merge from 7317

Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java

@@ -68,6 +68,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.PersonaAccount;
 import org.sleuthkit.datamodel.Account;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT;
 import org.sleuthkit.datamodel.CommunicationsUtils;
+import org.sleuthkit.datamodel.Score;
 
 /**
  * Listen for ingest events and update entries in the Central Repository
@@ -205,9 +206,12 @@ public class IngestEventsListener {
     }
 
     /**
-     * Make an Interesting Item artifact based on a new artifact being previously seen.
+     * Make an Interesting Item artifact based on a new artifact being
+     * previously seen.
+     *
      * @param originalArtifact Original artifact that we want to flag
-     * @param caseDisplayNames List of case names artifact was previously seen in
+     * @param caseDisplayNames List of case names artifact was previously seen
+     *                         in
      */
     @NbBundle.Messages({"IngestEventsListener.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
         "IngestEventsListener.prevCaseComment.text=Previous Case: "})
@@ -230,7 +234,8 @@ public class IngestEventsListener {
      * in the central repository.
      *
      * @param originalArtifact the artifact to create the interesting item for
-     * @param caseDisplayNames the case names the artifact was previously seen in
+     * @param caseDisplayNames the case names the artifact was previously seen
+     *                         in
      */
     @NbBundle.Messages({"IngestEventsListener.prevExists.text=Previously Seen Devices (Central Repository)",
         "# {0} - typeName",
@@ -251,8 +256,10 @@ public class IngestEventsListener {
 
     /**
      * Make an interesting item artifact to flag the passed in artifact.
+     *
      * @param originalArtifact         Artifact in current case we want to flag
-     * @param attributesForNewArtifact Attributes to assign to the new Interesting items artifact
+     * @param attributesForNewArtifact Attributes to assign to the new
+     *                                 Interesting items artifact
      */
     private static void makeAndPostInterestingArtifact(BlackboardArtifact originalArtifact, Collection<BlackboardAttribute> attributesForNewArtifact) {
         try {
@@ -261,8 +268,10 @@ public class IngestEventsListener {
             Blackboard blackboard = tskCase.getBlackboard();
             // Create artifact if it doesn't already exist.
             if (!blackboard.artifactExists(abstractFile, TSK_INTERESTING_ARTIFACT_HIT, attributesForNewArtifact)) {
-                BlackboardArtifact newInterestingArtifact = abstractFile.newArtifact(TSK_INTERESTING_ARTIFACT_HIT);
+                BlackboardArtifact newInterestingArtifact = abstractFile.newAnalysisResult(
-                newInterestingArtifact.addAttributes(attributesForNewArtifact);
+                        new BlackboardArtifact.Type(TSK_INTERESTING_ARTIFACT_HIT),
+                        Score.SCORE_UNKNOWN, null, null, null, attributesForNewArtifact)
+                        .getAnalysisResult();
 
                 try {
                     // index the artifact for keyword search

Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java

@@ -56,6 +56,7 @@ import org.sleuthkit.datamodel.HashUtility;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
+import org.sleuthkit.datamodel.Score;
 
 /**
  * Ingest module for inserting entries into the Central Repository database on
@@ -345,8 +346,10 @@ final class CentralRepoIngestModule implements FileIngestModule {
 
             // Create artifact if it doesn't already exist.
             if (!blackboard.artifactExists(abstractFile, TSK_INTERESTING_FILE_HIT, attributes)) {
-                BlackboardArtifact tifArtifact = abstractFile.newArtifact(TSK_INTERESTING_FILE_HIT);
+                BlackboardArtifact tifArtifact = abstractFile.newAnalysisResult(
-                tifArtifact.addAttributes(attributes);
+                        new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), 
+                        Score.SCORE_UNKNOWN, null, null, null, attributes)
+                        .getAnalysisResult();
                 try {
                     // index the artifact for keyword search
                     blackboard.postArtifact(tifArtifact, MODULE_NAME);

Core/src/org/sleuthkit/autopsy/datamodel/FileTypes.java

@@ -378,19 +378,23 @@ public final class FileTypes implements AutopsyVisitableItem {
             return content.getChildrenIds();
         }
 
+        @Deprecated
+        @SuppressWarnings("Deprecated")
         @Override
         public BlackboardArtifact newArtifact(int artifactTypeID) throws TskCoreException {
             return content.newArtifact(artifactTypeID);
         }
 
+        @Deprecated
+        @SuppressWarnings("Deprecated")
         @Override
         public BlackboardArtifact newArtifact(BlackboardArtifact.ARTIFACT_TYPE type) throws TskCoreException {
             return content.newArtifact(type);
         }
         
         @Override
-        public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, OsAccount osAccount) throws TskCoreException {
+        public DataArtifact newDataArtifact(BlackboardArtifact.Type artifactType, Collection<BlackboardAttribute> attributesList, Long osAccountId) throws TskCoreException {
-            return content.newDataArtifact(artifactType, attributesList, osAccount);
+            return content.newDataArtifact(artifactType, attributesList, osAccountId);
         }
 
         @Override

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYCallsFileParser.java

@@ -24,6 +24,7 @@ import java.util.Collection;
 import java.util.List;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Account;
 import org.sleuthkit.datamodel.Blackboard.BlackboardException;
 import org.sleuthkit.datamodel.BlackboardArtifact;
@@ -313,8 +314,7 @@ final class XRYCallsFileParser extends AbstractSingleEntityParser {
             }
 
             if (!otherAttributes.isEmpty()) {
-                BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG);
+                BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CALLLOG), otherAttributes);
-                artifact.addAttributes(otherAttributes);
                         
                 currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
             }

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java

@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Account;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
@@ -142,8 +143,7 @@ final class XRYContactsFileParser extends AbstractSingleEntityParser {
         } else {
             // Just create an artifact with the attributes that we do have.
             if (!additionalAttributes.isEmpty()) {
-                BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
+                BlackboardArtifact artifact = parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), additionalAttributes);
-                artifact.addAttributes(additionalAttributes);
                         
                 currentCase.getBlackboard().postArtifact(artifact, PARSER_NAME);
             }

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java

@@ -25,6 +25,7 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
@@ -105,9 +106,11 @@ final class XRYDeviceGenInfoFileParser extends AbstractSingleEntityParser {
             }
         }
         if(!attributes.isEmpty()) {
-            BlackboardArtifact artifact = parent.newArtifact(
+            if (parent instanceof AbstractFile) {
-                    BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO);
+                parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes);
-            artifact.addAttributes(attributes);
+            } else {
+                parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes, null);
+            }
         }
     }
 

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYWebBookmarksFileParser.java

@@ -23,6 +23,7 @@ import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Optional;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard.BlackboardException;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardArtifact;
@@ -78,8 +79,11 @@ final class XRYWebBookmarksFileParser extends AbstractSingleEntityParser {
             }
         }
         if(!attributes.isEmpty()) {
-            BlackboardArtifact artifact = parent.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK);
+            if (parent instanceof AbstractFile) {
-            artifact.addAttributes(attributes);
+                parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes);
+            } else {
+                parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes, null);
+            }
         }
     }
 }

Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java

@@ -28,6 +28,7 @@ import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
@@ -36,6 +37,7 @@ import java.util.Map;
 import java.util.logging.Level;
 import javax.annotation.concurrent.GuardedBy;
 import org.apache.commons.io.FileUtils;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -50,16 +52,58 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Host;
 import org.sleuthkit.datamodel.LocalFilesDataSource;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
  * A runnable that - copy the logical image folder to a destination folder - add
- * SearchResults.txt and *_users.txt files to report - add an image data source to the
+ * SearchResults.txt and *_users.txt files to report - add an image data source
- * case database.
+ * to the case database.
  */
 final class AddLogicalImageTask implements Runnable {
 
+    /**
+     * Information about a file including the object id of the file as well as
+     * the object id of the data source.
+     */
+    private static class FileId {
+
+        private final long dataSourceId;
+        private final long fileId;
+
+        /**
+         * Main constructor.
+         *
+         * @param dataSourceId Object Id of the data source.
+         * @param fileId       Object Id of the file.
+         */
+        FileId(long dataSourceId, long fileId) {
+            this.dataSourceId = dataSourceId;
+            this.fileId = fileId;
+        }
+
+        /**
+         * Returns the data source id of the file.
+         *
+         * @return The data source id of the file.
+         */
+        long getDataSourceId() {
+            return dataSourceId;
+        }
+
+        /**
+         * Returns the object id of the file.
+         *
+         * @return The object id of the file.
+         */
+        long getFileId() {
+            return fileId;
+        }
+    }
+
+    private final static BlackboardArtifact.Type INTERESTING_FILE_TYPE = new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+
     private final static Logger LOGGER = Logger.getLogger(AddLogicalImageTask.class.getName());
     private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
     private final static String USERS_TXT = "_users.txt"; //NON-NLS
@@ -106,8 +150,8 @@ final class AddLogicalImageTask implements Runnable {
     }
 
     /**
-     * Add SearchResults.txt and *_users.txt to the case
+     * Add SearchResults.txt and *_users.txt to the case report Adds the image
-     * report Adds the image to the case database.
+     * to the case database.
      */
     @Messages({
         "# {0} - src", "# {1} - dest", "AddLogicalImageTask.copyingImageFromTo=Copying image from {0} to {1}",
@@ -215,7 +259,7 @@ final class AddLogicalImageTask implements Runnable {
         }
 
         List<Content> newDataSources = new ArrayList<>();
-        Map<String, List<Long>> interestingFileMap = new HashMap<>();
+        Map<String, List<FileId>> interestingFileMap = new HashMap<>();
 
         if (imagePaths.isEmpty()) {
             createVHD = false;
@@ -359,11 +403,11 @@ final class AddLogicalImageTask implements Runnable {
         "# {0} - file number", "# {1} - total files", "AddLogicalImageTask.addingInterestingFile=Adding interesting files ({0}/{1})",
         "AddLogicalImageTask.logicalImagerResults=Logical Imager results"
     })
-    private void addInterestingFiles(Map<String, List<Long>> interestingFileMap) throws IOException, TskCoreException {
+    private void addInterestingFiles(Map<String, List<FileId>> interestingFileMap) throws IOException, TskCoreException {
         int lineNumber = 0;
         List<BlackboardArtifact> artifacts = new ArrayList<>();
 
-        Iterator<Map.Entry<String, List<Long>>> iterator = interestingFileMap.entrySet().iterator();
+        Iterator<Map.Entry<String, List<FileId>>> iterator = interestingFileMap.entrySet().iterator();
         while (iterator.hasNext()) {
 
             if (cancelled) {
@@ -372,14 +416,14 @@ final class AddLogicalImageTask implements Runnable {
                 break;
             }
 
-            Map.Entry<String, List<Long>> entry = iterator.next();
+            Map.Entry<String, List<FileId>> entry = iterator.next();
             String key = entry.getKey();
             String ruleName;
             String[] split = key.split("\t");
             ruleName = split[1];
 
-            List<Long> fileIds = entry.getValue();
+            List<FileId> fileIds = entry.getValue();
-            for (Long fileId: fileIds) {
+            for (FileId fileId : fileIds) {
                 if (cancelled) {
                     postArtifacts(artifacts);
                     return;
@@ -391,7 +435,7 @@ final class AddLogicalImageTask implements Runnable {
                     postArtifacts(artifacts);
                     artifacts.clear();
                 }
-                addInterestingFileToArtifacts(fileId, Bundle.AddLogicalImageTask_logicalImagerResults(), ruleName, artifacts);
+                addInterestingFileToArtifacts(fileId.getFileId(), fileId.getDataSourceId(), Bundle.AddLogicalImageTask_logicalImagerResults(), ruleName, artifacts);
                 lineNumber++;
             }
             iterator.remove();
@@ -399,24 +443,36 @@ final class AddLogicalImageTask implements Runnable {
         postArtifacts(artifacts);
     }
 
-    private void addInterestingFileToArtifacts(long fileId, String ruleSetName, String ruleName, List<BlackboardArtifact> artifacts) throws TskCoreException {
+    private void addInterestingFileToArtifacts(long fileId, long dataSourceId, String ruleSetName, String ruleName, List<BlackboardArtifact> artifacts) throws TskCoreException {
-        Collection<BlackboardAttribute> attributes = new ArrayList<>();
+        BlackboardArtifact artifact;
-        BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName);
+        try {
-        attributes.add(setNameAttribute);
+            artifact = this.blackboard.newAnalysisResult(
-        BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName);
+                    INTERESTING_FILE_TYPE,
-        attributes.add(ruleNameAttribute);
+                    fileId,
-        BlackboardArtifact artifact = this.currentCase.getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, fileId);
+                    dataSourceId,
-        artifact.addAttributes(attributes);
+                    Score.SCORE_UNKNOWN,
+                    null,
+                    null,
+                    null,
+                    Arrays.asList(
+                            new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),
+                            new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName)
+                    ))
+                    .getAnalysisResult();
+        } catch (Blackboard.BlackboardException ex) {
+            throw new TskCoreException("Unable to create analysis result.", ex);
+        }
+
         artifacts.add(artifact);
     }
 
     @Messages({
         "# {0} - file number", "# {1} - total files", "AddLogicalImageTask.searchingInterestingFile=Searching for interesting files ({0}/{1})"
     })
-    private Map<String, List<Long>> getInterestingFileMapForVHD(Path resultsPath) throws TskCoreException, IOException {
+    private Map<String, List<FileId>> getInterestingFileMapForVHD(Path resultsPath) throws TskCoreException, IOException {
         Map<Long, List<String>> objIdToimagePathsMap = currentCase.getSleuthkitCase().getImagePaths();
         imagePathToObjIdMap = imagePathsToDataSourceObjId(objIdToimagePathsMap);
-        Map<String, List<Long>> interestingFileMap = new HashMap<>();
+        Map<String, List<FileId>> interestingFileMap = new HashMap<>();
 
         try (BufferedReader br = new BufferedReader(new InputStreamReader(
                 new FileInputStream(resultsPath.toFile()), "UTF8"))) { // NON-NLS
@@ -449,16 +505,14 @@ final class AddLogicalImageTask implements Runnable {
 
                 String query = makeQuery(vhdFilename, fileMetaAddressStr, parentPath, filename);
                 List<AbstractFile> matchedFiles = Case.getCurrentCase().getSleuthkitCase().findAllFilesWhere(query);
-                List<Long> fileIds = new ArrayList<>();
+                List<FileId> fileIds = new ArrayList<>();
                 for (AbstractFile file : matchedFiles) {
-                    fileIds.add(file.getId());
+                    fileIds.add(new FileId(file.getDataSourceObjectId(), file.getId()));
                 }
                 String key = String.format("%s\t%s", ruleSetName, ruleName);
-                if (interestingFileMap.containsKey(key)) {
+                interestingFileMap.computeIfAbsent(key, (k) -> new ArrayList<>())
-                    interestingFileMap.get(key).addAll(fileIds);
+                        .addAll(fileIds);
-                } else {
+                
-                    interestingFileMap.put(key, fileIds);
-                }
                 lineNumber++;
             } // end reading file
         }
@@ -477,10 +531,10 @@ final class AddLogicalImageTask implements Runnable {
     @Messages({
         "# {0} - file number", "# {1} - total files", "AddLogicalImageTask.addingExtractedFile=Adding extracted files ({0}/{1})"
     })
-    private Map<String, List<Long>> addExtractedFiles(File src, Path resultsPath, Host host, List<Content> newDataSources) throws TskCoreException, IOException {
+    private Map<String, List<FileId>> addExtractedFiles(File src, Path resultsPath, Host host, List<Content> newDataSources) throws TskCoreException, IOException {
         SleuthkitCase skCase = Case.getCurrentCase().getSleuthkitCase();
         SleuthkitCase.CaseDbTransaction trans = null;
-        Map<String, List<Long>> interestingFileMap = new HashMap<>();
+        Map<String, List<FileId>> interestingFileMap = new HashMap<>();
 
         try {
             trans = skCase.beginTransaction();
@@ -533,12 +587,11 @@ final class AddLogicalImageTask implements Runnable {
                             Long.parseLong(mtime),
                             localFilesDataSource);
                     String key = String.format("%s\t%s", ruleSetName, ruleName);
-                    List<Long> value = new ArrayList<>();
+
-                    if (interestingFileMap.containsKey(key)) {
+                    long dataSourceId = fileAdded.getDataSourceObjectId();
-                        value = interestingFileMap.get(key);
+                    long fileId = fileAdded.getId();
-                    }
+                    interestingFileMap.computeIfAbsent(key, (k) -> new ArrayList<>())
-                    value.add(fileAdded.getId());
+                            .add(new FileId(dataSourceId, fileId));
-                    interestingFileMap.put(key, value);
                     lineNumber++;
                 } // end reading file
             }

Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java

@@ -40,13 +40,14 @@ import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskDataException;
 
 /**
  * Data source ingest module that verifies the integrity of an Expert Witness
  * Format (EWF) E01 image file by generating a hash of the file and comparing it
- * to the value stored in the image. Will also generate hashes for any image-type 
+ * to the value stored in the image. Will also generate hashes for any
- * data source that has none.
+ * image-type data source that has none.
  */
 public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
 
@@ -110,8 +111,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
         "# {0} - imageName",
         "DataSourceIntegrityIngestModule.process.verificationSuccess=Integrity of {0} verified",
         "# {0} - imageName",
-        "DataSourceIntegrityIngestModule.process.verificationFailure={0} failed integrity verification",
+        "DataSourceIntegrityIngestModule.process.verificationFailure={0} failed integrity verification",})
-    })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
         String imgName = dataSource.getName();
@@ -136,7 +136,6 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
         // Determine which mode we're in. 
         // - If there are any preset hashes, then we'll verify them (assuming the verify checkbox is selected)
         // - Otherwise we'll calculate and store all three hashes (assuming the compute checkbox is selected)
-        
         // First get a list of all stored hash types
         try {
             if (img.getMd5() != null && !img.getMd5().isEmpty()) {
@@ -294,10 +293,17 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
 
             if (!verified) {
                 try {
-                    BlackboardArtifact verificationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED, img.getId());
+                    BlackboardArtifact verificationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().getBlackboard().newAnalysisResult(
-                    verificationFailedArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                            new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED),
-                        DataSourceIntegrityModuleFactory.getModuleName(), artifactComment));
+                            img.getId(), img.getId(),
-                    Case.getCurrentCase().getServices().getArtifactsBlackboard().postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName());
+                            Score.SCORE_UNKNOWN,
+                            null, null, null,
+                            Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                                    DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)))
+                            .getAnalysisResult();
+
+                    Case.getCurrentCase().getServices().getArtifactsBlackboard()
+                            .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName());
                 } catch (TskCoreException ex) {
                     logger.log(Level.SEVERE, "Error creating verification failed artifact", ex);
                 } catch (Blackboard.BlackboardException ex) {
@@ -366,8 +372,8 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
     }
 
     /**
-     * Enum to hold the type of hash.
+     * Enum to hold the type of hash. The value in the "name" field should be
-     * The value in the "name" field should be compatible with MessageDigest
+     * compatible with MessageDigest
      */
     private enum HashType {
         MD5("MD5"),
@@ -389,6 +395,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
      * Utility class to hold data for a specific hash algorithm.
      */
     private class HashData {
+
         private HashType type;
         private MessageDigest digest;
         private String storedHash;

Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java

@@ -76,6 +76,7 @@ import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.DerivedFile;
 import org.sleuthkit.datamodel.EncodedFileOutputStream;
 import org.sleuthkit.datamodel.ReadContentInputStream;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 
@@ -314,8 +315,9 @@ class SevenZipExtractor {
                             details));
 
             if (!blackboard.artifactExists(archiveFile, TSK_INTERESTING_FILE_HIT, attributes)) {
-                BlackboardArtifact artifact = rootArchive.getArchiveFile().newArtifact(TSK_INTERESTING_FILE_HIT);
+                BlackboardArtifact artifact = rootArchive.getArchiveFile().newAnalysisResult(
-                artifact.addAttributes(attributes);
+                        new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                        .getAnalysisResult();
                 try {
                     /*
                      * post the artifact which will index the artifact for
@@ -852,8 +854,11 @@ class SevenZipExtractor {
         if (hasEncrypted) {
             String encryptionType = fullEncryption ? ENCRYPTION_FULL : ENCRYPTION_FILE_LEVEL;
             try {
-                BlackboardArtifact artifact = archiveFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED);
+                BlackboardArtifact artifact = archiveFile.newAnalysisResult(
-                artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, encryptionType));
+                        new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED), Score.SCORE_UNKNOWN, 
+                        null, null, null, 
+                        Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, encryptionType)))
+                        .getAnalysisResult();
 
                 try {
                     /*

Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java

@@ -19,6 +19,7 @@
 package org.sleuthkit.autopsy.modules.encryptiondetection;
 
 import java.io.IOException;
+import java.util.Arrays;
 import java.util.List;
 import java.util.logging.Level;
 import org.openide.util.NbBundle.Messages;
@@ -36,6 +37,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.ReadContentInputStream;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.Volume;
 import org.sleuthkit.datamodel.VolumeSystem;
@@ -144,7 +146,8 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
      * Create a blackboard artifact.
      *
      * @param volume       The volume to be processed.
-     * @param artifactType The type of artifact to create.
+     * @param artifactType The type of artifact to create. This is assumed to be
+     *                     an analysis result type.
      * @param comment      A comment to be attached to the artifact.
      *
      * @return 'OK' if the volume was processed successfully, or 'ERROR' if
@@ -157,8 +160,9 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
         }
 
         try {
-            BlackboardArtifact artifact = volume.newArtifact(artifactType);
+            BlackboardArtifact artifact = volume.newAnalysisResult(new BlackboardArtifact.Type(artifactType), Score.SCORE_UNKNOWN, null, null, null, 
-            artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, EncryptionDetectionModuleFactory.getModuleName(), comment));
+                    Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, EncryptionDetectionModuleFactory.getModuleName(), comment)))
+                    .getAnalysisResult();
             
             try {
                 /*

Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java

@@ -29,6 +29,7 @@ import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.InputStream;
 import java.nio.BufferUnderflowException;
+import java.util.Arrays;
 import java.util.logging.Level;
 import org.apache.tika.exception.EncryptedDocumentException;
 import org.apache.tika.exception.TikaException;
@@ -52,6 +53,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.ReadContentInputStream;
 import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 import org.xml.sax.ContentHandler;
@@ -187,7 +189,8 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
      * Create a blackboard artifact.
      *
      * @param file         The file to be processed.
-     * @param artifactType The type of artifact to create.
+     * @param artifactType The type of artifact to create. Assumed to be an
+     *                     analysis result type.
      * @param comment      A comment to be attached to the artifact.
      *
      * @return 'OK' if the file was processed successfully, or 'ERROR' if there
@@ -199,9 +202,10 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
                 return IngestModule.ProcessResult.OK;
             }
 
-            BlackboardArtifact artifact = file.newArtifact(artifactType);
+            BlackboardArtifact artifact = file.newAnalysisResult(new BlackboardArtifact.Type(artifactType), Score.SCORE_UNKNOWN, null, null, null, 
-            artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                    Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
-                    EncryptionDetectionModuleFactory.getModuleName(), comment));
+                    EncryptionDetectionModuleFactory.getModuleName(), comment)))
+                    .getAnalysisResult();
 
             try {
                 /*

Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java

@@ -18,6 +18,7 @@
  */
 package org.sleuthkit.autopsy.modules.fileextmismatch;
 
+import java.util.Collections;
 import java.util.HashMap;
 import java.util.Set;
 import java.util.logging.Level;
@@ -38,6 +39,7 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.datamodel.TskData.FileKnown;
 import org.sleuthkit.datamodel.TskException;
@@ -140,7 +142,9 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
 
             if (mismatchDetected) {
                 // add artifact               
-                BlackboardArtifact bart = abstractFile.newArtifact(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED);
+                BlackboardArtifact bart = abstractFile.newAnalysisResult(
+                        new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED), Score.SCORE_UNKNOWN, null, null, null, Collections.emptyList())
+                        .getAnalysisResult();
 
                 try {
                     /*

Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java

@@ -40,6 +40,7 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_INTER
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
@@ -162,8 +163,10 @@ public class FileTypeIdIngestModule implements FileIngestModule {
             Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard();
             // Create artifact if it doesn't already exist.
             if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
-                BlackboardArtifact artifact = file.newArtifact(TSK_INTERESTING_FILE_HIT);
+                BlackboardArtifact artifact = file.newAnalysisResult(
-                artifact.addAttributes(attributes);
+                        new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                        .getAnalysisResult();
+                
                 try {
                     /*
                      * post the artifact which will index the artifact for

Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java

@@ -49,7 +49,10 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.HashHitInfo;
 import org.sleuthkit.datamodel.HashUtility;
 import org.sleuthkit.datamodel.Score;
+<<<<<<< HEAD
 import org.sleuthkit.datamodel.Score.Significance;
+=======
+>>>>>>> 7317-dataArtifacts
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
@@ -534,24 +537,16 @@ public class HashDbIngestModule implements FileIngestModule {
         try {
             String moduleName = HashLookupModuleFactory.getModuleName();
             
-            List<BlackboardAttribute> attributes = Arrays.asList(
+            Collection<BlackboardAttribute> attributes = new ArrayList<>();
-                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, db.getDisplayName()),
+            //TODO Revisit usage of deprecated constructor as per TSK-583
-                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5, moduleName, md5Hash),
+            //BlackboardAttribute att2 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), MODULE_NAME, "Known Bad", hashSetName);
-                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, moduleName, comment)
+            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, hashSetName));
-            );
+            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5, moduleName, md5Hash));
+            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, moduleName, comment));
 
-
-            String conclusion = TBD;
-            String configuration = TBD;
-            String justification = TBD;
-
-            // BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList
             BlackboardArtifact badFile = abstractFile.newAnalysisResult(
-                    BlackboardArtifact.Type.TSK_HASHSET_HIT, getScore(db.getKnownFilesType()), 
+                    new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_HASHSET_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
-                    conclusion, configuration, justification,
+                    .getAnalysisResult();
-                    attributes
-            ).getAnalysisResult();
-
             try {
                 /*
                  * post the artifact which will index the artifact for keyword

Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java

@@ -43,6 +43,7 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_INTER
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 
@@ -142,7 +143,10 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
 
                     // Create artifact if it doesn't already exist.
                     if (!blackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
-                        BlackboardArtifact artifact = file.newArtifact(TSK_INTERESTING_FILE_HIT);
+                        BlackboardArtifact artifact = file.newAnalysisResult(
+                                new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                                .getAnalysisResult();
+
                         artifact.addAttributes(attributes);
                         try {
 

Core/src/org/sleuthkit/autopsy/modules/leappanalyzers/LeappFileProcessor.java

@@ -71,6 +71,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskException;
 import org.sleuthkit.datamodel.blackboardutils.CommunicationArtifactsHelper;
@@ -392,7 +393,7 @@ public final class LeappFileProcessor {
                                 geoAbstractFile = createTrackpoint(bbattributes, dataSource, fileName, trackpointSegmentName, pointList);
                                 break;
                             default: // There is no relationship defined so just process the artifact normally
-                                BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType.getTypeID(), dataSource, bbattributes);
+                                BlackboardArtifact bbartifact = createArtifactWithAttributes(artifactType, dataSource, bbattributes);
                                 if (bbartifact != null) {
                                     bbartifacts.add(bbartifact);
                                 }
@@ -1208,8 +1209,7 @@ public final class LeappFileProcessor {
     /**
      * Generic method for creating a blackboard artifact with attributes
      *
-     * @param type is a blackboard.artifact_type enum to determine which type
+     * @param artType The artifact type.
-     * the artifact should be
      * @param dataSource is the Content object that needs to have the artifact
      * added for it
      * @param bbattributes is the collection of blackboard attributes that need
@@ -1217,11 +1217,17 @@ public final class LeappFileProcessor {
      *
      * @return The newly-created artifact, or null on error
      */
-    private BlackboardArtifact createArtifactWithAttributes(int type, Content dataSource, Collection<BlackboardAttribute> bbattributes) {
+    private BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type artType, Content dataSource, Collection<BlackboardAttribute> bbattributes) {
         try {
-            BlackboardArtifact bbart = dataSource.newArtifact(type);
+            switch (artType.getCategory()) {
-            bbart.addAttributes(bbattributes);
+                case DATA_ARTIFACT:
-            return bbart;
+                    return dataSource.newDataArtifact(artType, bbattributes);
+                case ANALYSIS_RESULT:
+                    return dataSource.newAnalysisResult(artType, Score.SCORE_UNKNOWN, null, null, null, bbattributes).getAnalysisResult();
+                default:
+                    logger.log(Level.SEVERE, "Unknown category type: " + artType.getCategory().getDisplayName());
+                    return null;
+            }
         } catch (TskException ex) {
             logger.log(Level.WARNING, Bundle.LeappFileProcessor_error_creating_new_artifacts(), ex); //NON-NLS
         }

Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java

@@ -29,6 +29,7 @@ import com.drew.metadata.exif.GpsDirectory;
 import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Date;
 import java.util.Set;
@@ -56,6 +57,7 @@ import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.ReadContentInputStream;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.autopsy.modules.pictureanalyzer.spi.PictureProcessor;
+import org.sleuthkit.datamodel.Score;
 
 /**
  * Extracts EXIF metadata from JPEG, TIFF, and WAV files. Currently only date,
@@ -148,11 +150,13 @@ public class EXIFProcessor implements PictureProcessor {
 
             if (!attributes.isEmpty() && !blackboard.artifactExists(file, TSK_METADATA_EXIF, attributes)) {
 
-                final BlackboardArtifact exifArtifact = file.newArtifact(TSK_METADATA_EXIF);
+                final BlackboardArtifact exifArtifact = file.newDataArtifact(new BlackboardArtifact.Type(TSK_METADATA_EXIF), attributes);
-                final BlackboardArtifact userSuspectedArtifact = file.newArtifact(TSK_USER_CONTENT_SUSPECTED);
+                
-                exifArtifact.addAttributes(attributes);
+                final BlackboardArtifact userSuspectedArtifact = file.newAnalysisResult(
-                userSuspectedArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                        new BlackboardArtifact.Type(TSK_USER_CONTENT_SUSPECTED), Score.SCORE_UNKNOWN, null, null, null,
-                        MODULE_NAME, Bundle.ExifProcessor_userContent_description()));
+                        Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, Bundle.ExifProcessor_userContent_description())))
+                        .getAnalysisResult();
+                
                 try {
                     // index the artifact for keyword search
                     blackboard.postArtifact(exifArtifact, MODULE_NAME);

Core/src/org/sleuthkit/autopsy/modules/plaso/PlasoIngestModule.java

@@ -345,8 +345,7 @@ public class PlasoIngestModule implements DataSourceIngestModule {
                                 eventType.getTypeID()));
 
                 try {
-                    BlackboardArtifact bbart = resolvedFile.newArtifact(TSK_TL_EVENT);
+                    BlackboardArtifact bbart = resolvedFile.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), bbattributes);
-                    bbart.addAttributes(bbattributes);
                     try {
                         /*
                          * Post the artifact which will index the artifact for

Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestHelper.java

@@ -39,6 +39,7 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_YARA_
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_RULE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
@@ -162,13 +163,15 @@ final class YaraIngestHelper {
     }
 
     /**
-     * Scan the given file for rules that match from the given rule set directory.
+     * Scan the given file for rules that match from the given rule set
+     * directory.
      *
      * @param scanFile         Locally stored file to scan.
      * @param ruleSetDirectory Base directory of the compiled rule sets.
      * @param timeout          YARA Scanner timeout value.
      *
-     * @return List of matching rules, if none were found the list will be empty.
+     * @return List of matching rules, if none were found the list will be
+     *         empty.
      *
      * @throws YaraWrapperException
      */
@@ -198,13 +201,15 @@ final class YaraIngestHelper {
     private static List<BlackboardArtifact> createArtifact(AbstractFile abstractFile, String ruleSetName, List<String> matchingRules) throws TskCoreException {
         List<BlackboardArtifact> artifacts = new ArrayList<>();
         for (String rule : matchingRules) {
-            BlackboardArtifact artifact = abstractFile.newArtifact(TSK_YARA_HIT);
+
             List<BlackboardAttribute> attributes = new ArrayList<>();
 
             attributes.add(new BlackboardAttribute(TSK_SET_NAME, MODULE_NAME, ruleSetName));
             attributes.add(new BlackboardAttribute(TSK_RULE, MODULE_NAME, rule));
 
-            artifact.addAttributes(attributes);
+            BlackboardArtifact artifact = abstractFile.newAnalysisResult(new BlackboardArtifact.Type(TSK_YARA_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                    .getAnalysisResult();
+
             artifacts.add(artifact);
         }
         return artifacts;

Core/src/org/sleuthkit/autopsy/report/modules/stix/StixArtifactData.java

@@ -34,6 +34,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 
@@ -87,8 +88,9 @@ class StixArtifactData {
 
         // Create artifact if it doesn't already exist.
         if (!blackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
-            BlackboardArtifact bba = file.newArtifact(TSK_INTERESTING_FILE_HIT);
+            BlackboardArtifact bba = file.newAnalysisResult(
-            bba.addAttributes(attributes);
+                    new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), 
+                    Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
 
             try {
                 /*

Core/src/org/sleuthkit/autopsy/test/CustomArtifactType.java

@@ -23,10 +23,13 @@ import java.util.List;
 import javax.xml.bind.DatatypeConverter;
 import org.joda.time.DateTime;
 import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
+import org.sleuthkit.datamodel.Blackboard.BlackboardException;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
@@ -93,7 +96,6 @@ final class CustomArtifactType {
      *                                        artifact to the blackboard.
      */
     static BlackboardArtifact createAndPostInstance(Content source) throws TskCoreException, Blackboard.BlackboardException {
-        BlackboardArtifact artifact = source.newArtifact(artifactType.getTypeID());
         List<BlackboardAttribute> attributes = new ArrayList<>();
         attributes.add(new BlackboardAttribute(intAttrType, MODULE_NAME, 0));
         attributes.add(new BlackboardAttribute(doubleAttrType, MODULE_NAME, 0.0));
@@ -102,7 +104,6 @@ final class CustomArtifactType {
         attributes.add(new BlackboardAttribute(bytesAttrType, MODULE_NAME, DatatypeConverter.parseHexBinary("ABCD")));
         attributes.add(new BlackboardAttribute(stringAttrType, MODULE_NAME, "Zero"));
         attributes.add(new BlackboardAttribute(jsonAttrType, MODULE_NAME, "{\"fruit\": \"Apple\",\"size\": \"Large\",\"color\": \"Red\"}"));
-        artifact.addAttributes(attributes);
 
         /*
          * Add a second source module to the attributes. Try to do it twice. The
@@ -113,6 +114,28 @@ final class CustomArtifactType {
             attr.addSource(ADDITIONAL_MODULE_NAME);
         }
 
+        BlackboardArtifact artifact;
+        
+        if (artifactType.getCategory() == null) {
+            throw new TskCoreException(String.format("Artifact type: %s has no category.", 
+                        artifactType.getDisplayName(), artifactType.getCategory().getDisplayName()));
+        }
+        
+        switch (artifactType.getCategory()) {
+            case DATA_ARTIFACT:
+                artifact = source.newDataArtifact(artifactType, attributes);
+                break;
+                
+            case ANALYSIS_RESULT:
+                artifact = source.newAnalysisResult(artifactType, Score.SCORE_UNKNOWN, null, null, null, attributes)
+                        .getAnalysisResult();
+                break;
+                
+            default:
+                throw new TskCoreException(String.format("Artifact type: %s has no known category: %s", 
+                        artifactType.getDisplayName(), artifactType.getCategory().getDisplayName()));
+        }
+                
         Blackboard blackboard = Case.getCurrentCase().getServices().getArtifactsBlackboard();
         blackboard.postArtifact(artifact, MODULE_NAME);
 

Core/src/org/sleuthkit/autopsy/test/InterestingArtifactCreatorIngestModule.java

@@ -20,6 +20,7 @@ package org.sleuthkit.autopsy.test;
 
 import java.util.ArrayList;
 import java.util.Collection;
+import java.util.Collections;
 import java.util.logging.Level;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -31,6 +32,7 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
@@ -77,11 +79,11 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
             int randomArtIndex = (int) (Math.random() * 3);
             Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getArtifactsBlackboard();
             BlackboardArtifact.Type artifactTypeBase = blackboard.getOrAddArtifactType(ARTIFACT_TYPE_NAMES[randomArtIndex], ARTIFACT_DISPLAY_NAMES[randomArtIndex]);
-            BlackboardArtifact artifactBase = file.newArtifact(artifactTypeBase.getTypeID());
+            
             Collection<BlackboardAttribute> baseAttributes = new ArrayList<>();
             String commentTxt;
             BlackboardAttribute baseAttr;
-            switch (artifactBase.getArtifactTypeID()) {
+            switch (artifactTypeBase.getTypeID()) {
                 case 2:
                     commentTxt = "www.placeholderWebsiteDOTCOM";
                     baseAttr = new BlackboardAttribute(
@@ -110,8 +112,20 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
                     commentTxt = "DEPENDENT ON ARTIFACT TYPE";
                     break;
             }
-            artifactBase.addAttributes(baseAttributes);
+            
-            BlackboardArtifact artifact = file.newArtifact(artifactType.getTypeID());
+            BlackboardArtifact artifactBase;
+            switch (artifactTypeBase.getCategory()) {
+                case DATA_ARTIFACT:
+                    artifactBase = file.newDataArtifact(artifactTypeBase, baseAttributes);
+                    break;
+                case ANALYSIS_RESULT:
+                    artifactBase = file.newAnalysisResult(artifactTypeBase, Score.SCORE_UNKNOWN, null, null, null, baseAttributes)
+                            .getAnalysisResult();
+                    break;
+                default:
+                    throw new IllegalArgumentException("Unknown category type: " + artifactTypeBase.getCategory().getDisplayName());
+            }
+            
             Collection<BlackboardAttribute> attributes = new ArrayList<>();
             BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, "ArtifactsAndTxt");
 
@@ -121,7 +135,19 @@ final class InterestingArtifactCreatorIngestModule extends FileIngestModuleAdapt
             attributes.add(att2);
             attributes.add(att3);
             attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, artifactBase.getArtifactID()));
-            artifact.addAttributes(attributes);
+            
+            switch (artifactType.getCategory()) {
+                case DATA_ARTIFACT:
+                    file.newDataArtifact(artifactType, attributes);
+                    break;
+                case ANALYSIS_RESULT:
+                    file.newAnalysisResult(artifactType, Score.SCORE_UNKNOWN, null, null, null, attributes)
+                            .getAnalysisResult();
+                    break;
+                default:
+                    throw new IllegalArgumentException("Unknown category type: " + artifactType.getCategory().getDisplayName());
+            }
+            
         } catch (TskCoreException | NoCurrentCaseException ex) {
             logger.log(Level.SEVERE, String.format("Failed to process file (obj_id = %d)", file.getId()), ex);
             return ProcessResult.ERROR;

Core/src/org/sleuthkit/autopsy/timeline/actions/AddManualEvent.java

@@ -22,7 +22,7 @@ import java.awt.Dialog;
 import java.time.Instant;
 import java.time.LocalDateTime;
 import java.time.ZoneId;
-import static java.util.Arrays.asList;
+import java.util.Arrays;
 import java.util.List;
 import java.util.Objects;
 import java.util.logging.Level;
@@ -142,9 +142,7 @@ public class AddManualEvent extends Action {
         try {
             //Use the current examiners name plus a fixed string as the source / module name.
             String source = MANUAL_CREATION + ": " + sleuthkitCase.getCurrentExaminer().getLoginName();
-
+            List<BlackboardAttribute> attributes = Arrays.asList(
-            BlackboardArtifact artifact = sleuthkitCase.newBlackboardArtifact(TSK_TL_EVENT, eventInfo.datasource.getId());
-            artifact.addAttributes(asList(
                     new BlackboardAttribute(
                             TSK_TL_EVENT_TYPE, source,
                             TimelineEventType.USER_CREATED.getTypeID()),
@@ -154,7 +152,10 @@ public class AddManualEvent extends Action {
                     new BlackboardAttribute(
                             TSK_DATETIME, source,
                             eventInfo.time)
-            ));
+            );
+            
+            BlackboardArtifact artifact = eventInfo.datasource.newDataArtifact(new BlackboardArtifact.Type(TSK_TL_EVENT), attributes, null);
+            
             try {
                 sleuthkitCase.getBlackboard().postArtifact(artifact, source);
             } catch (Blackboard.BlackboardException ex) {

Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java

@@ -19,8 +19,9 @@
 package org.sleuthkit.autopsy.experimental.objectdetection;
 
 import java.io.File;
-import java.util.Collections;
+import java.util.Arrays;
 import java.util.HashMap;
+import java.util.List;
 import java.util.Map;
 import java.util.logging.Level;
 import org.apache.commons.io.FilenameUtils;
@@ -43,12 +44,12 @@ import org.sleuthkit.autopsy.ingest.IngestMessage;
 import org.sleuthkit.autopsy.ingest.IngestModule;
 import org.sleuthkit.autopsy.ingest.IngestModuleReferenceCounter;
 import org.sleuthkit.autopsy.ingest.IngestServices;
-import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_OBJECT_DETECTED;
 import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
@@ -163,13 +164,15 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter
                 if (!detectionRectangles.empty()) {
                     //if any detections occurred create an artifact for this classifier and file combination
                     try {
-                        BlackboardArtifact artifact = file.newArtifact(TSK_OBJECT_DETECTED);
+                        List<BlackboardAttribute> attributes = Arrays.asList(
-                        artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION,
+                                new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION, MODULE_NAME, classifierKey),
-                                MODULE_NAME,
+                                new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, 
-                                classifierKey));
+                                        Bundle.ObjectDetectionFileIngestModule_classifierDetection_text((int) detectionRectangles.size().height))
-                        artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                        );
-                                MODULE_NAME,
+                        
-                                Bundle.ObjectDetectionFileIngestModule_classifierDetection_text((int) detectionRectangles.size().height)));
+                        BlackboardArtifact artifact = file.newAnalysisResult(
+                                new BlackboardArtifact.Type(TSK_OBJECT_DETECTED), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                                .getAnalysisResult();
                         
                         try {
                             /*

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java

@@ -46,6 +46,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Image;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData.EncodingType;
 import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
@@ -384,8 +385,10 @@ class VolatilityProcessor {
 
                         // Create artifact if it doesn't already exist.
                         if (!blackboard.artifactExists(resolvedFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
-                            BlackboardArtifact volArtifact = resolvedFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                            BlackboardArtifact volArtifact = resolvedFile.newAnalysisResult(
-                            volArtifact.addAttributes(attributes);
+                                    new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT), 
+                                    Score.SCORE_UNKNOWN, null, null, null, attributes)
+                                    .getAnalysisResult();
 
                             try {
                                 // index the artifact for keyword search

InternalPythonModules/GPX_Module/GPX_Parser_Module.py

@@ -199,9 +199,6 @@ class GPXParserFileIngestModule(FileIngestModule):
             for waypoint in gpx.waypoints:
 
                 try:
-                    art = file.newArtifact(
-                        BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
-
                     attributes = ArrayList()
                     attributes.add(BlackboardAttribute(
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), self.moduleName, waypoint.latitude))
@@ -213,7 +210,8 @@ class GPXParserFileIngestModule(FileIngestModule):
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self.moduleName, waypoint.name))
                     attributes.add(BlackboardAttribute(
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), self.moduleName, "GPXParser"))
-                    art.addAttributes(attributes)
+
+                    art = file.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
 
                     self.blackboard.postArtifact(art, self.moduleName)
 

InternalPythonModules/android/browserlocation.py

@@ -95,11 +95,11 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
                 longitude = Double.valueOf(resultSet.getString("longitude"))
 
                 attributes = ArrayList()
-                artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
+                artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
                 # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
                 # NOTE: originally commented out
 

InternalPythonModules/android/cachelocation.py

@@ -91,14 +91,13 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
                     i = i + 1
 
                     attributes = ArrayList()
-                    artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME,
                         abstractFile.getName() + " Location History"))
 
-                    artifact.addAttributes(attributes)
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
                     #Not storing these for now.
                     #    artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
                     #    artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))

InternalPythonModules/android/oruxmaps.py

@@ -86,7 +86,6 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
                         altitude = poisResultSet.getDouble("poialt")
 
                         attributes = ArrayList()
-                        artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude))
@@ -94,6 +93,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME))
 						
+                        artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
+
                         artifact.addAttributes(attributes)
                         try:
                             # index the artifact for keyword search

InternalPythonModules/android/viber.py

@@ -129,9 +129,8 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
                 elif (not(not contacts_parser.get_contact_name() or contacts_parser.get_contact_name().isspace())):
                     current_case = Case.getCurrentCase().getSleuthkitCase()
                     attributes = ArrayList()
-                    artifact = contacts_db.getDBFile().newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
-                    artifact.addAttributes(attributes)
+                    artifact = contacts_db.getDBFile().newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
                     
                     # Post the artifact to blackboard
                     current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)

KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java

@@ -569,8 +569,7 @@ public final class KeywordSearchIngestModule implements FileIngestModule {
             }
             if (!attributes.isEmpty()) {
                 try {
-                    BlackboardArtifact bbart = aFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA);
+                    BlackboardArtifact bbart = aFile.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA), attributes);
-                    bbart.addAttributes(attributes);
                     bbartifacts.add(bbart);
                 } catch (TskCoreException ex) {
                     // Log error and return to continue processing

KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java

@@ -40,6 +40,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskException;
 
@@ -236,14 +237,6 @@ class LuceneQuery implements KeywordSearchQuery {
         final String MODULE_NAME = KeywordSearchModuleFactory.getModuleName();
 
         Collection<BlackboardAttribute> attributes = new ArrayList<>();
-        BlackboardArtifact bba;
-        try {
-            bba = content.newArtifact(ARTIFACT_TYPE.TSK_KEYWORD_HIT);
-        } catch (TskCoreException e) {
-            logger.log(Level.WARNING, "Error adding bb artifact for keyword hit", e); //NON-NLS
-            return null;
-        }
-
         if (snippet != null) {
             attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_PREVIEW, MODULE_NAME, snippet));
         }
@@ -270,10 +263,10 @@ class LuceneQuery implements KeywordSearchQuery {
         );
 
         try {
-            bba.addAttributes(attributes); //write out to bb
+            return content.newAnalysisResult(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_KEYWORD_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
-            return bba;
+                    .getAnalysisResult();
         } catch (TskCoreException e) {
-            logger.log(Level.WARNING, "Error adding bb attributes to artifact", e); //NON-NLS
+            logger.log(Level.WARNING, "Error adding bb artifact for keyword hit", e); //NON-NLS
             return null;
         }
     }

KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java

@@ -52,6 +52,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.Content;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 
@@ -590,19 +591,11 @@ final class RegexQuery implements KeywordSearchQuery {
          * Create a "plain vanilla" keyword hit artifact with keyword and regex
          * attributes
          */
-        BlackboardArtifact newArtifact;
         Collection<BlackboardAttribute> attributes = new ArrayList<>();
 
         attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD, MODULE_NAME, foundKeyword.getSearchTerm()));
         attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_KEYWORD_REGEXP, MODULE_NAME, getQueryString()));
 
-        try {
-            newArtifact = content.newArtifact(ARTIFACT_TYPE.TSK_KEYWORD_HIT);
-        } catch (TskCoreException ex) {
-            LOGGER.log(Level.SEVERE, "Error adding artifact for keyword hit to blackboard", ex); //NON-NLS
-            return null;
-        }
-
         if (StringUtils.isNotBlank(listName)) {
             attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, listName));
         }
@@ -621,8 +614,8 @@ final class RegexQuery implements KeywordSearchQuery {
         }
 
         try {
-            newArtifact.addAttributes(attributes);
+            return content.newAnalysisResult(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_KEYWORD_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
-            return newArtifact;
+                    .getAnalysisResult();
         } catch (TskCoreException e) {
             LOGGER.log(Level.SEVERE, "Error adding bb attributes for terms search artifact", e); //NON-NLS
             return null;

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ChromeCacheExtractor.java

@@ -31,6 +31,7 @@ import java.nio.charset.Charset;
 import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashMap;
 import java.util.List;
@@ -540,23 +541,17 @@ final class ChromeCacheExtractor {
         webAttr.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PATH_ID,
                 moduleName, cachedItemFile.getId()));
 
-        Optional<Long> optional = cacheEntryFile.getOsAccountObjectId();
+        BlackboardArtifact webCacheArtifact = cacheEntryFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_CACHE), webAttr);
-        OsAccount account = null;
-        if(optional.isPresent()) {
-            account = currentCase.getSleuthkitCase().getOsAccountManager().getOsAccountByObjectId(optional.get());
-        }
-        BlackboardArtifact webCacheArtifact = cacheEntryFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WEB_CACHE), webAttr, account);
         artifactsAdded.add(webCacheArtifact);
 
         // Create a TSK_ASSOCIATED_OBJECT on the f_XXX or derived file file back to the CACHE entry
-        BlackboardArtifact associatedObjectArtifact = cachedItemFile.newArtifact(ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT);
+        BlackboardArtifact associatedObjectArtifact = cachedItemFile.newDataArtifact(
-        if (associatedObjectArtifact != null) {
+                new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT), 
-            associatedObjectArtifact.addAttribute(
+                Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, 
-                        new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT,
+                        moduleName, webCacheArtifact.getArtifactID())));
-                                moduleName, webCacheArtifact.getArtifactID()));
+        
         artifactsAdded.add(associatedObjectArtifact);
     }
-    }
     
     /**
      * Finds all the f_* files in the specified path, and fills them in the 

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java

@@ -52,6 +52,7 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOC
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.OsAccount;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 
@@ -159,13 +160,13 @@ abstract class Extract {
      * @throws TskCoreException
      */
     BlackboardArtifact createArtifactWithAttributes(BlackboardArtifact.Type type, Content content, Collection<BlackboardAttribute> attributes) throws TskCoreException {
-        Optional<OsAccount> optional = getOsAccount(content);
+        switch (type.getCategory()) {
-        if (optional.isPresent() && type.getCategory() == BlackboardArtifact.Category.DATA_ARTIFACT) {
+            case DATA_ARTIFACT:
-            return content.newDataArtifact(type, attributes, optional.get());
+                return content.newDataArtifact(type, attributes);
-        } else {
+            case ANALYSIS_RESULT:
-            BlackboardArtifact bbart = content.newArtifact(type.getTypeID());
+                return content.newAnalysisResult(type, Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
-            bbart.addAttributes(attributes);
+            default:
-            return bbart;
+                throw new TskCoreException("Unknown category type: " + type.getCategory().getDisplayName());
         }
     }
 
@@ -537,28 +538,4 @@ abstract class Extract {
          
         return tempFile;
     }
-    
-    /**
-     * Return the appropriate OsAccount for the given file.
-     * 
-     * @param file
-     * 
-     * @return An Optional OsACcount object.
-     * 
-     * @throws TskCoreException 
-     */
-    Optional<OsAccount> getOsAccount(Content content) throws TskCoreException {
-        if(content instanceof AbstractFile) {
-            if(osAccountCache == null) {
-                Optional<Long> accountId = ((AbstractFile)content).getOsAccountObjectId();
-                if(accountId.isPresent()) {
-                    return Optional.ofNullable(tskCase.getOsAccountManager().getOsAccountByObjectId(accountId.get()));
-                }
-                return Optional.empty();
-            } 
-
-            return osAccountCache.getOsAccount(((AbstractFile)content));
-        }
-        return Optional.empty();
-    }
 }

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java

@@ -742,11 +742,11 @@ class ExtractRegistry extends Extract {
                             } else {
                                 results.get(0).addAttributes(bbattributes);
                             }
-                            for (Map.Entry userMap : getUserNameMap().entrySet()) { 
+                            for (Map.Entry<String, String> userMap : getUserNameMap().entrySet()) { 
                                 String sid = "";
                                 try{
-                                    sid = (String)userMap.getKey();
+                                    sid = userMap.getKey();
-                                    String userName = (String)userMap.getValue();
+                                    String userName = userMap.getValue();
                                     createOrUpdateOsAccount(regFile, sid, userName, null);
                                 } catch(TskCoreException | TskDataException | NotUserSIDException ex) {
                                     logger.log(Level.WARNING, String.format("Failed to update Domain for existing OsAccount: %s, sid: %s", regFile.getId(), sid), ex);
@@ -815,9 +815,7 @@ class ExtractRegistry extends Extract {
                                         try {
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME, parentModuleName, value));
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, parentModuleName, itemMtime));
-                                            BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_DELETED_PROG);
+                                            BlackboardArtifact bbart = regFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_DELETED_PROG), bbattributes);
-                                            bbart.addAttributes(bbattributes);
-
                                             newArtifacts.add(bbart);
                                         } catch (TskCoreException ex) {
                                             logger.log(Level.SEVERE, "Error adding installed program artifact to blackboard.", ex); //NON-NLS
@@ -827,7 +825,6 @@ class ExtractRegistry extends Extract {
                                         String officeName = artnode.getAttribute("name"); //NON-NLS
 
                                         try {
-                                            BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
                                             // @@@ BC: Consider removing this after some more testing. It looks like an Mtime associated with the root key and not the individual item
                                             if (mtime != null) {
                                                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED, parentModuleName, mtime));
@@ -835,7 +832,7 @@ class ExtractRegistry extends Extract {
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, parentModuleName, officeName));
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE, parentModuleName, value));
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME, parentModuleName, artnode.getNodeName()));
-                                            bbart.addAttributes(bbattributes);
+                                            BlackboardArtifact bbart = regFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_RECENT_OBJECT), bbattributes);
                                             
                                             newArtifacts.add(bbart);
                                         } catch (TskCoreException ex) {
@@ -874,12 +871,12 @@ class ExtractRegistry extends Extract {
                                         try {
                                         String localPath = artnode.getAttribute("localPath"); //NON-NLS
                                         String remoteName = value;
-                                        BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_REMOTE_DRIVE);
+                                        
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LOCAL_PATH,
                                                 parentModuleName, localPath));
                                         bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_REMOTE_PATH,
                                                 parentModuleName, remoteName));
-                                        bbart.addAttributes(bbattributes);
+                                        BlackboardArtifact bbart = regFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_REMOTE_DRIVE), bbattributes);
                                         newArtifacts.add(bbart);
                                     } catch (TskCoreException ex) {
                                         logger.log(Level.SEVERE, "Error adding network artifact to blackboard.", ex); //NON-NLS
@@ -893,8 +890,7 @@ class ExtractRegistry extends Extract {
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SSID, parentModuleName, value));
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, parentModuleName, lastWriteTime));
                                             bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_ID, parentModuleName, adapter));
-                                            BlackboardArtifact bbart = regFile.newArtifact(ARTIFACT_TYPE.TSK_WIFI_NETWORK);
+                                            BlackboardArtifact bbart = regFile.newDataArtifact(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_WIFI_NETWORK), bbattributes);
-                                            bbart.addAttributes(bbattributes);
                                             newArtifacts.add(bbart);
                                         } catch (TskCoreException ex) {
                                             logger.log(Level.SEVERE, "Error adding SSID artifact to blackboard.", ex); //NON-NLS

branding/core/core.jar/org/netbeans/core/startup/Bundle.properties

@@ -1,5 +1,5 @@
 #Updated by build script
-#Mon, 25 Jan 2021 12:41:22 -0500
+#Wed, 28 Apr 2021 08:03:47 -0400
 LBL_splash_window_title=Starting Autopsy
 SPLASH_HEIGHT=314
 SPLASH_WIDTH=538

branding/modules/org-netbeans-core-windows.jar/org/netbeans/core/windows/view/ui/Bundle.properties

@@ -1,4 +1,4 @@
 #Updated by build script
-#Mon, 25 Jan 2021 12:41:22 -0500
+#Wed, 28 Apr 2021 08:03:47 -0400
 CTL_MainWindow_Title=Autopsy 4.18.0
 CTL_MainWindow_Title_No_Project=Autopsy 4.18.0

pythonExamples/dataSourceIngestModule.py

@@ -52,7 +52,9 @@ from org.sleuthkit.autopsy.casemodule import Case
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
-
+from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from org.sleuthkit.datamodel import Score
+from java.util import ArrayList
 
 # Factory that defines the name and details of the module and allows Autopsy
 # to create instances of the modules that will do the analysis.
@@ -138,9 +140,9 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
 
             # Make an artifact on the blackboard.  TSK_INTERESTING_FILE_HIT is a generic type of
             # artfiact.  Refer to the developer docs for other examples.
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
+            attrs = ArrayList()
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file")
+            attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file"))
-            art.addAttribute(att)
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
 
             try:
                 # index the artifact for keyword search

pythonExamples/fileIngestModule.py

@@ -54,6 +54,8 @@ from org.sleuthkit.autopsy.casemodule import Case
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from org.sleuthkit.datamodel import Score
+from java.util import ArrayList
 
 # Factory that defines the name and details of the module and allows Autopsy
 # to create instances of the modules that will do the anlaysis.
@@ -125,10 +127,11 @@ class SampleJythonFileIngestModule(FileIngestModule):
 
             # Make an artifact on the blackboard.  TSK_INTERESTING_FILE_HIT is a generic type of
             # artifact.  Refer to the developer docs for other examples.
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
+            attrs = ArrayList()
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
+            attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
-                  SampleJythonFileIngestModuleFactory.moduleName, "Text Files")
+                  SampleJythonFileIngestModuleFactory.moduleName, "Text Files"))
-            art.addAttribute(att)
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
+
 
             try:
                 # index the artifact for keyword search

thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java

@@ -21,6 +21,7 @@ package org.sleuthkit.autopsy.thunderbirdparser;
 import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
@@ -59,6 +60,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.DerivedFile;
 import org.sleuthkit.datamodel.ReadContentInputStream;
 import org.sleuthkit.datamodel.Relationship;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.datamodel.TskDataException;
@@ -240,8 +242,15 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
                     // encrypted pst: Add encrypted file artifact
                     try {
 
-                    BlackboardArtifact artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED);
+                    BlackboardArtifact artifact = abstractFile.newAnalysisResult(
-                    artifact.addAttribute(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, EmailParserModuleFactory.getModuleName(), NbBundle.getMessage(this.getClass(), "ThunderbirdMboxFileIngestModule.encryptionFileLevel")));
+                            new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED), 
+                            Score.SCORE_UNKNOWN, null, null, null, Arrays.asList(
+                                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, 
+                                        EmailParserModuleFactory.getModuleName(), 
+                                        NbBundle.getMessage(this.getClass(), 
+                                        "ThunderbirdMboxFileIngestModule.encryptionFileLevel"))
+                            ))
+                            .getAnalysisResult();
 
                     try {
                         // index the artifact for keyword search
@@ -759,8 +768,9 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
                 return null;
             }
 
-            bbart = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG);
+            bbart = abstractFile.newDataArtifact(
-            bbart.addAttributes(bbattributes);
+                    new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG), 
+                    bbattributes);
 
             if (context.fileIngestIsCancelled()) {
                 return null;

thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/VcardParser.java

@@ -223,8 +223,7 @@ final class VcardParser {
         try {
             // Create artifact if it doesn't already exist.
             if (!tskBlackboard.artifactExists(abstractFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT, attributes)) {
-                artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT);
+                artifact = abstractFile.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes);
-                artifact.addAttributes(attributes);
                 
                 extractPhotos(vcard, abstractFile, artifact);