viewer.html
index 31260ae9cb..966fbd0753 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/text-content-viewer.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/text-content-viewer.html
@@ -1,30 +1,30 @@
-
-
-
- Text View
-
-
-
-
-
Text View
-
- Text Content Viewer uses the keyword search index that may have been populated during
- Image Ingest.
- If a file has text stored in the index, then this tab will be enabled and it will be displayed to the user if a file or a result associated with a file is selected.
-
-
- This tab may have more text on it than the "String View", which relies on searching the file for text-looking data.
- Some files, like PDF, will not have text-looking data at the byte-level, but the keyword indexing process knows how to interpret a PDF file and produce text.
- For the files the indexer knows about, there may be the METADATA section at the end of the displayed extracted text.
- If an indexed document contains any metadata (such as creation date, author, etc), it will be displayed there.
- Note that, unlike the "String View", the Text View does not have its built-in settings for the script/language to use for extracted strings.
- This is because the script/language is used at indexing time, and that setting is associated with the Keyword Search indexer, not the viewer.
-
-
- If this tab is not enabled, then either the file has no text or you did not enable Keyword Search as an ingest module.
- Note that this viewer is also used to display highlighted keyword hits when operated in the "Search Matches" mode,
- selected on the right-hand side of the viewer's toolbar.
-
-
-
-
+
+
+
+ Text View
+
+
+
+
+
Text View
+
+ Text Content Viewer uses the keyword search index that may have been populated during
+ Image Ingest.
+ If a file has text stored in the index, then this tab will be enabled and it will be displayed to the user if a file or a result associated with a file is selected.
+
+
+ This tab may have more text on it than the "String View", which relies on searching the file for text-looking data.
+ Some files, like PDF, will not have text-looking data at the byte-level, but the keyword indexing process knows how to interpret a PDF file and produce text.
+ For the files the indexer knows about, there may be the METADATA section at the end of the displayed extracted text.
+ If an indexed document contains any metadata (such as creation date, author, etc), it will be displayed there.
+ Note that, unlike the "String View", the Text View does not have its built-in settings for the script/language to use for extracted strings.
+ This is because the script/language is used at indexing time, and that setting is associated with the Keyword Search indexer, not the viewer.
+
+
+ If this tab is not enabled, then either the file has no text or you did not enable Keyword Search as an ingest module.
+ Note that this viewer is also used to display highlighted keyword hits when operated in the "Search Matches" mode,
+ selected on the right-hand side of the viewer's toolbar.
+
- Thumbnail Results Viewer displays the data catalog as a table of thumbnail images in adjustable sizes.
- This viewer only supports picture file(s) (Currently, only supports JPG, GIF, and PNG formats).
- Click the Thumbnail tab to select this view.
- Note that for a large number of images in a directory selected in the Data Explorer, or for a View selected that contains
- a large number of images, it might take a while to populate this view for the first time before the images are cached.
-
-
-
Example
-
Below is an example of "Thumbnail Results Viewer" window:
-
-
+
+
+
+ Thumbnail Results Viewer
+
+
+
+
+
Thumbnail Results Viewer
+
+ Thumbnail Results Viewer displays the data catalog as a table of thumbnail images in adjustable sizes.
+ This viewer only supports picture file(s) (Currently, only supports JPG, GIF, and PNG formats).
+ Click the Thumbnail tab to select this view.
+ Note that for a large number of images in a directory selected in the Data Explorer, or for a View selected that contains
+ a large number of images, it might take a while to populate this view for the first time before the images are cached.
+
+
+
Example
+
Below is an example of "Thumbnail Results Viewer" window:
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-about.html b/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-about.html
index 32ab52798b..a25af20157 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-about.html
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-about.html
@@ -1,48 +1,48 @@
-
-
-
- Data Explorer (Directory Tree)
-
-
-
-
-
About Data Explorer (Directory Tree)
-
- The data explorer tree is a very important area of the interface.
- This is where you will start many of your analysis approaches and find saved results from automated procedures (ingest).
- The tree has three main areas:
-
-
-
Images:
- Where you can find the directory tree hierarchy of the file systems in the images.
- Go here to navigate to a specific file or directory.
-
-
Views:
- Where you can view all of the files in the images, but organized by file type or dates instead of directories.
- Go here if you are looking for files of a given type or that were recently used.
-
-
Results:
- Where you can see the results from the background ingest tasks and you can see your previous search results.
- Go here to see what was found by the ingest modules and to find your previous search results.
-
-
Bookmarks:
- Where you can view all file and results that have been bookmarked for easy access.
-
-
-
-
Below is an example of an Data Explorer Tree window:
-
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html b/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html
index cf63eb7c98..51ae52101b 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html
@@ -1,20 +1,20 @@
-
-
-
- Image Details Window
-
-
-
-
-
Image Details Window
-
- The Image Details window shows you basic information about a disk image.
- You can access it by right-clicking on an image in the tree and choosing "Image Details".
-
-
-
-
-
An example is shown here:
-
-
-
+
+
+
+ Image Details Window
+
+
+
+
+
Image Details Window
+
+ The Image Details window shows you basic information about a disk image.
+ You can access it by right-clicking on an image in the tree and choosing "Image Details".
+
- The Volume Details window shows you information about a volume.
- It shows information such as the starting sector, length, and description.
- You can view the information by right clicking on a volume in the tree and choosing "Volume Details".
-
-
-
-
-
-
An example is shown here:
-
-
-
+
+
+
+ Volume Details Window
+
+
+
+
+
Volume Details Window
+
+ The Volume Details window shows you information about a volume.
+ It shows information such as the starting sector, length, and description.
+ You can view the information by right clicking on a volume in the tree and choosing "Volume Details".
+
+
+
+
+
+
An example is shown here:
+
+
+
diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleContentViewer.java b/Core/src/org/sleuthkit/autopsy/examples/SampleContentViewer.java
index dfd0718f3c..d6f80ffad9 100755
--- a/Core/src/org/sleuthkit/autopsy/examples/SampleContentViewer.java
+++ b/Core/src/org/sleuthkit/autopsy/examples/SampleContentViewer.java
@@ -166,10 +166,7 @@ public class SampleContentViewer extends javax.swing.JPanel implements DataConte
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (isSupported == false) {
- return 0;
- }
+ public int isPreferred(Node node) {
// we return 1 since this module will operate on nearly all files
return 1;
}
diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java b/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java
index e6061fdd76..5fa98f65d4 100755
--- a/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/examples/SampleDataSourceIngestModule.java
@@ -1,125 +1,125 @@
-/*
-* Sample module in the public domain. Feel free to use this as a template
-* for your modules.
-*
-* Contact: Brian Carrier [carrier sleuthkit [dot] org]
-*
-* This is free and unencumbered software released into the public domain.
-*
-* Anyone is free to copy, modify, publish, use, compile, sell, or
-* distribute this software, either in source code form or as a compiled
-* binary, for any purpose, commercial or non-commercial, and by any
-* means.
-*
-* In jurisdictions that recognize copyright laws, the author or authors
-* of this software dedicate any and all copyright interest in the
-* software to the public domain. We make this dedication for the benefit
-* of the public at large and to the detriment of our heirs and
-* successors. We intend this dedication to be an overt act of
-* relinquishment in perpetuity of all present and future rights to this
-* software under copyright law.
-*
-* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-* OTHER DEALINGS IN THE SOFTWARE.
-*/
-
-package org.sleuthkit.autopsy.examples;
-
-import java.util.List;
-import org.apache.log4j.Logger;
-import org.openide.util.Exceptions;
-import org.sleuthkit.autopsy.casemodule.Case;
-import org.sleuthkit.autopsy.casemodule.services.FileManager;
-import org.sleuthkit.autopsy.casemodule.services.Services;
-import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
-import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
-import org.sleuthkit.autopsy.ingest.IngestModuleInit;
-import org.sleuthkit.autopsy.ingest.PipelineContext;
-import org.sleuthkit.datamodel.AbstractFile;
-import org.sleuthkit.datamodel.Content;
-import org.sleuthkit.datamodel.FsContent;
-import org.sleuthkit.datamodel.SleuthkitCase;
-import org.sleuthkit.datamodel.TskCoreException;
-
-/**
- * Sample DataSource-level ingest module that doesn't do much at all.
- * Just exists to show basic idea of these modules
- */
-public class SampleDataSourceIngestModule extends org.sleuthkit.autopsy.ingest.IngestModuleDataSource {
-
- /* Data Source modules operate on a disk or set of logical files. They
- * are passed in teh data source refernce and query it for things they want.
- */
- @Override
- public void process(PipelineContext pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
-
- Case case1 = Case.getCurrentCase();
- SleuthkitCase sleuthkitCase = case1.getSleuthkitCase();
-
- Services services = new Services(sleuthkitCase);
- FileManager fm = services.getFileManager();
- try {
- /* you can use the findFiles method in FileManager (or similar ones in
- * SleuthkitCase to find files based only on their name. This
- * one finds files that have a .doc extension. */
- List docFiles = fm.findFiles(dataSource, "%.doc");
- for (AbstractFile file : docFiles) {
- // do something with each doc file
- }
-
- /* We can also do more general queries with findFilesWhere, which
- * allows us to make our own WHERE clause in the database.
- */
- long currentTime = System.currentTimeMillis()/1000;
- // go back 2 weeks
- long minTime = currentTime - (14 * 24 * 60 * 60);
- List otherFiles = sleuthkitCase.findFilesWhere("crtime > " + minTime);
- // do something with these files...
-
- } catch (TskCoreException ex) {
- Logger log = Logger.getLogger(SampleDataSourceIngestModule.class);
- log.fatal("Error retrieving files from database: " + ex.getLocalizedMessage());
- return;
- }
- }
-
- @Override
- public void init(IngestModuleInit initContext) {
- // do nothing
- }
-
- @Override
- public void complete() {
- // do nothing
- }
-
- @Override
- public void stop() {
- // do nothing
- }
-
- @Override
- public String getName() {
- return "SampleDataSourceIngestModule";
- }
-
- @Override
- public String getVersion() {
- return "1.0";
- }
-
- @Override
- public String getDescription() {
- return "Doesn't do much";
- }
-
- @Override
- public boolean hasBackgroundJobsRunning() {
- return false;
- }
-}
+/*
+* Sample module in the public domain. Feel free to use this as a template
+* for your modules.
+*
+* Contact: Brian Carrier [carrier sleuthkit [dot] org]
+*
+* This is free and unencumbered software released into the public domain.
+*
+* Anyone is free to copy, modify, publish, use, compile, sell, or
+* distribute this software, either in source code form or as a compiled
+* binary, for any purpose, commercial or non-commercial, and by any
+* means.
+*
+* In jurisdictions that recognize copyright laws, the author or authors
+* of this software dedicate any and all copyright interest in the
+* software to the public domain. We make this dedication for the benefit
+* of the public at large and to the detriment of our heirs and
+* successors. We intend this dedication to be an overt act of
+* relinquishment in perpetuity of all present and future rights to this
+* software under copyright law.
+*
+* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+* OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+package org.sleuthkit.autopsy.examples;
+
+import java.util.List;
+import org.apache.log4j.Logger;
+import org.openide.util.Exceptions;
+import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.autopsy.casemodule.services.FileManager;
+import org.sleuthkit.autopsy.casemodule.services.Services;
+import org.sleuthkit.autopsy.ingest.IngestDataSourceWorkerController;
+import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
+import org.sleuthkit.autopsy.ingest.IngestModuleInit;
+import org.sleuthkit.autopsy.ingest.PipelineContext;
+import org.sleuthkit.datamodel.AbstractFile;
+import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.FsContent;
+import org.sleuthkit.datamodel.SleuthkitCase;
+import org.sleuthkit.datamodel.TskCoreException;
+
+/**
+ * Sample DataSource-level ingest module that doesn't do much at all.
+ * Just exists to show basic idea of these modules
+ */
+public class SampleDataSourceIngestModule extends org.sleuthkit.autopsy.ingest.IngestModuleDataSource {
+
+ /* Data Source modules operate on a disk or set of logical files. They
+ * are passed in teh data source refernce and query it for things they want.
+ */
+ @Override
+ public void process(PipelineContext pipelineContext, Content dataSource, IngestDataSourceWorkerController controller) {
+
+ Case case1 = Case.getCurrentCase();
+ SleuthkitCase sleuthkitCase = case1.getSleuthkitCase();
+
+ Services services = new Services(sleuthkitCase);
+ FileManager fm = services.getFileManager();
+ try {
+ /* you can use the findFiles method in FileManager (or similar ones in
+ * SleuthkitCase to find files based only on their name. This
+ * one finds files that have a .doc extension. */
+ List docFiles = fm.findFiles(dataSource, "%.doc");
+ for (AbstractFile file : docFiles) {
+ // do something with each doc file
+ }
+
+ /* We can also do more general queries with findFilesWhere, which
+ * allows us to make our own WHERE clause in the database.
+ */
+ long currentTime = System.currentTimeMillis()/1000;
+ // go back 2 weeks
+ long minTime = currentTime - (14 * 24 * 60 * 60);
+ List otherFiles = sleuthkitCase.findFilesWhere("crtime > " + minTime);
+ // do something with these files...
+
+ } catch (TskCoreException ex) {
+ Logger log = Logger.getLogger(SampleDataSourceIngestModule.class);
+ log.fatal("Error retrieving files from database: " + ex.getLocalizedMessage());
+ return;
+ }
+ }
+
+ @Override
+ public void init(IngestModuleInit initContext) {
+ // do nothing
+ }
+
+ @Override
+ public void complete() {
+ // do nothing
+ }
+
+ @Override
+ public void stop() {
+ // do nothing
+ }
+
+ @Override
+ public String getName() {
+ return "SampleDataSourceIngestModule";
+ }
+
+ @Override
+ public String getVersion() {
+ return "1.0";
+ }
+
+ @Override
+ public String getDescription() {
+ return "Doesn't do much";
+ }
+
+ @Override
+ public boolean hasBackgroundJobsRunning() {
+ return false;
+ }
+}
diff --git a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java
index e4152604c0..676f9bd79f 100755
--- a/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/examples/SampleFileIngestModule.java
@@ -1,178 +1,178 @@
-/*
-* Sample module in the public domain. Feel free to use this as a template
-* for your modules.
-*
-* Contact: Brian Carrier [carrier sleuthkit [dot] org]
-*
-* This is free and unencumbered software released into the public domain.
-*
-* Anyone is free to copy, modify, publish, use, compile, sell, or
-* distribute this software, either in source code form or as a compiled
-* binary, for any purpose, commercial or non-commercial, and by any
-* means.
-*
-* In jurisdictions that recognize copyright laws, the author or authors
-* of this software dedicate any and all copyright interest in the
-* software to the public domain. We make this dedication for the benefit
-* of the public at large and to the detriment of our heirs and
-* successors. We intend this dedication to be an overt act of
-* relinquishment in perpetuity of all present and future rights to this
-* software under copyright law.
-*
-* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-* OTHER DEALINGS IN THE SOFTWARE.
-*/
-
-package org.sleuthkit.autopsy.examples;
-
-import org.apache.log4j.Logger;
-import org.openide.util.Exceptions;
-import org.sleuthkit.autopsy.casemodule.Case;
-import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
-import org.sleuthkit.autopsy.ingest.IngestModuleInit;
-import org.sleuthkit.autopsy.ingest.PipelineContext;
-import org.sleuthkit.datamodel.AbstractFile;
-import org.sleuthkit.datamodel.BlackboardArtifact;
-import org.sleuthkit.datamodel.BlackboardAttribute;
-import org.sleuthkit.datamodel.TskCoreException;
-import org.sleuthkit.datamodel.SleuthkitCase;
-import org.sleuthkit.datamodel.TskData;
-
-/**
- * This is a sample and simple module. It is a file-level ingest module, meaning
- * that it will get called on each file in the disk image / logical file set.
- * It does a stupid calculation of the number of null bytes in the beginning of the
- * file in order to show the basic flow.
- *
- * Autopsy has been hard coded to ignore this module based on the it's package name.
- * IngestModuleLoader will not load things from the org.sleuthkit.autopsy.examples package.
- * Either change the package or the loading code to make this module actually run.
- */
-public class SampleFileIngestModule extends org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile {
- private int attrId = -1;
- private static SampleFileIngestModule defaultInstance = null;
-
- // Private to ensure Singleton status
- private SampleFileIngestModule() {
- }
-
- // File-level ingest modules are currently singleton -- this is required
- public static synchronized SampleFileIngestModule getDefault() {
- //defaultInstance is a private static class variable
- if (defaultInstance == null) {
- defaultInstance = new SampleFileIngestModule();
- }
- return defaultInstance;
- }
-
-
- @Override
- public void init(IngestModuleInit initContext) {
- /* For this demo, we are going to make a private attribute to post our
- * results to the blackbaord with. There are many standard blackboard artifact
- * and attribute types and you should first consider using one of those before
- * making private ones because other modules won't know about provate ones.
- * Because our demo has results that have no real value, we do not have an
- * official attribute for them.
- */
- Case case1 = Case.getCurrentCase();
- SleuthkitCase sleuthkitCase = case1.getSleuthkitCase();
-
- // see if the type already exists in the blackboard.
- try {
- attrId = sleuthkitCase.getAttrTypeID("ATTR_SAMPLE");
- } catch (TskCoreException ex) {
- // create it if not
- try {
- attrId = sleuthkitCase.addAttrType("ATTR_SAMPLE", "Sample Attribute");
- } catch (TskCoreException ex1) {
- Logger log = Logger.getLogger(SampleFileIngestModule.class);
- log.fatal("Error adding attribute type: " + ex1.getLocalizedMessage());
- attrId = -1;
- }
- }
- }
-
- @Override
- public ProcessResult process(PipelineContext pipelineContext, AbstractFile abstractFile) {
- // skip non-files
- if ((abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) ||
- (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)) {
- return ProcessResult.OK;
- }
-
- // skip NSRL / known files
- if (abstractFile.getKnown() == TskData.FileKnown.KNOWN) {
- return ProcessResult.OK;
- }
-
-
- /* Do a non-sensical calculation of the number of 0x00 bytes
- * in the first 1024-bytes of the file. This is for demo
- * purposes only.
- */
- try {
- byte buffer[] = new byte[1024];
- int len = abstractFile.read(buffer, 0, 1024);
- int count = 0;
- for (int i = 0; i < len; i++) {
- if (buffer[i] == 0x00) {
- count++;
- }
- }
-
- if (attrId != -1) {
- // Make an attribute using the ID for the private type that we previously created.
- BlackboardAttribute attr = new BlackboardAttribute(attrId, getName(), count);
-
- /* add it to the general info artifact. In real modules, you would likely have
- * more complex data types and be making more specific artifacts.
- */
- BlackboardArtifact art = abstractFile.getGenInfoArtifact();
- art.addAttribute(attr);
- }
-
- return ProcessResult.OK;
- } catch (TskCoreException ex) {
- Exceptions.printStackTrace(ex);
- return ProcessResult.ERROR;
- }
- }
-
-
- @Override
- public void complete() {
-
- }
-
- @Override
- public void stop() {
-
- }
-
- @Override
- public String getVersion() {
- return "1.0";
- }
-
- @Override
- public String getName() {
- return "SampleFileIngestModule";
- }
-
- @Override
- public String getDescription() {
- return "Doesn't do much";
- }
-
- @Override
- public boolean hasBackgroundJobsRunning() {
- // we're single threaded...
- return false;
- }
-}
+/*
+* Sample module in the public domain. Feel free to use this as a template
+* for your modules.
+*
+* Contact: Brian Carrier [carrier sleuthkit [dot] org]
+*
+* This is free and unencumbered software released into the public domain.
+*
+* Anyone is free to copy, modify, publish, use, compile, sell, or
+* distribute this software, either in source code form or as a compiled
+* binary, for any purpose, commercial or non-commercial, and by any
+* means.
+*
+* In jurisdictions that recognize copyright laws, the author or authors
+* of this software dedicate any and all copyright interest in the
+* software to the public domain. We make this dedication for the benefit
+* of the public at large and to the detriment of our heirs and
+* successors. We intend this dedication to be an overt act of
+* relinquishment in perpetuity of all present and future rights to this
+* software under copyright law.
+*
+* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+* EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+* MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+* IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
+* OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
+* ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
+* OTHER DEALINGS IN THE SOFTWARE.
+*/
+
+package org.sleuthkit.autopsy.examples;
+
+import org.apache.log4j.Logger;
+import org.openide.util.Exceptions;
+import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile;
+import org.sleuthkit.autopsy.ingest.IngestModuleInit;
+import org.sleuthkit.autopsy.ingest.PipelineContext;
+import org.sleuthkit.datamodel.AbstractFile;
+import org.sleuthkit.datamodel.BlackboardArtifact;
+import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.TskCoreException;
+import org.sleuthkit.datamodel.SleuthkitCase;
+import org.sleuthkit.datamodel.TskData;
+
+/**
+ * This is a sample and simple module. It is a file-level ingest module, meaning
+ * that it will get called on each file in the disk image / logical file set.
+ * It does a stupid calculation of the number of null bytes in the beginning of the
+ * file in order to show the basic flow.
+ *
+ * Autopsy has been hard coded to ignore this module based on the it's package name.
+ * IngestModuleLoader will not load things from the org.sleuthkit.autopsy.examples package.
+ * Either change the package or the loading code to make this module actually run.
+ */
+public class SampleFileIngestModule extends org.sleuthkit.autopsy.ingest.IngestModuleAbstractFile {
+ private int attrId = -1;
+ private static SampleFileIngestModule defaultInstance = null;
+
+ // Private to ensure Singleton status
+ private SampleFileIngestModule() {
+ }
+
+ // File-level ingest modules are currently singleton -- this is required
+ public static synchronized SampleFileIngestModule getDefault() {
+ //defaultInstance is a private static class variable
+ if (defaultInstance == null) {
+ defaultInstance = new SampleFileIngestModule();
+ }
+ return defaultInstance;
+ }
+
+
+ @Override
+ public void init(IngestModuleInit initContext) {
+ /* For this demo, we are going to make a private attribute to post our
+ * results to the blackbaord with. There are many standard blackboard artifact
+ * and attribute types and you should first consider using one of those before
+ * making private ones because other modules won't know about provate ones.
+ * Because our demo has results that have no real value, we do not have an
+ * official attribute for them.
+ */
+ Case case1 = Case.getCurrentCase();
+ SleuthkitCase sleuthkitCase = case1.getSleuthkitCase();
+
+ // see if the type already exists in the blackboard.
+ try {
+ attrId = sleuthkitCase.getAttrTypeID("ATTR_SAMPLE");
+ } catch (TskCoreException ex) {
+ // create it if not
+ try {
+ attrId = sleuthkitCase.addAttrType("ATTR_SAMPLE", "Sample Attribute");
+ } catch (TskCoreException ex1) {
+ Logger log = Logger.getLogger(SampleFileIngestModule.class);
+ log.fatal("Error adding attribute type: " + ex1.getLocalizedMessage());
+ attrId = -1;
+ }
+ }
+ }
+
+ @Override
+ public ProcessResult process(PipelineContext pipelineContext, AbstractFile abstractFile) {
+ // skip non-files
+ if ((abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNALLOC_BLOCKS) ||
+ (abstractFile.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.UNUSED_BLOCKS)) {
+ return ProcessResult.OK;
+ }
+
+ // skip NSRL / known files
+ if (abstractFile.getKnown() == TskData.FileKnown.KNOWN) {
+ return ProcessResult.OK;
+ }
+
+
+ /* Do a non-sensical calculation of the number of 0x00 bytes
+ * in the first 1024-bytes of the file. This is for demo
+ * purposes only.
+ */
+ try {
+ byte buffer[] = new byte[1024];
+ int len = abstractFile.read(buffer, 0, 1024);
+ int count = 0;
+ for (int i = 0; i < len; i++) {
+ if (buffer[i] == 0x00) {
+ count++;
+ }
+ }
+
+ if (attrId != -1) {
+ // Make an attribute using the ID for the private type that we previously created.
+ BlackboardAttribute attr = new BlackboardAttribute(attrId, getName(), count);
+
+ /* add it to the general info artifact. In real modules, you would likely have
+ * more complex data types and be making more specific artifacts.
+ */
+ BlackboardArtifact art = abstractFile.getGenInfoArtifact();
+ art.addAttribute(attr);
+ }
+
+ return ProcessResult.OK;
+ } catch (TskCoreException ex) {
+ Exceptions.printStackTrace(ex);
+ return ProcessResult.ERROR;
+ }
+ }
+
+
+ @Override
+ public void complete() {
+
+ }
+
+ @Override
+ public void stop() {
+
+ }
+
+ @Override
+ public String getVersion() {
+ return "1.0";
+ }
+
+ @Override
+ public String getName() {
+ return "SampleFileIngestModule";
+ }
+
+ @Override
+ public String getDescription() {
+ return "Doesn't do much";
+ }
+
+ @Override
+ public boolean hasBackgroundJobsRunning() {
+ // we're single threaded...
+ return false;
+ }
+}
diff --git a/Core/src/org/sleuthkit/autopsy/filesearch/docs/filesearch-about.html b/Core/src/org/sleuthkit/autopsy/filesearch/docs/filesearch-about.html
index fca35f95c5..dcfc2b0fc3 100644
--- a/Core/src/org/sleuthkit/autopsy/filesearch/docs/filesearch-about.html
+++ b/Core/src/org/sleuthkit/autopsy/filesearch/docs/filesearch-about.html
@@ -1,52 +1,52 @@
-
-
-
- About File Search
-
-
-
-
-
About File Search
-
- File Search tool can be accessed either from the Tools menu or by right-clicking on image node in the Data Explorer / Directory Tree.
- By using File Search, you can specify, filter, and show the directories and files that you want to see from the images in the current opened case.
- The File Search results will be populated in a brand new Table Result viewer on the right-hand side.
-
-
Currently, Autopsy only supports 4 categories in File Search: Name, Size, Date, and Known Status based search.
-
-
Note:
- Currently File Search doesn't support regular expression,
- however the Keyword Search feature of Autopsy does also look in file names and it does support regular expressions,
- which can complimentary to the File Search.
-
Note:
- The File Search Window is opened and closed automatically.
- If there's a case opened and there is at least one image inside that case, File Search Window can't be closed.
-
+ File Search tool can be accessed either from the Tools menu or by right-clicking on image node in the Data Explorer / Directory Tree.
+ By using File Search, you can specify, filter, and show the directories and files that you want to see from the images in the current opened case.
+ The File Search results will be populated in a brand new Table Result viewer on the right-hand side.
+
+
Currently, Autopsy only supports 4 categories in File Search: Name, Size, Date, and Known Status based search.
+
+
Note:
+ Currently File Search doesn't support regular expression,
+ however the Keyword Search feature of Autopsy does also look in file names and it does support regular expressions,
+ which can complimentary to the File Search.
+
Note:
+ The File Search Window is opened and closed automatically.
+ If there's a case opened and there is at least one image inside that case, File Search Window can't be closed.
+
+
+
+
+
diff --git a/Core/src/org/sleuthkit/autopsy/filesearch/docs/how-to-use-filesearch.html b/Core/src/org/sleuthkit/autopsy/filesearch/docs/how-to-use-filesearch.html
index 8d9ecc1f11..7b07983a14 100644
--- a/Core/src/org/sleuthkit/autopsy/filesearch/docs/how-to-use-filesearch.html
+++ b/Core/src/org/sleuthkit/autopsy/filesearch/docs/how-to-use-filesearch.html
@@ -1,55 +1,55 @@
-
-
-
- How to Use File Search
-
-
-
-
-
How to Use File Search
-
Currently, there are 4 categories that you can use to filter and show the directories and files within the images in the current opened case.
-
The categories are:
-
-
Name:
-
Search for all files and directory whose name contains the pattern given.
-
-
Note: it doesn't support regular expression and keyword matching.
-
-
-
-
Size:
-
- Search for all files and directory whose size matches the pattern given.
- The pattern can be "equal to", "greater than", and "less than".
- The unit for the size can be "Byte(s)", "KB", "MB", "GB", and "TB".
-
-
-
-
Date:
-
- Search for all files and directory whose "date property" is within the date range given.
- The "date properties" are "Modified Date", "Accessed Date", "Changed Date", and "Created Date".
- You must also specify the timezone for the date given.
-
-
-
-
Known Status:
-
- Search for all files and directory whose known status is recognized as either Unknown, Known, or Known Bad.
- For more on Known Status, see Hash Database Management.
-
-
- To use any of these filters, check the box next to the category and click "Search" button to start the search process.
- The result will show up in the "Result Viewer".
-
-
-
-
-
Example
-
- Here's an example where I try to get all the directories and files whose name contains "hello",
- has a size greater than 1000 Bytes,was created between 06/15/2010 and 06/16/2010 (in GMT-5 timezone), and is an unknown file:
-
-
-
+
+
+
+ How to Use File Search
+
+
+
+
+
How to Use File Search
+
Currently, there are 4 categories that you can use to filter and show the directories and files within the images in the current opened case.
+
The categories are:
+
+
Name:
+
Search for all files and directory whose name contains the pattern given.
+
+
Note: it doesn't support regular expression and keyword matching.
+
+
+
+
Size:
+
+ Search for all files and directory whose size matches the pattern given.
+ The pattern can be "equal to", "greater than", and "less than".
+ The unit for the size can be "Byte(s)", "KB", "MB", "GB", and "TB".
+
+
+
+
Date:
+
+ Search for all files and directory whose "date property" is within the date range given.
+ The "date properties" are "Modified Date", "Accessed Date", "Changed Date", and "Created Date".
+ You must also specify the timezone for the date given.
+
+
+
+
Known Status:
+
+ Search for all files and directory whose known status is recognized as either Unknown, Known, or Known Bad.
+ For more on Known Status, see Hash Database Management.
+
+
+ To use any of these filters, check the box next to the category and click "Search" button to start the search process.
+ The result will show up in the "Result Viewer".
+
+
+
+
+
Example
+
+ Here's an example where I try to get all the directories and files whose name contains "hello",
+ has a size greater than 1000 Bytes,was created between 06/15/2010 and 06/16/2010 (in GMT-5 timezone), and is an unknown file:
+
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/filesearch/docs/open-filesearch.html b/Core/src/org/sleuthkit/autopsy/filesearch/docs/open-filesearch.html
index a86e887a76..c3043d0ac7 100644
--- a/Core/src/org/sleuthkit/autopsy/filesearch/docs/open-filesearch.html
+++ b/Core/src/org/sleuthkit/autopsy/filesearch/docs/open-filesearch.html
@@ -1,29 +1,29 @@
-
-
-
- How to Open File Search
-
-
-
-
-
How to Open File Search
-
To open the File Search, you can do one of the following thing:
-
-
Right click an image and choose "Open File Search by Attributes".
-
-
-
-
Select the "Tools" > "File Search by Attributes".
-
-
-
-
-
-
-
Note:
- The File Search Window is opened and closed automatically.
- If there's a case opened and there is at least one image inside that case, File Search Window can't be closed.
-
-
-
+
+
+
+ How to Open File Search
+
+
+
+
+
How to Open File Search
+
To open the File Search, you can do one of the following thing:
+
+
Right click an image and choose "Open File Search by Attributes".
+
+
+
+
Select the "Tools" > "File Search by Attributes".
+
+
+
+
+
+
+
Note:
+ The File Search Window is opened and closed automatically.
+ If there's a case opened and there is at least one image inside that case, File Search Window can't be closed.
+
+
+
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-about.html b/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-about.html
index 73892dc849..1703fc0185 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-about.html
+++ b/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-about.html
@@ -1,98 +1,98 @@
-
-
-
- Image Ingest
-
-
-
-
-
Image Ingest
-
- Autopsy tries to automate as many things as possible for the user.
- There are many tasks that will always be performed in a digital investigation and they normally involve some type of image or file analysis and extraction of a certain type of information.
- The analysis can be a lengthy process, especially for large images and when a number of types of analysis needs to be performed.
-
-
- Ingest is a technique of automating these tasks. Autopsy allows to run these lengthy analysis tasks in the background,
- while the user can browse the application interface and review the ingest results as their appear.
- Ingest is similar to triage.
- Autopsy attempts to process files inside the ingested image in such order so that the more interesting files (user-related files) are processed files.
-
-
- The ingest process begins after the basic file system information has been added to the database.
- A series of ingest modules (described in a following section) run automatically behind the scenes and make their results available as soon as possible.
- Autopsy is designed so that these results are reported to the user in real-time,
- and even for very large images to be processed there can be initial results available minutes, sometimes seconds after the analysis has started.
-
-
- You can start image ingest in two ways. When you add an image with the Add Data Source wizard,
- you will be shown the list of ingest modules and you can choose which you want to run.
- You can also launch the Ingest Manager run ingest by right clicking on an image in the explorer tree and choosing "Restart Image Ingest".
-
-
- Once ingest is started, you can review the currently running ingest tasks in the task bar on the bottom-right corner of the main window.
- The ingest tasks can be canceled by the user if so desired.
-
-
-
Note:
- sometimes the cancellation process make take several seconds or more to complete cleanly, depending on what the ingest module was currently doing.
-
-
-
- The ingest message inbox will provide notifications when the particular ingest modules start and finish running.
- There may also be error notifications, and result notifications sent by specific ingest modules.
-
-
- The results from the ingest modules can typically be found in the Results area of the explorer tree.
- However, some modules may choose to write results to a local file or to some other location and not make them available in the UI.
-
-
-
Ingest Modules
-
- An ingest module is responsible for extracting data from and searching images.
- Different modules will do different things. Examples include:
-
-
-
Calculate MD5 hash of each file
-
Lookup MD5 hash in database
-
Detect file type of each file
-
Keyword search each file
-
Extract web artifacts (downloads, history, installed programs, web search engine queries, etc.)
-
Extract Email messages
-
Extract connected device IDs.
-
Extract EXIF meta-data from picture files
-
-
-
Configuring Ingest Modules
-
- There are two places to configure ingest modules. When the Ingest Manager is launched, there may be a small set of options the module allows you to edit directly in the Ingest Manager.
- Additionally, the Ingest Manager may display an "Advanced" button, which will open up a larger configuration menu with more available settings.
- This advanced configuration menu can often be found in the "Tools" > "Options" menu, along with the advanced settings for numerous other ingest modules.
-
-
- Before launching ingest, you should go over the modules configuration by selecting every module in the list and review the current ingest module settings.
- Some modules need to be configured at least the first time Autopsy is used to have default configuration populated, otherwise they won't perform any analysis.
- Changing the modules configuration will potentially affect number of results found, it might also affect the total time required for ingest to run and how fast the results are reported in real-time.
-
-
-
Adding Ingest Modules
-
- Ingest modules can be created by third-party-developers and can be added independently of Autopsy.
- This can be done through Autopsy's plugin manager. This is accessible through the "Tools" > "Plugins" menu.
- Currently, the best way to add an ingest module is by navigating to the module's NBM file after choosing "Add Plugin..." in the "Downloaded" tab of the plugin manager.
- Autopsy will require a restart after any modules are installed in order to properly load and display them.
-
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-inbox.html b/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-inbox.html
index f06cbc2c5a..b66c712e5d 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-inbox.html
+++ b/Core/src/org/sleuthkit/autopsy/ingest/docs/ingest-inbox.html
@@ -1,56 +1,56 @@
-
-
-
-
- Ingest Message Inbox
-
-
-
-
-
Ingest Message Inbox
-
- The ingest message inbox is used by Autopsy to provide real-time updates during ingest.
- To open the inbox, click on the yellow warning sign in the top/right corner of the Autopsy window.
- The sign can display a number of incoming unread (not yet clicked) messages during ingest in its upper-right corner.
-
-
-
- Ingest modules are able to post messages when notable events occur,
- such as a keyword or hash database hit.
- If a module posts many similar messages in a short time span,
- the inbox will group those messages so that unique updates are not lost among the noise.
-
-
- The grouped messages are colored with different shades to indicate their importance;
- if a message group contains a lower number of unique messages,
- it is potentially more important than another group with a large number of unique messages.
- The more unique important messages have a lighter background color.
-
-
The ingest messages can be sorted by uniqueness/importance, or by chronological order in which they had appeared.
-
- A message can be clicked to view the message details. When a message is clicked, it is marked as "read".
- When updates are posted with regard to a specific result or file, the message is linked to that file
- and the buttons in the top/right corner of the message details view can be used to browse to that data.
-
-
-
-
-
+
+
+
+
+ Ingest Message Inbox
+
+
+
+
+
Ingest Message Inbox
+
+ The ingest message inbox is used by Autopsy to provide real-time updates during ingest.
+ To open the inbox, click on the yellow warning sign in the top/right corner of the Autopsy window.
+ The sign can display a number of incoming unread (not yet clicked) messages during ingest in its upper-right corner.
+
+
+
+ Ingest modules are able to post messages when notable events occur,
+ such as a keyword or hash database hit.
+ If a module posts many similar messages in a short time span,
+ the inbox will group those messages so that unique updates are not lost among the noise.
+
+
+ The grouped messages are colored with different shades to indicate their importance;
+ if a message group contains a lower number of unique messages,
+ it is potentially more important than another group with a large number of unique messages.
+ The more unique important messages have a lighter background color.
+
+
The ingest messages can be sorted by uniqueness/importance, or by chronological order in which they had appeared.
+
+ A message can be clicked to view the message details. When a message is clicked, it is marked as "read".
+ When updates are posted with regard to a specific result or file, the message is linked to that file
+ and the buttons in the top/right corner of the message details view can be used to browse to that data.
+
+
+
+
+
\ No newline at end of file
diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbConfigPanel.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbConfigPanel.java
index 4942ce9b86..4fa82d4a2c 100644
--- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbConfigPanel.java
+++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbConfigPanel.java
@@ -50,7 +50,6 @@ public final class HashDbConfigPanel extends javax.swing.JPanel implements Optio
private static final String NO_SELECTION_TEXT = "No database selected";
private static final String ERROR_GETTING_PATH_TEXT = "Error occurred getting path";
private static final String ERROR_GETTING_INDEX_STATUS_TEXT = "Error occurred getting status";
- private static final String LEGACY_INDEX_FILE_EXTENSION = "-md5.idx";
private HashDbManager hashSetManager = HashDbManager.getInstance();
private HashSetTableModel hashSetTableModel = new HashSetTableModel();
@@ -161,13 +160,10 @@ public final class HashDbConfigPanel extends javax.swing.JPanel implements Optio
hashDbIndexStatusLabel.setForeground(Color.black);
indexButton.setEnabled(false);
}
- else if (db.hasLookupIndex()) {
+ else if (db.hasIndex()) {
if (db.hasIndexOnly()) {
hashDbIndexStatusLabel.setText("Index only");
}
- else if (db.getIndexPath().endsWith(LEGACY_INDEX_FILE_EXTENSION)) {
- hashDbIndexStatusLabel.setText("Indexed (old format)");
- }
else {
hashDbIndexStatusLabel.setText("Indexed");
}
@@ -242,7 +238,7 @@ public final class HashDbConfigPanel extends javax.swing.JPanel implements Optio
List unindexed = new ArrayList<>();
for (HashDb hashSet : hashSetManager.getAllHashSets()) {
try {
- if (!hashSet.hasLookupIndex()) {
+ if (!hashSet.hasIndex()) {
unindexed.add(hashSet);
}
}
@@ -376,7 +372,7 @@ public final class HashDbConfigPanel extends javax.swing.JPanel implements Optio
private boolean indexExists(int rowIndex){
try {
- return hashSets.get(rowIndex).hasLookupIndex();
+ return hashSets.get(rowIndex).hasIndex();
}
catch (TskCoreException ex) {
Logger.getLogger(HashSetTableModel.class.getName()).log(Level.SEVERE, "Error getting index info for hash database", ex);
diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java
index 6e8d895f06..91ecb5de88 100644
--- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java
+++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbIngestModule.java
@@ -43,6 +43,7 @@ import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TskException;
import org.sleuthkit.autopsy.hashdatabase.HashDbManager.HashDb;
+import org.sleuthkit.datamodel.HashInfo;
public class HashDbIngestModule extends IngestModuleAbstractFile {
private static HashDbIngestModule instance = null;
@@ -164,7 +165,7 @@ public class HashDbIngestModule extends IngestModuleAbstractFile {
for (HashDb db : hashDbs) {
if (db.getSearchDuringIngest()) {
try {
- if (db.hasLookupIndex()) {
+ if (db.hasIndex()) {
hashDbsForIngest.add(db);
}
}
@@ -218,7 +219,8 @@ public class HashDbIngestModule extends IngestModuleAbstractFile {
for (HashDb db : knownBadHashSets) {
try {
long lookupstart = System.currentTimeMillis();
- if (db.hasMd5HashOf(file)) {
+ HashInfo hashInfo = db.lookUp(file);
+ if (null != hashInfo) {
foundBad = true;
knownBadCount += 1;
try {
@@ -231,14 +233,14 @@ public class HashDbIngestModule extends IngestModuleAbstractFile {
}
String hashSetName = db.getHashSetName();
- String comment = "";
- ArrayList comments = db.lookUp(file).getComments();
+ String comment = "";
+ ArrayList comments = hashInfo.getComments();
int i = 0;
for (String c : comments) {
- comment += c;
if (++i > 1) {
- c += ". ";
+ comment += " ";
}
+ comment += c;
if (comment.length() > MAX_COMMENT_SIZE) {
comment = comment.substring(0, MAX_COMMENT_SIZE) + "...";
break;
diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbManager.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbManager.java
index 6c2609b0dc..3dd27307e7 100755
--- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbManager.java
+++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbManager.java
@@ -243,9 +243,9 @@ public class HashDbManager implements PropertyChangeListener {
return hashDb;
}
- synchronized void indexHashDatabase(HashDb hashDb, boolean deleteIndexFile) {
+ synchronized void indexHashDatabase(HashDb hashDb) {
hashDb.addPropertyChangeListener(this);
- HashDbIndexer creator = new HashDbIndexer(hashDb, deleteIndexFile);
+ HashDbIndexer creator = new HashDbIndexer(hashDb);
creator.execute();
}
@@ -788,7 +788,7 @@ public class HashDbManager implements PropertyChangeListener {
* @throws TskCoreException
*/
public void addHashes(Content content, String comment) throws TskCoreException {
- // TODO: This only works for AbstractFiles and MD5 hashes at present.
+ // This only works for AbstractFiles and MD5 hashes at present.
assert content instanceof AbstractFile;
if (content instanceof AbstractFile) {
AbstractFile file = (AbstractFile)content;
@@ -812,7 +812,7 @@ public class HashDbManager implements PropertyChangeListener {
public HashInfo lookUp(Content content) throws TskCoreException {
HashInfo result = null;
- // TODO: This only works for AbstractFiles and MD5 hashes at present.
+ // This only works for AbstractFiles and MD5 hashes at present.
assert content instanceof AbstractFile;
if (content instanceof AbstractFile) {
AbstractFile file = (AbstractFile)content;
@@ -823,12 +823,12 @@ public class HashDbManager implements PropertyChangeListener {
return result;
}
- boolean hasLookupIndex() throws TskCoreException {
+ boolean hasIndex() throws TskCoreException {
return SleuthkitJNI.hashDatabaseHasLookupIndex(handle);
}
boolean hasIndexOnly() throws TskCoreException {
- return SleuthkitJNI.hashDatabaseHasLegacyLookupIndexOnly(handle);
+ return SleuthkitJNI.hashDatabaseIsIndexOnly(handle);
}
boolean canBeReIndexed() throws TskCoreException {
@@ -847,11 +847,9 @@ public class HashDbManager implements PropertyChangeListener {
private class HashDbIndexer extends SwingWorker {
private ProgressHandle progress = null;
private HashDb hashDb = null;
- private boolean deleteIndexFile = false;
- HashDbIndexer(HashDb hashDb, boolean deleteIndexFile) {
+ HashDbIndexer(HashDb hashDb) {
this.hashDb = hashDb;
- this.deleteIndexFile = deleteIndexFile;
};
@Override
@@ -861,7 +859,7 @@ public class HashDbManager implements PropertyChangeListener {
progress.start();
progress.switchToIndeterminate();
try {
- SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.handle, deleteIndexFile);
+ SleuthkitJNI.createLookupIndexForHashDatabase(hashDb.handle);
}
catch (TskCoreException ex) {
Logger.getLogger(HashDb.class.getName()).log(Level.SEVERE, "Error indexing hash database", ex);
diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSimpleConfigPanel.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSimpleConfigPanel.java
index d6dbd0a8f7..4149ccccfd 100644
--- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSimpleConfigPanel.java
+++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDbSimpleConfigPanel.java
@@ -146,7 +146,7 @@ public class HashDbSimpleConfigPanel extends javax.swing.JPanel {
HashDb db = hashDatabases.get(rowIndex);
boolean dbHasIndex = false;
try {
- dbHasIndex = db.hasLookupIndex();
+ dbHasIndex = db.hasIndex();
}
catch (TskCoreException ex) {
Logger.getLogger(HashDbSimpleConfigPanel.class.getName()).log(Level.SEVERE, "Error getting info for " + db.getHashSetName() + " hash database", ex);
diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/ModalNoButtons.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/ModalNoButtons.java
index 9f1e10c7ba..9e6ee8fe3f 100644
--- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/ModalNoButtons.java
+++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/ModalNoButtons.java
@@ -21,13 +21,9 @@ package org.sleuthkit.autopsy.hashdatabase;
import java.beans.PropertyChangeEvent;
import java.beans.PropertyChangeListener;
-import java.io.File;
import java.util.ArrayList;
import java.util.List;
-import java.util.logging.Level;
import javax.swing.JOptionPane;
-import org.sleuthkit.autopsy.coreutils.Logger;
-import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.hashdatabase.HashDbManager.HashDb;
/**
@@ -42,7 +38,6 @@ import org.sleuthkit.autopsy.hashdatabase.HashDbManager.HashDb;
*/
class ModalNoButtons extends javax.swing.JDialog implements PropertyChangeListener {
- private static final String INDEX_FILE_EXTENSION = ".kdb";
List unindexed;
HashDb toIndex;
HashDbConfigPanel hdbmp;
@@ -211,7 +206,7 @@ class ModalNoButtons extends javax.swing.JDialog implements PropertyChangeListen
this.CURRENTLYON_LABEL.setText("Currently indexing 1 database");
if (!this.toIndex.isIndexing()) {
this.toIndex.addPropertyChangeListener(this);
- HashDbManager.getInstance().indexHashDatabase(toIndex, okToDeleteOldIndexFile(toIndex));
+ HashDbManager.getInstance().indexHashDatabase(toIndex);
}
}
@@ -227,7 +222,7 @@ class ModalNoButtons extends javax.swing.JDialog implements PropertyChangeListen
this.CURRENTLYON_LABEL.setText("Currently indexing 1 of " + length);
if (!db.isIndexing()) {
db.addPropertyChangeListener(this);
- HashDbManager.getInstance().indexHashDatabase(db, okToDeleteOldIndexFile(db));
+ HashDbManager.getInstance().indexHashDatabase(db);
}
}
}
@@ -255,23 +250,5 @@ class ModalNoButtons extends javax.swing.JDialog implements PropertyChangeListen
this.CURRENTLYON_LABEL.setText("Currently indexing " + currentcount + " of " + length);
}
}
- }
-
- private boolean okToDeleteOldIndexFile(HashDb hashDb) {
- boolean deleteOldIndexFile = true;
- try {
- if (hashDb.hasLookupIndex()) {
- String indexPath = hashDb.getIndexPath();
- File indexFile = new File(indexPath);
- if (!indexPath.endsWith(INDEX_FILE_EXTENSION)) {
- deleteOldIndexFile = JOptionPane.showConfirmDialog(this, "Updating index file format, delete " + indexFile.getName() + " file that uses the old file format?", "Delete Obsolete Index File", JOptionPane.YES_NO_OPTION) == JOptionPane.YES_OPTION;
- }
- }
- }
- catch (TskCoreException ex) {
- Logger.getLogger(HashDbConfigPanel.class.getName()).log(Level.SEVERE, "Error getting index info for hash database", ex);
- JOptionPane.showMessageDialog(null, "Error gettting index information for " + hashDb.getHashSetName() + " hash database. Cannot perform indexing operation.", "Hash Database Index Status Error", JOptionPane.ERROR_MESSAGE);
- }
- return deleteOldIndexFile;
- }
+ }
}
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java
index 77757cc5cd..d57e993b08 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java
@@ -311,19 +311,15 @@ public class ExtractedContentViewer implements DataContentViewer {
}
@Override
- public int isPreferred(Node node,
- boolean isSupported) {
+ public int isPreferred(Node node) {
BlackboardArtifact art = node.getLookup().lookup(BlackboardArtifact.class);
- if (isSupported) {
- if (art == null) {
- return 4;
- } else if (art.getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
- return 6;
- } else {
- return 4;
- }
+
+ if (art == null) {
+ return 4;
+ } else if (art.getArtifactTypeID() == BlackboardArtifact.ARTIFACT_TYPE.TSK_KEYWORD_HIT.getTypeID()) {
+ return 6;
} else {
- return 0;
+ return 4;
}
}
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java
deleted file mode 100644
index a54977273a..0000000000
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserActivityType.java
+++ /dev/null
@@ -1,61 +0,0 @@
-/*
- * Autopsy Forensic Browser
- *
- * Copyright 2012 Basis Technology Corp.
- * Contact: carrier sleuthkit org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.autopsy.recentactivity;
-
-import java.util.EnumSet;
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- *
- * No one seems to be using this
- */
-@Deprecated
-public enum BrowserActivityType {
- Cookies(0),
- Url(1),
- Bookmarks(2);
- private static final Map lookup
- = new HashMap();
-
- static {
- for(BrowserActivityType bat : values())
- lookup.put(bat.type, bat);
- }
-
-
- private int type;
-
- private BrowserActivityType(int type)
- {
- this.type = type;
- }
-
- public int getType() { return type; }
-
- public static BrowserActivityType get(int type) {
- switch(type) {
- case 0: return Cookies;
- case 1: return Url;
- case 2: return Bookmarks;
- }
- return null;
- }
-
-}
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java
deleted file mode 100644
index ebdf41f48d..0000000000
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/BrowserType.java
+++ /dev/null
@@ -1,60 +0,0 @@
-/*
- * Autopsy Forensic Browser
- *
- * Copyright 2012 Basis Technology Corp.
- * Contact: carrier sleuthkit org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.autopsy.recentactivity;
-
-import java.util.HashMap;
-import java.util.Map;
-
-/**
- *
- * No one is using this. It should go away
- */
-@Deprecated
-public enum BrowserType {
- IE(0), //Internet Explorer
- FF(1), //Firefox
- CH(2); //Chrome
- private static final Map lookup
- = new HashMap();
-
- static {
- for(BrowserType bt : values())
- lookup.put(bt.type, bt);
- }
-
-
- private int type;
-
- private BrowserType(int type)
- {
- this.type = type;
- }
-
- public int getType() { return type; }
-
- public static BrowserType get(int type) {
- switch(type) {
- case 0: return IE;
- case 1: return FF;
- case 2: return CH;
- }
- return null;
- }
-
-}
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
index 5868c44146..100d3a9322 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chrome.java
@@ -55,7 +55,7 @@ import org.sleuthkit.datamodel.TskData;
/**
* Chrome recent activity extraction
*/
-public class Chrome extends Extract {
+class Chrome extends Extract {
private static final String historyQuery = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, "
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) as from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url";
@@ -65,8 +65,8 @@ public class Chrome extends Extract {
private static final String downloadQueryVersion30 = "SELECT current_path as full_path, url, start_time, received_bytes FROM downloads, downloads_url_chains WHERE downloads.id=downloads_url_chains.id";
private static final String loginQuery = "select origin_url, username_value, signon_realm from logins";
private final Logger logger = Logger.getLogger(this.getClass().getName());
- public int ChromeCount = 0;
- final public static String MODULE_VERSION = "1.0";
+ private int ChromeCount = 0;
+ final private static String MODULE_VERSION = "1.0";
private IngestServices services;
//hide public constructor to prevent from instantiation by ingest module loader
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
index 8f3bce5716..66a628f389 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java
@@ -33,14 +33,14 @@ import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.report.SQLiteDBConnect;
import org.sleuthkit.datamodel.*;
-abstract public class Extract extends IngestModuleDataSource{
+abstract class Extract extends IngestModuleDataSource{
protected Case currentCase = Case.getCurrentCase(); // get the most updated case
protected SleuthkitCase tskCase = currentCase.getSleuthkitCase();
public final Logger logger = Logger.getLogger(this.getClass().getName());
- protected final ArrayList errorMessages = new ArrayList<>();
- protected String moduleName = "";
- protected boolean dataFound = false;
+ private final ArrayList errorMessages = new ArrayList<>();
+ String moduleName = "";
+ boolean dataFound = false;
//hide public constructor to prevent from instantiation by ingest module loader
Extract() {
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
index 8edf90a654..570d14b5cf 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractIE.java
@@ -68,7 +68,7 @@ import org.sleuthkit.autopsy.ingest.IngestModuleDataSource;
import org.sleuthkit.autopsy.ingest.IngestModuleInit;
import org.sleuthkit.datamodel.*;
-public class ExtractIE extends Extract {
+class ExtractIE extends Extract {
private static final Logger logger = Logger.getLogger(ExtractIE.class.getName());
private IngestServices services;
@@ -77,7 +77,7 @@ public class ExtractIE extends Extract {
private String PASCO_LIB_PATH;
private String JAVA_PATH;
- final public static String MODULE_VERSION = "1.0";
+ final private static String MODULE_VERSION = "1.0";
private static final SimpleDateFormat dateFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'");
private ExecUtil execPasco;
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index 8b0c89ade8..49da26db4f 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -57,14 +57,14 @@ import org.xml.sax.SAXException;
* and the second is a set that were customized for Autopsy to produce a more structured
* output of XML so that we can parse and turn into blackboard artifacts.
*/
-public class ExtractRegistry extends Extract {
+class ExtractRegistry extends Extract {
- public Logger logger = Logger.getLogger(this.getClass().getName());
+ private Logger logger = Logger.getLogger(this.getClass().getName());
private String RR_PATH;
private String RR_FULL_PATH;
- boolean rrFound = false; // true if we found the Autopsy-specific version of regripper
- boolean rrFullFound = false; // true if we found the full version of regripper
- final public static String MODULE_VERSION = "1.0";
+ private boolean rrFound = false; // true if we found the Autopsy-specific version of regripper
+ private boolean rrFullFound = false; // true if we found the full version of regripper
+ final private static String MODULE_VERSION = "1.0";
private ExecUtil execRR;
//hide public constructor to prevent from instantiation by ingest module loader
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractUSB.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractUSB.java
index ca5e5bfb6b..41c605df4c 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractUSB.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractUSB.java
@@ -40,7 +40,7 @@ import org.sleuthkit.autopsy.coreutils.PlatformUtil;
* Loads a file that maps USB IDs to names of makes and models. Uses Linux USB info.
* This should be renamed because it isn't extracting. It's just mapping IDs to names.
*/
-public class ExtractUSB {
+class ExtractUSB {
private static final Logger logger = Logger.getLogger(ExtractUSB.class.getName());
private HashMap devices;
private static final String DataFile = "USB_DATA.txt";
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
index 90925e4f5a..e5e4967525 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Firefox.java
@@ -50,7 +50,7 @@ import org.sleuthkit.datamodel.TskCoreException;
/**
* Firefox recent activity extraction
*/
-public class Firefox extends Extract {
+class Firefox extends Extract {
private static final String historyQuery = "SELECT moz_historyvisits.id,url,title,visit_count,(visit_date/1000000) as visit_date,from_visit,(SELECT url FROM moz_places WHERE id=moz_historyvisits.from_visit) as ref FROM moz_places, moz_historyvisits WHERE moz_places.id = moz_historyvisits.place_id AND hidden = 0";
private static final String cookieQuery = "SELECT name,value,host,expiry,(lastAccessed/1000000) as lastAccessed,(creationTime/1000000) as creationTime FROM moz_cookies";
@@ -59,8 +59,7 @@ public class Firefox extends Extract {
private static final String downloadQuery = "SELECT target, source,(startTime/1000000) as startTime, maxBytes FROM moz_downloads";
private static final String downloadQueryVersion24 = "SELECT url, content as target, (lastModified/1000000) as lastModified FROM moz_places, moz_annos WHERE moz_places.id = moz_annos.place_id AND moz_annos.anno_attribute_id = 3";
- public int FireFoxCount = 0;
- final public static String MODULE_VERSION = "1.0";
+ final private static String MODULE_VERSION = "1.0";
private IngestServices services;
//hide public constructor to prevent from instantiation by ingest module loader
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
index 13d6827cc6..c5565bc3c8 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/RAImageIngestModule.java
@@ -51,7 +51,7 @@ public final class RAImageIngestModule extends IngestModuleDataSource {
private StringBuilder subCompleted = new StringBuilder();
private ArrayList modules;
private List browserModules;
- final public static String MODULE_VERSION = Version.getVersion();
+ final private static String MODULE_VERSION = Version.getVersion();
//public constructor is required
//as multiple instances are created for processing multiple images simultenously
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
index 6e9a11a85c..4477271dd9 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/SearchEngineURLQueryAnalyzer.java
@@ -62,14 +62,14 @@ import org.xml.sax.SAXException;
* To add search engines, edit SearchEngines.xml under RecentActivity
*
*/
-public class SearchEngineURLQueryAnalyzer extends Extract {
+class SearchEngineURLQueryAnalyzer extends Extract {
private IngestServices services;
- public static final String MODULE_NAME = "Search Engine URL Query Analyzer";
- public final static String MODULE_VERSION = "1.0";
+ private static final String MODULE_NAME = "Search Engine URL Query Analyzer";
+ private final static String MODULE_VERSION = "1.0";
- public static final String XMLFILE = "SEUQAMappings.xml";
+ private static final String XMLFILE = "SEUQAMappings.xml";
private static final String XSDFILE = "SearchEngineSchema.xsd";
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
index 12ba3dca43..c5346df9b1 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Util.java
@@ -50,7 +50,7 @@ import org.sleuthkit.datamodel.TskCoreException;
*
* @author Alex
*/
-public class Util {
+class Util {
private static Logger logger = Logger.getLogger(Util.class.getName());
icon on the toolbar
- 
- 
- 
-
+
+
+
+ 
-
+
+
+
+ 
-
-
+
+
+
+ 
-
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
index 96f3f92497..cd0895e0a2 100755
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
@@ -185,7 +185,7 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
+ public int isPreferred(Node node) {
return 1;
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java
index 6b5736b8a9..7126f0e912 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/DataContentViewer.java
@@ -83,16 +83,15 @@ public interface DataContentViewer {
* Checks whether the given viewer is preferred for the Node.
* This is a bit subjective, but the idea is that Autopsy wants to display
* the most relevant tab. The more generic the viewer, the lower
- * the return value should be.
+ * the return value should be. This will only be called on viewers that
+ * support the given node.
*
* @param node Node to check for preference
- * @param isSupported true if the viewer is supported by the node, false otherwise
- * as determined by a previous check
* @return an int (0-10) higher return means the viewer has higher priority
* 0 means not supported
* 1 to 2 means the module will display all file types (such as the hex viewer)
* 3-10 are prioritized by Content viewer developer. Modules that operate on very
* few file types should be towards 10.
*/
- public int isPreferred(Node node, boolean isSupported);
+ public int isPreferred(Node node);
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
index 4967d98fb5..7ebd947691 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentPanel.java
@@ -181,7 +181,7 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
jTabbedPane1.setEnabledAt(i, true);
// remember the viewer with the highest preference value
- int currentPreferred = dcv.isPreferred(selectedNode, true);
+ int currentPreferred = dcv.isPreferred(selectedNode);
if (currentPreferred > maxPreferred) {
preferredViewerIndex = i;
maxPreferred = currentPreferred;
@@ -258,8 +258,8 @@ public class DataContentPanel extends javax.swing.JPanel implements DataContent,
return this.wrapped.isSupported(node);
}
- int isPreferred(Node node, boolean isSupported) {
- return this.wrapped.isPreferred(node, isSupported);
+ int isPreferred(Node node) {
+ return this.wrapped.isPreferred(node);
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
index 945d1018e7..f979f74688 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerArtifact.java
@@ -330,18 +330,13 @@ public class DataContentViewerArtifact extends javax.swing.JPanel implements Dat
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
+ public int isPreferred(Node node) {
BlackboardArtifact artifact = node.getLookup().lookup(BlackboardArtifact.class);
- if(isSupported) {
- if(artifact == null) {
- return 3;
- }
- else {
- return 5;
- }
+ if(artifact == null) {
+ return 3;
}
else {
- return 0;
+ return 5;
}
}
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java
index f1c4c4016d..0e28a337f8 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerHex.java
@@ -434,12 +434,8 @@ public class DataContentViewerHex extends javax.swing.JPanel implements DataCont
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (isSupported) {
- return 1;
- } else {
- return 0;
- }
+ public int isPreferred(Node node) {
+ return 1;
}
@Override
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
index 3d587601a8..7bd6c0d1cd 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
@@ -226,25 +226,22 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (isSupported) {
- //special case, check if deleted video, then do not make it preferred
- AbstractFile file = node.getLookup().lookup(AbstractFile.class);
- if (file == null) {
- return 0;
- }
- String name = file.getName().toLowerCase();
- boolean deleted = file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC);
-
- if (containsExt(name, videoExtensions) && deleted) {
- return 0;
- }
- else {
- return 7;
- }
- } else {
+ public int isPreferred(Node node) {
+ //special case, check if deleted video, then do not make it preferred
+ AbstractFile file = node.getLookup().lookup(AbstractFile.class);
+ if (file == null) {
return 0;
}
+ String name = file.getName().toLowerCase();
+ boolean deleted = file.isDirNameFlagSet(TSK_FS_NAME_FLAG_ENUM.UNALLOC);
+
+ if (containsExt(name, videoExtensions) && deleted) {
+ return 0;
+ }
+ else {
+ return 7;
+ }
+
}
private static boolean containsExt(String name, String[] exts) {
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java
index ed87edd1df..5223f61920 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerString.java
@@ -322,14 +322,6 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
private javax.swing.JLabel totalPageLabel;
// End of variables declaration//GEN-END:variables
- @Deprecated
- public void setDataView(Content dataSource, long offset, boolean reset) {
- if (reset) {
- resetComponent();
- return;
- }
- setDataView(dataSource, offset);
- }
/**
* Sets the DataView (The tabbed panel)
@@ -399,6 +391,30 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
this.setCursor(null);
}
+
+ private void setDataView(StringContent dataSource) {
+ this.setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
+ try {
+ this.dataSource = null;
+
+ // set the data on the bottom and show it
+ String text = dataSource.getString();
+
+ nextPageButton.setEnabled(false);
+
+ prevPageButton.setEnabled(false);
+ currentPage = 1;
+
+ int totalPage = 1;
+ totalPageLabel.setText(Integer.toString(totalPage));
+ currentPageLabel.setText(Integer.toString(currentPage));
+ outputViewPane.setText(text); // set the output view
+ setComponentsVisibility(true); // shows the components that not needed
+ outputViewPane.moveCaretPosition(0);
+ } finally {
+ this.setCursor(null);
+ }
+ }
/**
* To set the visibility of specific components in this class.
@@ -484,12 +500,8 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
}
@Override
- public int isPreferred(Node node, boolean isSupported) {
- if (node != null && isSupported) {
- return 1;
- } else {
- return 0;
- }
+ public int isPreferred(Node node) {
+ return 1;
}
@Override
@@ -497,29 +509,6 @@ public class DataContentViewerString extends javax.swing.JPanel implements DataC
return this;
}
- private void setDataView(StringContent dataSource) {
- this.setCursor(Cursor.getPredefinedCursor(Cursor.WAIT_CURSOR));
- try {
- this.dataSource = null;
-
- // set the data on the bottom and show it
- String text = dataSource.getString();
-
- nextPageButton.setEnabled(false);
-
- prevPageButton.setEnabled(false);
- currentPage = 1;
-
- int totalPage = 1;
- totalPageLabel.setText(Integer.toString(totalPage));
- currentPageLabel.setText(Integer.toString(currentPage));
- outputViewPane.setText(text); // set the output view
- setComponentsVisibility(true); // shows the components that not needed
- outputViewPane.moveCaretPosition(0);
- } finally {
- this.setCursor(null);
- }
- }
/* Show the right click menu only if evt is the correct mouse event */
private void maybeShowPopup(java.awt.event.MouseEvent evt) {
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
index f204c293c3..083d26328b 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
@@ -1,31 +1,31 @@
-
-
-
-
-
- 
-
-
-
+
+
+
+ 
-
+
+
+
+ 
-
-
+
+
+
+ 
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html
index a1955f10a3..215b8c0a52 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/string-content-viewer.html
@@ -1,23 +1,23 @@
-
-
-
- 
-
-
+
+
+
+ 
-
+
+
+
+ 
-
-
+
+
+
+ 
-
+
+
+
+ 
-
-
-
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html b/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html
index cf63eb7c98..51ae52101b 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/docs/image-details.html
@@ -1,20 +1,20 @@
-
-
-
- 
-
- 
-
-
+
+
+
+ 
-
-
- 
-
-
+
+
+
+ 
-
-
-
+
+
+
+ 
-
+
+
+
+ 
- 
- 
- 
- 
-
+
+
+
+
+