From 006eb5fe070622eac05bbbce28907b7c02db4fd8 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Mon, 18 Nov 2019 18:00:45 -0500
Subject: [PATCH 1/7] 5716 intial changes for support of user created type

---
 Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties    | 2 +-
 .../org/sleuthkit/autopsy/filequery/Bundle.properties-MERGED  | 2 +-
 .../org/sleuthkit/autopsy/filequery/FileSearchFiltering.java  | 2 +-
 .../autopsy/modules/exif/ExifParserFileIngestModule.java      | 4 ++++
 4 files changed, 7 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties b/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties
index c67ff8aa08..b4f11c01de 100644
--- a/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties
@@ -48,7 +48,7 @@ FileSearchPanel.hashSetCheckbox.text=Hash Set:
 FileSearchPanel.tagsCheckbox.text=Tags:
 FileSearchPanel.interestingItemsCheckbox.text=Interesting Items:
 FileSearchPanel.scoreCheckbox.text=Has Score:
-FileSearchPanel.exifCheckbox.text=Must contain EXIF data
+FileSearchPanel.exifCheckbox.text=Possibly User Created
 FileSearchPanel.notableCheckbox.text=Must have been tagged as notable
 FileSearchPanel.objectsCheckbox.text=Objects:
 ResultsPanel.currentPageLabel.text=Page: -
diff --git a/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties-MERGED
index b947682e5b..49e1c98f21 100644
--- a/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/filequery/Bundle.properties-MERGED
@@ -165,7 +165,7 @@ FileSearchPanel.hashSetCheckbox.text=Hash Set:
 FileSearchPanel.tagsCheckbox.text=Tags:
 FileSearchPanel.interestingItemsCheckbox.text=Interesting Items:
 FileSearchPanel.scoreCheckbox.text=Has Score:
-FileSearchPanel.exifCheckbox.text=Must contain EXIF data
+FileSearchPanel.exifCheckbox.text=Possibly User Created
 FileSearchPanel.notableCheckbox.text=Must have been tagged as notable
 FileSearchPanel.objectsCheckbox.text=Objects:
 # {0} - currentPage
diff --git a/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java b/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
index 920f7983c1..cad60c1300 100644
--- a/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
+++ b/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
@@ -859,7 +859,7 @@ class FileSearchFiltering {
         String getWhereClause() {
             String queryStr = "(obj_id IN (SELECT obj_id from blackboard_artifacts WHERE artifact_id IN "
                     + "(SELECT artifact_id FROM blackboard_attributes WHERE artifact_type_id = "
-                    + BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF.getTypeID() + ")))";
+                    + BlackboardArtifact.ARTIFACT_TYPE.TSK_USER_CREATED_SUSPECTED.getTypeID() + ")))";
 
             return queryStr;
         }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index 885468f483..c10138f014 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -49,6 +49,7 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF;
+import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_USER_CREATED_SUSPECTED;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE;
@@ -193,11 +194,14 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
                 // Create artifact if it doesn't already exist.
                 if (!blackboard.artifactExists(file, TSK_METADATA_EXIF, attributes)) {
                     BlackboardArtifact bba = file.newArtifact(TSK_METADATA_EXIF);
+                    BlackboardArtifact bba2 = file.newArtifact(TSK_USER_CREATED_SUSPECTED);
                     bba.addAttributes(attributes);
+                    bba2.addAttributes(attributes);
 
                     try {
                         // index the artifact for keyword search
                         blackboard.postArtifact(bba, MODULE_NAME);
+                        blackboard.postArtifact(bba2, MODULE_NAME);
                     } catch (Blackboard.BlackboardException ex) {
                         logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS
                         MessageNotifyUtil.Notify.error(

From 67ec973cfce6fa306f5f54e0774a01559f854b9a Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Mon, 9 Dec 2019 13:49:01 -0500
Subject: [PATCH 2/7] 5716 rename to device original artifact

---
 .../autopsy/modules/exif/ExifParserFileIngestModule.java     | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index c10138f014..762e8d2752 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -49,7 +49,7 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF;
-import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_USER_CREATED_SUSPECTED;
+import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ORIGINAL_SUSPECTED;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE;
@@ -194,9 +194,8 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
                 // Create artifact if it doesn't already exist.
                 if (!blackboard.artifactExists(file, TSK_METADATA_EXIF, attributes)) {
                     BlackboardArtifact bba = file.newArtifact(TSK_METADATA_EXIF);
-                    BlackboardArtifact bba2 = file.newArtifact(TSK_USER_CREATED_SUSPECTED);
+                    BlackboardArtifact bba2 = file.newArtifact(TSK_DEVICE_ORIGINAL_SUSPECTED);
                     bba.addAttributes(attributes);
-                    bba2.addAttributes(attributes);
 
                     try {
                         // index the artifact for keyword search

From 17fb01f30c0e649e4d933047f1b325937aefaa09 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Mon, 9 Dec 2019 13:52:40 -0500
Subject: [PATCH 3/7] 5716 rename to device original artifact

---
 .../org/sleuthkit/autopsy/filequery/FileSearchFiltering.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java b/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
index cad60c1300..91dd29e253 100644
--- a/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
+++ b/Core/src/org/sleuthkit/autopsy/filequery/FileSearchFiltering.java
@@ -859,7 +859,7 @@ class FileSearchFiltering {
         String getWhereClause() {
             String queryStr = "(obj_id IN (SELECT obj_id from blackboard_artifacts WHERE artifact_id IN "
                     + "(SELECT artifact_id FROM blackboard_attributes WHERE artifact_type_id = "
-                    + BlackboardArtifact.ARTIFACT_TYPE.TSK_USER_CREATED_SUSPECTED.getTypeID() + ")))";
+                    + BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ORIGINAL_SUSPECTED.getTypeID() + ")))";
 
             return queryStr;
         }

From 6efd161deb65ff1cfef266eebf2407048e9a8263 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Thu, 12 Dec 2019 15:28:44 -0500
Subject: [PATCH 4/7] 5678 fix reseting of content viewer when nothing in
 instances table

---
 .../autopsy/filequery/ResultsPanel.java       | 24 ++++++++++++-------
 1 file changed, 16 insertions(+), 8 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/filequery/ResultsPanel.java b/Core/src/org/sleuthkit/autopsy/filequery/ResultsPanel.java
index 27086c731c..c7f7ff9614 100644
--- a/Core/src/org/sleuthkit/autopsy/filequery/ResultsPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/filequery/ResultsPanel.java
@@ -142,14 +142,22 @@ public class ResultsPanel extends javax.swing.JPanel {
      */
     synchronized void populateInstancesList() {
         SwingUtilities.invokeLater(() -> {
-            instancesList.removeListSelectionListener(listener);
-            instancesListModel.removeAllElements();
-            for (AbstractFile file : getInstancesForSelected()) {
-                instancesListModel.addElement(file);
-            }
-            instancesList.addListSelectionListener(listener);
-            if (!instancesListModel.isEmpty()) {
-                instancesList.setSelectedIndex(0);
+            List<AbstractFile> files = getInstancesForSelected();
+            if (files.isEmpty()) {
+                //if there are no files currently remove the current items without removing listener to cause content viewer to reset
+                instancesListModel.removeAllElements();
+            } else {
+                //remove listener so content viewer node is not set multiple times
+                instancesList.removeListSelectionListener(listener);
+                instancesListModel.removeAllElements();
+                for (AbstractFile file : files) {
+                    instancesListModel.addElement(file);
+                }
+                //add listener back to allow selection of first index to cause content viewer node to be set
+                instancesList.addListSelectionListener(listener);
+                if (!instancesListModel.isEmpty()) {
+                    instancesList.setSelectedIndex(0);
+                }
             }
         });
     }

From e3d311f8e6b04512bd4646e015cb32712a13509a Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Mon, 16 Dec 2019 14:26:23 -0500
Subject: [PATCH 5/7] 5716 added description to tsk device original suspected
 to indicate metadata

---
 .../sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED  | 5 ++++-
 .../autopsy/modules/exif/ExifParserFileIngestModule.java     | 3 ++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED
index 2fdb54d654..1357ea1136 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED
@@ -1,7 +1,10 @@
 CannotRunFileTypeDetection=Cannot run file type detection.
+ExifParserFileIngestModule.deviceOriginal.description=EXIF metadata exists for this file.
 ExifParserFileIngestModule.indexError.message=Failed to post EXIF Metadata artifact(s).
 OpenIDE-Module-Display-Category=Ingest Module
-OpenIDE-Module-Long-Description=Exif metadata ingest module.  \n\nThe ingest module analyzes image files, extracts Exif information and posts the Exif data as results.
+OpenIDE-Module-Long-Description=\
+    Exif metadata ingest module.  \n\n\
+    The ingest module analyzes image files, extracts Exif information and posts the Exif data as results.
 OpenIDE-Module-Name=ExifParser
 OpenIDE-Module-Short-Description=Exif metadata ingest module
 ExifParserFileIngestModule.moduleName.text=Exif Parser
diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index 762e8d2752..69b320d537 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -131,6 +131,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
         return processFile(content);
     }
 
+    @Messages({"ExifParserFileIngestModule.deviceOriginal.description=EXIF metadata exists for this file."})
     private ProcessResult processFile(AbstractFile file) {
 
         try (BufferedInputStream bin = new BufferedInputStream(new ReadContentInputStream(file));) {
@@ -196,7 +197,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
                     BlackboardArtifact bba = file.newArtifact(TSK_METADATA_EXIF);
                     BlackboardArtifact bba2 = file.newArtifact(TSK_DEVICE_ORIGINAL_SUSPECTED);
                     bba.addAttributes(attributes);
-
+                    bba2.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION, MODULE_NAME, Bundle.ExifParserFileIngestModule_deviceOriginal_description()));
                     try {
                         // index the artifact for keyword search
                         blackboard.postArtifact(bba, MODULE_NAME);

From 8f517dd7452e78185e1f24cef15dfef67b293367 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Wed, 18 Dec 2019 11:18:55 -0500
Subject: [PATCH 6/7] 5716 rename device original to user content created

---
 .../autopsy/modules/exif/ExifParserFileIngestModule.java    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index 69b320d537..ecc764f5bb 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -131,7 +131,7 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
         return processFile(content);
     }
 
-    @Messages({"ExifParserFileIngestModule.deviceOriginal.description=EXIF metadata exists for this file."})
+    @Messages({"ExifParserFileIngestModule.userContent.description=EXIF metadata exists for this file."})
     private ProcessResult processFile(AbstractFile file) {
 
         try (BufferedInputStream bin = new BufferedInputStream(new ReadContentInputStream(file));) {
@@ -195,9 +195,9 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
                 // Create artifact if it doesn't already exist.
                 if (!blackboard.artifactExists(file, TSK_METADATA_EXIF, attributes)) {
                     BlackboardArtifact bba = file.newArtifact(TSK_METADATA_EXIF);
-                    BlackboardArtifact bba2 = file.newArtifact(TSK_DEVICE_ORIGINAL_SUSPECTED);
+                    BlackboardArtifact bba2 = file.newArtifact(TSK_USER_CONTENT_SUSPECTED);
                     bba.addAttributes(attributes);
-                    bba2.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION, MODULE_NAME, Bundle.ExifParserFileIngestModule_deviceOriginal_description()));
+                    bba2.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION, MODULE_NAME, Bundle.ExifParserFileIngestModule_userContent_description()));
                     try {
                         // index the artifact for keyword search
                         blackboard.postArtifact(bba, MODULE_NAME);

From c072f06c621ed27cbb6dbe16b2314132664469c5 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Wed, 18 Dec 2019 11:31:06 -0500
Subject: [PATCH 7/7] 5716 fix import and add merged file

---
 .../sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED | 6 ++----
 .../autopsy/modules/exif/ExifParserFileIngestModule.java    | 2 +-
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED b/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED
index 1357ea1136..4915d5a124 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/Bundle.properties-MERGED
@@ -1,10 +1,8 @@
 CannotRunFileTypeDetection=Cannot run file type detection.
-ExifParserFileIngestModule.deviceOriginal.description=EXIF metadata exists for this file.
 ExifParserFileIngestModule.indexError.message=Failed to post EXIF Metadata artifact(s).
+ExifParserFileIngestModule.userContent.description=EXIF metadata exists for this file.
 OpenIDE-Module-Display-Category=Ingest Module
-OpenIDE-Module-Long-Description=\
-    Exif metadata ingest module.  \n\n\
-    The ingest module analyzes image files, extracts Exif information and posts the Exif data as results.
+OpenIDE-Module-Long-Description=Exif metadata ingest module.  \n\nThe ingest module analyzes image files, extracts Exif information and posts the Exif data as results.
 OpenIDE-Module-Name=ExifParser
 OpenIDE-Module-Short-Description=Exif metadata ingest module
 ExifParserFileIngestModule.moduleName.text=Exif Parser
diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index ecc764f5bb..b275a35846 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -49,7 +49,7 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_METADATA_EXIF;
-import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_ORIGINAL_SUSPECTED;
+import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_USER_CONTENT_SUSPECTED;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DEVICE_MAKE;