From d4fefb4dc1d21d84137903ebddbcc1d19a036d04 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Wed, 31 Oct 2018 13:19:19 -0400
Subject: [PATCH 01/70] First cut at creating a report module

---
 .../autopsy/report/Bundle.properties          |   7 +
 .../autopsy/report/ReportCaseUco.java         | 202 ++++++++++++++++++
 2 files changed, 209 insertions(+)
 create mode 100755 Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java

diff --git a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
index 8efbfd9178..e888990083 100644
--- a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
@@ -45,6 +45,13 @@ ReportBodyFile.progress.processing=Now processing {0}...
 ReportBodyFile.getName.text=TSK Body File
 ReportBodyFile.getDesc.text=Body file format report with MAC times for every file. This format can be used for a timeline view.
 ReportBodyFile.getFilePath.text=BodyFile.txt
+ReportCaseUco.progress.querying=Querying files...
+ReportCaseUco.ingestWarning.text=Warning, this report was run before ingest services completed\!
+ReportCaseUco.progress.loading=Loading files...
+ReportCaseUco.progress.processing=Now processing {0}...
+ReportCaseUco.getName.text=CASE/UCO
+ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
+ReportCaseUco.getFilePath.text=CaseUco.txt
 ReportKML.progress.querying=Querying files...
 ReportKML.progress.loading=Loading files...
 ReportKML.getName.text=Google Earth KML
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
new file mode 100755
index 0000000000..1044080d8e
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -0,0 +1,202 @@
+ /*
+ *
+ * Autopsy Forensic Browser
+ * 
+ * Copyright 2012-2018 Basis Technology Corp.
+ * 
+ * Copyright 2012 42six Solutions.
+ * Contact: aebadirad <at> 42six <dot> com
+ * Project Contact/Architect: carrier <at> sleuthkit <dot> org
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.report;
+
+import java.io.BufferedWriter;
+import java.io.FileWriter;
+import java.io.IOException;
+import java.util.List;
+import java.util.logging.Level;
+import javax.swing.JPanel;
+
+import org.openide.util.NbBundle;
+import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
+import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.autopsy.ingest.IngestManager;
+import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus;
+import org.sleuthkit.datamodel.*;
+
+/**
+ * ReportCaseUco generates a report in the CASE/UCO format. It saves basic
+ * file info like full path, name, MIME type, times, and hash.
+ */
+class ReportCaseUco implements GeneralReportModule {
+
+    private static final Logger logger = Logger.getLogger(ReportCaseUco.class.getName());
+    private static ReportCaseUco instance = null;
+
+    private Case currentCase;
+    private SleuthkitCase skCase;
+
+    private String reportPath;
+
+    // Hidden constructor for the report
+    private ReportCaseUco() {
+    }
+
+    // Get the default implementation of this report
+    public static synchronized ReportCaseUco getDefault() {
+        if (instance == null) {
+            instance = new ReportCaseUco();
+        }
+        return instance;
+    }
+
+    /**
+     * Generates a CASE/UCO format report.
+     *
+     * @param baseReportDir path to save the report
+     * @param progressPanel panel to update the report's progress
+     */
+    @Override
+    @SuppressWarnings("deprecation")
+    public void generateReport(String baseReportDir, ReportProgressPanel progressPanel) {
+        // Start the progress bar and setup the report
+        try {
+            currentCase = Case.getCurrentCaseThrows();
+        } catch (NoCurrentCaseException ex) {
+            logger.log(Level.SEVERE, "Exception while getting open case.", ex);
+            return;
+        }
+        progressPanel.setIndeterminate(false);
+        progressPanel.start();
+        progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
+        reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
+        
+        skCase = currentCase.getSleuthkitCase();
+
+        // Run query to get all files
+        try {
+            // exclude non-fs files/dirs and . and .. files
+            final String query = "type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
+                    + " AND name != '.' AND name != '..'"; //NON-NLS
+
+            progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
+            List<AbstractFile> fs = skCase.findAllFilesWhere(query);
+
+            // Check if ingest has finished
+            String ingestwarning = "";
+            if (IngestManager.getInstance().isIngestRunning()) {
+                ingestwarning = NbBundle.getMessage(this.getClass(), "ReportCaseUco.ingestWarning.text");
+            }
+
+            int size = fs.size();
+            progressPanel.setMaximumProgress(size / 100);
+
+            BufferedWriter out = null;
+            try {
+                // MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime
+                out = new BufferedWriter(new FileWriter(reportPath, true));
+                out.write(ingestwarning);
+                // Loop files and write info to report
+                int count = 0;
+                for (AbstractFile file : fs) {
+                    if (progressPanel.getStatus() == ReportStatus.CANCELED) {
+                        break;
+                    }
+                    if (count++ == 100) {
+                        progressPanel.increment();
+                        progressPanel.updateStatusLabel(
+                                NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing",
+                                        file.getName()));
+                        count = 0;
+                    }
+
+                    if (file.getMd5Hash() != null) {
+                        out.write(file.getMd5Hash());
+                    }
+                    out.write("|");
+                    if (file.getUniquePath() != null) {
+                        out.write(file.getUniquePath());
+                    }
+                    out.write("|");
+                    out.write(Long.toString(file.getMetaAddr()));
+                    out.write("|");
+                    String modeString = file.getModesAsString();
+                    if (modeString != null) {
+                        out.write(modeString);
+                    }
+                    out.write("|");
+                    out.write(Long.toString(file.getUid()));
+                    out.write("|");
+                    out.write(Long.toString(file.getGid()));
+                    out.write("|");
+                    out.write(Long.toString(file.getSize()));
+                    out.write("|");
+                    out.write(Long.toString(file.getAtime()));
+                    out.write("|");
+                    out.write(Long.toString(file.getMtime()));
+                    out.write("|");
+                    out.write(Long.toString(file.getCtime()));
+                    out.write("|");
+                    out.write(Long.toString(file.getCrtime()));
+                    out.write("\n");
+                }
+            } catch (IOException ex) {
+                logger.log(Level.WARNING, "Could not write the temp body file report.", ex); //NON-NLS
+            } finally {
+                try {
+                    if (out != null) {
+                        out.flush();
+                        out.close();
+                        Case.getCurrentCaseThrows().addReport(reportPath,
+                                NbBundle.getMessage(this.getClass(),
+                                        "ReportCaseUco.generateReport.srcModuleName.text"), "");
+
+                    }
+                } catch (IOException ex) {
+                    logger.log(Level.WARNING, "Could not flush and close the BufferedWriter.", ex); //NON-NLS
+                } catch (TskCoreException | NoCurrentCaseException ex) {
+                    String errorMessage = String.format("Error adding %s to case as a report", reportPath); //NON-NLS
+                    logger.log(Level.SEVERE, errorMessage, ex);
+                }
+            }
+            progressPanel.complete(ReportStatus.COMPLETE);
+        } catch (TskCoreException ex) {
+            logger.log(Level.WARNING, "Failed to get the unique path.", ex); //NON-NLS
+        }
+    }
+
+    @Override
+    public String getName() {
+        String name = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getName.text");
+        return name;
+    }
+
+    @Override
+    public String getRelativeFilePath() {
+        return NbBundle.getMessage(this.getClass(), "ReportCaseUco.getFilePath.text");
+    }
+
+    @Override
+    public String getDescription() {
+        String desc = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getDesc.text");
+        return desc;
+    }
+
+    @Override
+    public JPanel getConfigurationPanel() {
+        return null; // No configuration panel
+    }
+}

From 2193fad8a6cb92984570b11e653eb5d9eacba2ce Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Wed, 31 Oct 2018 16:30:14 -0400
Subject: [PATCH 02/70] More changes

---
 Core/ivy.xml                                  |  2 +
 .../autopsy/report/ReportCaseUco.java         | 60 +++++++++----------
 2 files changed, 29 insertions(+), 33 deletions(-)

diff --git a/Core/ivy.xml b/Core/ivy.xml
index f20453a141..3189cc9323 100644
--- a/Core/ivy.xml
+++ b/Core/ivy.xml
@@ -29,6 +29,8 @@
 
         <dependency conf="core->default" org="org.jsoup" name="jsoup" rev="1.10.3"/>
         <dependency conf="core->default" org="com.googlecode.plist" name="dd-plist" rev="1.20"/>
+		
+		<dependency conf="core->default" org="com.fasterxml.jackson.core" name="jackson-core" rev="2.9.7"/>
          
         <dependency conf="core->default" org="commons-validator" name="commons-validator" rev="1.6"/>
         
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index 1044080d8e..395b3b35da 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -25,10 +25,15 @@ package org.sleuthkit.autopsy.report;
 import java.io.BufferedWriter;
 import java.io.FileWriter;
 import java.io.IOException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
 import java.util.List;
 import java.util.logging.Level;
 import javax.swing.JPanel;
-
+import com.fasterxml.jackson.core.JsonEncoding;
+import com.fasterxml.jackson.core.JsonFactory;
+import com.fasterxml.jackson.core.JsonGenerator;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -50,7 +55,10 @@ class ReportCaseUco implements GeneralReportModule {
     private SleuthkitCase skCase;
 
     private String reportPath;
-
+    
+    private JsonFactory jsonGeneratorFactory;
+    private JsonGenerator masterCatalog;
+    
     // Hidden constructor for the report
     private ReportCaseUco() {
     }
@@ -82,7 +90,21 @@ class ReportCaseUco implements GeneralReportModule {
         progressPanel.setIndeterminate(false);
         progressPanel.start();
         progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
+        
+        // Create the JSON generator
+        jsonGeneratorFactory = new JsonFactory();
+        jsonGeneratorFactory.setRootValueSeparator("\r\n");
         reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
+        Path catalogPath = Paths.get(reportPath);
+        try {
+            Files.createDirectories(catalogPath.getParent());
+            java.io.File catalogFile = catalogPath.toFile();
+            masterCatalog = jsonGeneratorFactory.createGenerator(catalogFile, JsonEncoding.UTF8);
+        } catch (IOException ex) {
+            logger.log(Level.SEVERE, "Error while initializing CASE/UCO report", ex); //NON-NLS
+            // ELTODO what else needs to be done here?
+            return;
+        }
         
         skCase = currentCase.getSleuthkitCase();
 
@@ -103,7 +125,7 @@ class ReportCaseUco implements GeneralReportModule {
 
             int size = fs.size();
             progressPanel.setMaximumProgress(size / 100);
-
+            
             BufferedWriter out = null;
             try {
                 // MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime
@@ -123,38 +145,10 @@ class ReportCaseUco implements GeneralReportModule {
                         count = 0;
                     }
 
-                    if (file.getMd5Hash() != null) {
-                        out.write(file.getMd5Hash());
-                    }
-                    out.write("|");
-                    if (file.getUniquePath() != null) {
-                        out.write(file.getUniquePath());
-                    }
-                    out.write("|");
-                    out.write(Long.toString(file.getMetaAddr()));
-                    out.write("|");
-                    String modeString = file.getModesAsString();
-                    if (modeString != null) {
-                        out.write(modeString);
-                    }
-                    out.write("|");
-                    out.write(Long.toString(file.getUid()));
-                    out.write("|");
-                    out.write(Long.toString(file.getGid()));
-                    out.write("|");
-                    out.write(Long.toString(file.getSize()));
-                    out.write("|");
-                    out.write(Long.toString(file.getAtime()));
-                    out.write("|");
-                    out.write(Long.toString(file.getMtime()));
-                    out.write("|");
-                    out.write(Long.toString(file.getCtime()));
-                    out.write("|");
-                    out.write(Long.toString(file.getCrtime()));
-                    out.write("\n");
+
                 }
             } catch (IOException ex) {
-                logger.log(Level.WARNING, "Could not write the temp body file report.", ex); //NON-NLS
+                logger.log(Level.WARNING, "Could not write the temp CASE/UCO report.", ex); //NON-NLS
             } finally {
                 try {
                     if (out != null) {

From 72bdae97df9c5b77523240254492529b8f1b6d9a Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Fri, 2 Nov 2018 09:21:34 -0400
Subject: [PATCH 03/70] Added dependecies

---
 Core/nbproject/project.properties |  1 +
 Core/nbproject/project.xml        | 13 ++++++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index 1b0a695edd..e185baab75 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -4,6 +4,7 @@ file.reference.commons-compress-1.14.jar=release/modules/ext/commons-compress-1.
 file.reference.commons-dbcp2-2.1.1.jar=release\\modules\\ext\\commons-dbcp2-2.1.1.jar
 file.reference.commons-pool2-2.4.2.jar=release\\modules\\ext\\commons-pool2-2.4.2.jar
 file.reference.dd-plist-1.20.jar=release/modules/ext/dd-plist-1.20.jar
+file.reference.jackson-core-2.9.7.jar=C:\\cygwin64\\home\\elivis\\autopsy\\Core\\release\\modules\\ext\\jackson-core-2.9.7.jar
 file.reference.jdom-2.0.5-contrib.jar=release/modules/ext/jdom-2.0.5-contrib.jar
 file.reference.jdom-2.0.5.jar=release/modules/ext/jdom-2.0.5.jar
 file.reference.jgraphx-v3.8.0.jar=release/modules/ext/jgraphx-v3.8.0.jar
diff --git a/Core/nbproject/project.xml b/Core/nbproject/project.xml
index d142e0b8c9..3ee4009128 100644
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@@ -338,7 +338,6 @@
                 <package>org.sleuthkit.autopsy.modules.vmextractor</package>
                 <package>org.sleuthkit.autopsy.progress</package>
                 <package>org.sleuthkit.autopsy.report</package>
-                <package>org.sleuthkit.autopsy.tabulardatareader</package>
                 <package>org.sleuthkit.datamodel</package>
             </public-packages>
             <class-path-extension>
@@ -357,6 +356,10 @@
                 <runtime-relative-path>ext/cxf-rt-transports-http-3.0.16.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/cxf-rt-transports-http-3.0.16.jar</binary-origin>
             </class-path-extension>
+            <class-path-extension>
+                <runtime-relative-path>ext/sleuthkit-postgresql-4.6.3.jar</runtime-relative-path>
+                <binary-origin>release/modules/ext/sleuthkit-postgresql-4.6.3.jar</binary-origin>
+            </class-path-extension>
             <class-path-extension>
                 <runtime-relative-path>ext/commons-validator-1.6.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/commons-validator-1.6.jar</binary-origin>
@@ -393,10 +396,6 @@
                 <runtime-relative-path>ext/sevenzipjbinding.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/sevenzipjbinding.jar</binary-origin>
             </class-path-extension>
-            <class-path-extension>
-                <runtime-relative-path>ext/sleuthkit-postgresql-4.6.3.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sleuthkit-postgresql-4.6.3.jar</binary-origin>
-            </class-path-extension>
             <class-path-extension>
                 <runtime-relative-path>ext/mchange-commons-java-0.2.9.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/mchange-commons-java-0.2.9.jar</binary-origin>
@@ -433,6 +432,10 @@
                 <runtime-relative-path>ext/curator-client-2.8.0.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/curator-client-2.8.0.jar</binary-origin>
             </class-path-extension>
+            <class-path-extension>
+                <runtime-relative-path>ext/jackson-core-2.9.7.jar</runtime-relative-path>
+                <binary-origin>release/modules/ext/jackson-core-2.9.7.jar</binary-origin>
+            </class-path-extension>
             <class-path-extension>
                 <runtime-relative-path>ext/cxf-rt-frontend-jaxrs-3.0.16.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/cxf-rt-frontend-jaxrs-3.0.16.jar</binary-origin>

From 688bef2096c0e328330719c4943c52efa2620f4e Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Fri, 2 Nov 2018 11:12:46 -0400
Subject: [PATCH 04/70] Added JSON initialization and closing

---
 .../autopsy/report/Bundle.properties          |  1 -
 .../autopsy/report/ReportCaseUco.java         | 72 ++++++++-----------
 2 files changed, 29 insertions(+), 44 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
index e888990083..fc46085825 100644
--- a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
@@ -51,7 +51,6 @@ ReportCaseUco.progress.loading=Loading files...
 ReportCaseUco.progress.processing=Now processing {0}...
 ReportCaseUco.getName.text=CASE/UCO
 ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
-ReportCaseUco.getFilePath.text=CaseUco.txt
 ReportKML.progress.querying=Querying files...
 ReportKML.progress.loading=Loading files...
 ReportKML.getName.text=Google Earth KML
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index 395b3b35da..52a29118f8 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -34,6 +34,7 @@ import javax.swing.JPanel;
 import com.fasterxml.jackson.core.JsonEncoding;
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonGenerator;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -58,6 +59,7 @@ class ReportCaseUco implements GeneralReportModule {
     
     private JsonFactory jsonGeneratorFactory;
     private JsonGenerator masterCatalog;
+    private static final String REPORT_FILE_NAME = "CaseUco.txt";
     
     // Hidden constructor for the report
     private ReportCaseUco() {
@@ -95,13 +97,11 @@ class ReportCaseUco implements GeneralReportModule {
         jsonGeneratorFactory = new JsonFactory();
         jsonGeneratorFactory.setRootValueSeparator("\r\n");
         reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
-        Path catalogPath = Paths.get(reportPath);
+        java.io.File reportFile = Paths.get(reportPath).toFile();
         try {
-            Files.createDirectories(catalogPath.getParent());
-            java.io.File catalogFile = catalogPath.toFile();
-            masterCatalog = jsonGeneratorFactory.createGenerator(catalogFile, JsonEncoding.UTF8);
+            Files.createDirectories(Paths.get(reportFile.getParent()));
         } catch (IOException ex) {
-            logger.log(Level.SEVERE, "Error while initializing CASE/UCO report", ex); //NON-NLS
+            logger.log(Level.SEVERE, "Unable to create directory for CASE/UCO report", ex); //NON-NLS
             // ELTODO what else needs to be done here?
             return;
         }
@@ -122,53 +122,39 @@ class ReportCaseUco implements GeneralReportModule {
             if (IngestManager.getInstance().isIngestRunning()) {
                 ingestwarning = NbBundle.getMessage(this.getClass(), "ReportCaseUco.ingestWarning.text");
             }
+            // ELTODO what to do with this warning?
 
             int size = fs.size();
             progressPanel.setMaximumProgress(size / 100);
             
-            BufferedWriter out = null;
-            try {
-                // MD5|name|inode|mode_as_string|UID|GID|size|atime|mtime|ctime|crtime
-                out = new BufferedWriter(new FileWriter(reportPath, true));
-                out.write(ingestwarning);
-                // Loop files and write info to report
-                int count = 0;
-                for (AbstractFile file : fs) {
-                    if (progressPanel.getStatus() == ReportStatus.CANCELED) {
-                        break;
-                    }
-                    if (count++ == 100) {
-                        progressPanel.increment();
-                        progressPanel.updateStatusLabel(
-                                NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing",
-                                        file.getName()));
-                        count = 0;
-                    }
-
+            masterCatalog = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
 
+            // Loop files and write info to report
+            int count = 0;
+            for (AbstractFile file : fs) {
+                if (progressPanel.getStatus() == ReportStatus.CANCELED) {
+                    break;
                 }
-            } catch (IOException ex) {
-                logger.log(Level.WARNING, "Could not write the temp CASE/UCO report.", ex); //NON-NLS
-            } finally {
-                try {
-                    if (out != null) {
-                        out.flush();
-                        out.close();
-                        Case.getCurrentCaseThrows().addReport(reportPath,
-                                NbBundle.getMessage(this.getClass(),
-                                        "ReportCaseUco.generateReport.srcModuleName.text"), "");
-
-                    }
-                } catch (IOException ex) {
-                    logger.log(Level.WARNING, "Could not flush and close the BufferedWriter.", ex); //NON-NLS
-                } catch (TskCoreException | NoCurrentCaseException ex) {
-                    String errorMessage = String.format("Error adding %s to case as a report", reportPath); //NON-NLS
-                    logger.log(Level.SEVERE, errorMessage, ex);
+                if (count++ == 100) {
+                    progressPanel.increment();
+                    progressPanel.updateStatusLabel(
+                            NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing",
+                                    file.getName()));
+                    count = 0;
                 }
+
             }
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
-            logger.log(Level.WARNING, "Failed to get the unique path.", ex); //NON-NLS
+            logger.log(Level.SEVERE, "Failed to get the unique path.", ex); //NON-NLS
+        } catch (IOException ex) {
+            logger.log(Level.SEVERE, "Failed to create JSON output for the CASE/UCO report", ex); //NON-NLS
+        } finally {
+            try {
+                masterCatalog.close();
+            } catch (IOException ex) {
+                logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
+            }
         }
     }
 
@@ -180,7 +166,7 @@ class ReportCaseUco implements GeneralReportModule {
 
     @Override
     public String getRelativeFilePath() {
-        return NbBundle.getMessage(this.getClass(), "ReportCaseUco.getFilePath.text");
+        return REPORT_FILE_NAME;
     }
 
     @Override

From f7187deaa8c9d5f752de7cbb54dcfd71d0780066 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Fri, 2 Nov 2018 11:28:03 -0400
Subject: [PATCH 05/70] Resolved merge conflicts

---
 Core/nbproject/project.properties | 2 +-
 Core/nbproject/project.xml        | 7 -------
 2 files changed, 1 insertion(+), 8 deletions(-)

diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index 4d4ed48d7c..529eede29a 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -4,7 +4,7 @@ file.reference.commons-compress-1.14.jar=release/modules/ext/commons-compress-1.
 file.reference.commons-dbcp2-2.1.1.jar=release\\modules\\ext\\commons-dbcp2-2.1.1.jar
 file.reference.commons-pool2-2.4.2.jar=release\\modules\\ext\\commons-pool2-2.4.2.jar
 file.reference.dd-plist-1.20.jar=release/modules/ext/dd-plist-1.20.jar
-file.reference.jackson-core-2.9.7.jar=C:\\cygwin64\\home\\elivis\\autopsy\\Core\\release\\modules\\ext\\jackson-core-2.9.7.jar
+file.reference.jackson-core-2.9.7.jar=release/modules/ext/jackson-core-2.9.7.jar
 file.reference.jdom-2.0.5-contrib.jar=release/modules/ext/jdom-2.0.5-contrib.jar
 file.reference.jdom-2.0.5.jar=release/modules/ext/jdom-2.0.5.jar
 file.reference.jgraphx-v3.8.0.jar=release/modules/ext/jgraphx-v3.8.0.jar
diff --git a/Core/nbproject/project.xml b/Core/nbproject/project.xml
index c81dd49204..2ddde8e977 100644
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@@ -356,10 +356,6 @@
                 <runtime-relative-path>ext/cxf-rt-transports-http-3.0.16.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/cxf-rt-transports-http-3.0.16.jar</binary-origin>
             </class-path-extension>
-            <class-path-extension>
-                <runtime-relative-path>ext/sleuthkit-postgresql-4.6.3.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/sleuthkit-postgresql-4.6.3.jar</binary-origin>
-            </class-path-extension>
             <class-path-extension>
                 <runtime-relative-path>ext/commons-validator-1.6.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/commons-validator-1.6.jar</binary-origin>
@@ -397,13 +393,10 @@
                 <binary-origin>release/modules/ext/sevenzipjbinding.jar</binary-origin>
             </class-path-extension>
             <class-path-extension>
-<<<<<<< HEAD
-=======
                 <runtime-relative-path>ext/sleuthkit-postgresql-4.6.4.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/sleuthkit-postgresql-4.6.4.jar</binary-origin>
             </class-path-extension>
             <class-path-extension>
->>>>>>> 99cef00b523307020a96d534d4cded3cf14eae98
                 <runtime-relative-path>ext/mchange-commons-java-0.2.9.jar</runtime-relative-path>
                 <binary-origin>release/modules/ext/mchange-commons-java-0.2.9.jar</binary-origin>
             </class-path-extension>

From 35c00ec3882ed258f0144063264e4c920d0eff3e Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Fri, 2 Nov 2018 17:07:03 -0400
Subject: [PATCH 06/70] First cut at saving files

---
 .../autopsy/report/ReportCaseUco.java         | 65 ++++++++++++++-----
 1 file changed, 50 insertions(+), 15 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index 52a29118f8..c8aa328983 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -22,18 +22,16 @@
  */
 package org.sleuthkit.autopsy.report;
 
-import java.io.BufferedWriter;
-import java.io.FileWriter;
 import java.io.IOException;
 import java.nio.file.Files;
-import java.nio.file.Path;
 import java.nio.file.Paths;
-import java.util.List;
 import java.util.logging.Level;
 import javax.swing.JPanel;
 import com.fasterxml.jackson.core.JsonEncoding;
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonGenerator;
+import java.sql.ResultSet;
+import java.sql.SQLException;
 import org.openide.util.Exceptions;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -110,13 +108,16 @@ class ReportCaseUco implements GeneralReportModule {
 
         // Run query to get all files
         try {
+            masterCatalog = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
+            
             // exclude non-fs files/dirs and . and .. files
-            final String query = "type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
+            final String query = "select obj_id, name, size, ctime, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
                     + " AND name != '.' AND name != '..'"; //NON-NLS
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
-            List<AbstractFile> fs = skCase.findAllFilesWhere(query);
 
+            SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(query);
+            ResultSet resultSet = queryResult.getResultSet();
             // Check if ingest has finished
             String ingestwarning = "";
             if (IngestManager.getInstance().isIngestRunning()) {
@@ -124,24 +125,38 @@ class ReportCaseUco implements GeneralReportModule {
             }
             // ELTODO what to do with this warning?
 
-            int size = fs.size();
-            progressPanel.setMaximumProgress(size / 100);
+            int numFiles = 1000; // ELTODO resultSet.size();
+            progressPanel.setMaximumProgress(numFiles / 100);
             
-            masterCatalog = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
-
             // Loop files and write info to report
             int count = 0;
-            for (AbstractFile file : fs) {
+            while (resultSet.next()) {
+
                 if (progressPanel.getStatus() == ReportStatus.CANCELED) {
                     break;
                 }
-                if (count++ == 100) {
+                
+                Long objectId = resultSet.getLong(1);
+                String dataSourceName = resultSet.getString(2);
+                long size = resultSet.getLong("size");
+                long ctime = resultSet.getLong("ctime");
+                long crtime = resultSet.getLong("crtime");
+                long atime = resultSet.getLong("atime");
+                long mtime = resultSet.getLong("mtime");
+                String md5Hash = resultSet.getString("md5"); 
+                String parent_path = resultSet.getString("parent_path"); 
+                String mime_type = resultSet.getString("mime_type"); 
+                String extension = resultSet.getString("extension");
+                
+                addFile(objectId, dataSourceName, parent_path, md5Hash, mime_type, masterCatalog);
+                
+                /* ELTODO if (count++ == 100) {
                     progressPanel.increment();
                     progressPanel.updateStatusLabel(
                             NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing",
                                     file.getName()));
                     count = 0;
-                }
+                }*/
 
             }
             progressPanel.complete(ReportStatus.COMPLETE);
@@ -149,6 +164,8 @@ class ReportCaseUco implements GeneralReportModule {
             logger.log(Level.SEVERE, "Failed to get the unique path.", ex); //NON-NLS
         } catch (IOException ex) {
             logger.log(Level.SEVERE, "Failed to create JSON output for the CASE/UCO report", ex); //NON-NLS
+        } catch (SQLException ex) {
+            logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS
         } finally {
             try {
                 masterCatalog.close();
@@ -158,9 +175,26 @@ class ReportCaseUco implements GeneralReportModule {
         }
     }
 
+    private void addFile(Long objectId, String dataSourceName, String parent_path, String md5Hash, String mime_type, JsonGenerator catalog) throws IOException {
+        catalog.writeStartObject();
+        catalog.writeStringField("@id", "file-"+objectId);
+        catalog.writeStringField("@type", "Trace");
+        catalog.writeFieldName("propertyBundle");
+        catalog.writeStartArray();
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "File");
+        catalog.writeStringField("fileName", dataSourceName);
+        catalog.writeStringField("filePath", parent_path);
+        
+        catalog.writeEndObject();
+        catalog.writeEndArray();
+        catalog.writeEndObject();
+    }
+
     @Override
     public String getName() {
-        String name = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getName.text");
+        //String name = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getName.text");
+        String name = "CASE/UCO";
         return name;
     }
 
@@ -171,7 +205,8 @@ class ReportCaseUco implements GeneralReportModule {
 
     @Override
     public String getDescription() {
-        String desc = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getDesc.text");
+        //String desc = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getDesc.text");
+        String desc = "CASE/UCO Report";
         return desc;
     }
 

From 2db0e6a602210b74151abc211eadabaa401e6cf9 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Mon, 5 Nov 2018 10:23:50 -0500
Subject: [PATCH 07/70] Changed layer.xml so that report is instanciated

---
 Core/src/org/sleuthkit/autopsy/core/layer.xml            | 5 +++++
 Core/src/org/sleuthkit/autopsy/report/Bundle.properties  | 1 +
 Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java | 4 ++--
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/core/layer.xml b/Core/src/org/sleuthkit/autopsy/core/layer.xml
index 8bdde0f317..d87c169930 100644
--- a/Core/src/org/sleuthkit/autopsy/core/layer.xml
+++ b/Core/src/org/sleuthkit/autopsy/core/layer.xml
@@ -337,6 +337,11 @@
             <attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault"/>
             <attr name="position" intvalue="910"/>
         </file>
+        <file name="org-sleuthkit-autopsy-report-ReportCaseUco.instance">
+            <attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.report.GeneralReportModule"/>
+            <attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.ReportCaseUco.getDefault"/>
+            <attr name="position" intvalue="911"/>
+        </file>       
         <!--<folder name="JavaHelp">
             <file name="casemodule-helpset.xml" url="casemodule-helpset.xml">
                 <attr name="position" intvalue="3075"/>
diff --git a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
index fc46085825..3f2048b72c 100644
--- a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
@@ -45,6 +45,7 @@ ReportBodyFile.progress.processing=Now processing {0}...
 ReportBodyFile.getName.text=TSK Body File
 ReportBodyFile.getDesc.text=Body file format report with MAC times for every file. This format can be used for a timeline view.
 ReportBodyFile.getFilePath.text=BodyFile.txt
+ReportCaseUco.progress.initializing=Creating directories...
 ReportCaseUco.progress.querying=Querying files...
 ReportCaseUco.ingestWarning.text=Warning, this report was run before ingest services completed\!
 ReportCaseUco.progress.loading=Loading files...
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index c8aa328983..e9ab19b43a 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -32,7 +32,6 @@ import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonGenerator;
 import java.sql.ResultSet;
 import java.sql.SQLException;
-import org.openide.util.Exceptions;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -89,7 +88,7 @@ class ReportCaseUco implements GeneralReportModule {
         }
         progressPanel.setIndeterminate(false);
         progressPanel.start();
-        progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
+        progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.initializing"));
         
         // Create the JSON generator
         jsonGeneratorFactory = new JsonFactory();
@@ -110,6 +109,7 @@ class ReportCaseUco implements GeneralReportModule {
         try {
             masterCatalog = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
             
+            progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             // exclude non-fs files/dirs and . and .. files
             final String query = "select obj_id, name, size, ctime, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
                     + " AND name != '.' AND name != '..'"; //NON-NLS

From a7619c1df18405170b9e7bfbf3e056a02bb63343 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Mon, 5 Nov 2018 13:48:11 -0500
Subject: [PATCH 08/70] Added better output formatting

---
 .../autopsy/report/ReportCaseUco.java         | 29 ++++++++++---------
 1 file changed, 16 insertions(+), 13 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index e9ab19b43a..2016f25b48 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -30,6 +30,8 @@ import javax.swing.JPanel;
 import com.fasterxml.jackson.core.JsonEncoding;
 import com.fasterxml.jackson.core.JsonFactory;
 import com.fasterxml.jackson.core.JsonGenerator;
+import com.fasterxml.jackson.core.util.DefaultIndenter;
+import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import org.openide.util.NbBundle;
@@ -51,11 +53,7 @@ class ReportCaseUco implements GeneralReportModule {
 
     private Case currentCase;
     private SleuthkitCase skCase;
-
-    private String reportPath;
     
-    private JsonFactory jsonGeneratorFactory;
-    private JsonGenerator masterCatalog;
     private static final String REPORT_FILE_NAME = "CaseUco.txt";
     
     // Hidden constructor for the report
@@ -91,9 +89,8 @@ class ReportCaseUco implements GeneralReportModule {
         progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.initializing"));
         
         // Create the JSON generator
-        jsonGeneratorFactory = new JsonFactory();
-        jsonGeneratorFactory.setRootValueSeparator("\r\n");
-        reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
+        JsonFactory jsonGeneratorFactory = new JsonFactory();
+        String reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
         java.io.File reportFile = Paths.get(reportPath).toFile();
         try {
             Files.createDirectories(Paths.get(reportFile.getParent()));
@@ -106,8 +103,11 @@ class ReportCaseUco implements GeneralReportModule {
         skCase = currentCase.getSleuthkitCase();
 
         // Run query to get all files
+        JsonGenerator jsonGenerator = null;
         try {
-            masterCatalog = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
+            jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
+            // instert \n after each field for more readable formatting
+            jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter("  ", "\n")));
             
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             // exclude non-fs files/dirs and . and .. files
@@ -148,7 +148,7 @@ class ReportCaseUco implements GeneralReportModule {
                 String mime_type = resultSet.getString("mime_type"); 
                 String extension = resultSet.getString("extension");
                 
-                addFile(objectId, dataSourceName, parent_path, md5Hash, mime_type, masterCatalog);
+                addFile(objectId, dataSourceName, parent_path, md5Hash, mime_type, jsonGenerator);
                 
                 /* ELTODO if (count++ == 100) {
                     progressPanel.increment();
@@ -167,10 +167,13 @@ class ReportCaseUco implements GeneralReportModule {
         } catch (SQLException ex) {
             logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS
         } finally {
-            try {
-                masterCatalog.close();
-            } catch (IOException ex) {
-                logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
+            if (jsonGenerator != null) {
+                try {
+                    jsonGenerator.close();
+                    jsonGenerator = null;
+                } catch (IOException ex) {
+                    logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
+                }
             }
         }
     }

From 60b83382a67fc31aec69b02868e7fbd4aa45188f Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Mon, 5 Nov 2018 14:56:52 -0500
Subject: [PATCH 09/70] First cut at exporting CASE/UCO data for every file

---
 .../autopsy/report/ReportCaseUco.java         | 48 ++++++++++++++-----
 1 file changed, 37 insertions(+), 11 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index 2016f25b48..68bdb08325 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -34,10 +34,13 @@ import com.fasterxml.jackson.core.util.DefaultIndenter;
 import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
 import java.sql.ResultSet;
 import java.sql.SQLException;
+import java.util.SimpleTimeZone;
+import java.util.TimeZone;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus;
 import org.sleuthkit.datamodel.*;
@@ -104,6 +107,7 @@ class ReportCaseUco implements GeneralReportModule {
 
         // Run query to get all files
         JsonGenerator jsonGenerator = null;
+        SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
         try {
             jsonGenerator = jsonGeneratorFactory.createGenerator(reportFile, JsonEncoding.UTF8);
             // instert \n after each field for more readable formatting
@@ -111,8 +115,7 @@ class ReportCaseUco implements GeneralReportModule {
             
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             // exclude non-fs files/dirs and . and .. files
-            final String query = "select obj_id, name, size, ctime, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where type = " + TskData.TSK_DB_FILES_TYPE_ENUM.FS.getFileType() //NON-NLS
-                    + " AND name != '.' AND name != '..'"; //NON-NLS
+            final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where name != '.' AND name != '..'"; //NON-NLS
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
 
@@ -137,18 +140,17 @@ class ReportCaseUco implements GeneralReportModule {
                 }
                 
                 Long objectId = resultSet.getLong(1);
-                String dataSourceName = resultSet.getString(2);
+                String fileName = resultSet.getString(2);
                 long size = resultSet.getLong("size");
-                long ctime = resultSet.getLong("ctime");
-                long crtime = resultSet.getLong("crtime");
-                long atime = resultSet.getLong("atime");
-                long mtime = resultSet.getLong("mtime");
+                String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
+                String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
+                String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
                 String md5Hash = resultSet.getString("md5"); 
                 String parent_path = resultSet.getString("parent_path"); 
                 String mime_type = resultSet.getString("mime_type"); 
                 String extension = resultSet.getString("extension");
                 
-                addFile(objectId, dataSourceName, parent_path, md5Hash, mime_type, jsonGenerator);
+                addFile(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator);
                 
                 /* ELTODO if (count++ == 100) {
                     progressPanel.increment();
@@ -178,18 +180,42 @@ class ReportCaseUco implements GeneralReportModule {
         }
     }
 
-    private void addFile(Long objectId, String dataSourceName, String parent_path, String md5Hash, String mime_type, JsonGenerator catalog) throws IOException {
+    private void addFile(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, 
+            String atime, String mtime, String extension, JsonGenerator catalog) throws IOException {
+        
         catalog.writeStartObject();
         catalog.writeStringField("@id", "file-"+objectId);
         catalog.writeStringField("@type", "Trace");
+        
         catalog.writeFieldName("propertyBundle");
         catalog.writeStartArray();
+        
         catalog.writeStartObject();
         catalog.writeStringField("@type", "File");
-        catalog.writeStringField("fileName", dataSourceName);
+        catalog.writeStringField("createdTime", ctime);
+        catalog.writeStringField("accessedTime", atime);
+        catalog.writeStringField("modifiedTime", mtime);
+        catalog.writeStringField("extension", extension);
+        catalog.writeStringField("fileName", fileName);
         catalog.writeStringField("filePath", parent_path);
-        
+        catalog.writeStringField("sizeInBytes", Long.toString(size));        
         catalog.writeEndObject();
+        
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "ContentData");
+        catalog.writeStringField("sizeInBytes", Long.toString(size));
+        catalog.writeStringField("mimeType", mime_type);
+        catalog.writeFieldName("hash");
+        catalog.writeStartArray();
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "Hash");
+        catalog.writeStringField("hashMethod", "SHA256");
+        catalog.writeStringField("hashValue", md5Hash);
+        catalog.writeEndObject();
+        catalog.writeEndArray();
+
+        catalog.writeEndObject();
+        
         catalog.writeEndArray();
         catalog.writeEndObject();
     }

From 8fe070cf2702d3232243cb9070176be609cfc763 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Tue, 6 Nov 2018 10:28:32 -0500
Subject: [PATCH 10/70] Exporting all data and only exporting files

---
 .../org/sleuthkit/autopsy/report/ReportCaseUco.java | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
index 68bdb08325..289a9c6eae 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
@@ -115,7 +115,10 @@ class ReportCaseUco implements GeneralReportModule {
             
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             // exclude non-fs files/dirs and . and .. files
-            final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where name != '.' AND name != '..'"; //NON-NLS
+            final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
+                    + "(meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
+                    + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
+                    + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + ")"; //NON-NLS
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
 
@@ -172,7 +175,7 @@ class ReportCaseUco implements GeneralReportModule {
             if (jsonGenerator != null) {
                 try {
                     jsonGenerator.close();
-                    jsonGenerator = null;
+                    // ELTODO investigate database closing issue
                 } catch (IOException ex) {
                     logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
                 }
@@ -222,8 +225,7 @@ class ReportCaseUco implements GeneralReportModule {
 
     @Override
     public String getName() {
-        //String name = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getName.text");
-        String name = "CASE/UCO";
+        String name = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getName.text");
         return name;
     }
 
@@ -234,8 +236,7 @@ class ReportCaseUco implements GeneralReportModule {
 
     @Override
     public String getDescription() {
-        //String desc = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getDesc.text");
-        String desc = "CASE/UCO Report";
+        String desc = NbBundle.getMessage(this.getClass(), "ReportCaseUco.getDesc.text");
         return desc;
     }
 

From ec3e4eae9495b97b544c7b9104f803b15d975b62 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Tue, 6 Nov 2018 11:16:42 -0500
Subject: [PATCH 11/70] Moving the report into it's own package

---
 .../modules/case_uco/Bundle.properties        |   9 +
 .../modules/case_uco/Bundle_ja.properties     |   2 +
 .../case_uco/DataSourceComboBoxModel.java     |  80 +++++++++
 .../case_uco}/ReportCaseUco.java              |   9 +-
 .../case_uco/ReportCaseUcoConfigPanel.form    |  67 +++++++
 .../case_uco/ReportCaseUcoConfigPanel.java    | 163 ++++++++++++++++++
 6 files changed, 327 insertions(+), 3 deletions(-)
 create mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
 create mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties
 create mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
 rename Core/src/org/sleuthkit/autopsy/{report => modules/case_uco}/ReportCaseUco.java (97%)
 create mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form
 create mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
new file mode 100755
index 0000000000..3fb4ab5d6e
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
@@ -0,0 +1,9 @@
+OpenIDE-Module-Name=CaseUcoModule
+ReportCaseUco.progress.initializing=Creating directories...
+ReportCaseUco.progress.querying=Querying files...
+ReportCaseUco.ingestWarning.text=Warning, this report was run before ingest services completed\!
+ReportCaseUco.progress.loading=Loading files...
+ReportCaseUco.progress.processing=Now processing {0}...
+ReportCaseUco.getName.text=CASE/UCO
+ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
+ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=Select a data source for the CASE/UCO report
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties
new file mode 100755
index 0000000000..1204a1e9dc
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties
@@ -0,0 +1,2 @@
+
+ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=STIX\u30d5\u30a1\u30a4\u30eb\u307e\u305f\u306fSTIX\u30d5\u30a1\u30a4\u30eb\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u9078\u629e
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
new file mode 100755
index 0000000000..34fcdb3966
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
@@ -0,0 +1,80 @@
+/*
+ * 
+ * Autopsy Forensic Browser
+ * 
+ * Copyright 2018 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.modules.case_uco;
+
+import javax.swing.AbstractListModel;
+import javax.swing.ComboBoxModel;
+import javax.swing.event.ListDataListener;
+
+/**
+ * Encapsulates meta data needed to populate the data source selection drop down menu
+ */ 
+public class DataSourceComboBoxModel extends AbstractListModel<String> implements ComboBoxModel<String> {
+
+    private static final long serialVersionUID = 1L;
+    private final String[] dataSourceList;
+    private String selection = null;
+
+    /**
+     * Use this to initialize the panel
+     */
+    DataSourceComboBoxModel() {
+        this.dataSourceList = new String[0];
+    }
+
+    /**
+     * Use this when we have data to display.
+     *
+     * @param theDataSoureList names of data sources for user to pick from
+     */
+    DataSourceComboBoxModel(String... theDataSoureList) {
+        dataSourceList = theDataSoureList.clone();
+    }
+
+    @Override
+    public void setSelectedItem(Object anItem) {
+        selection = (String) anItem;
+    }
+
+    @Override
+    public Object getSelectedItem() {
+        return selection;
+    }
+
+    @Override
+    public int getSize() {
+        return dataSourceList.length;
+    }
+
+    @Override
+    public String getElementAt(int index) {
+        return dataSourceList[index];
+    }
+
+    @Override
+    public void addListDataListener(ListDataListener listener) {
+        this.listenerList.add(ListDataListener.class, listener);
+    }
+
+    @Override
+    public void removeListDataListener(ListDataListener listener) {
+        this.listenerList.remove(ListDataListener.class, listener);
+    }
+}
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
similarity index 97%
rename from Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
rename to Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 289a9c6eae..35b3c71b91 100755
--- a/Core/src/org/sleuthkit/autopsy/report/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -20,7 +20,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.report;
+package org.sleuthkit.autopsy.modules.case_uco;
 
 import java.io.IOException;
 import java.nio.file.Files;
@@ -35,13 +35,14 @@ import com.fasterxml.jackson.core.util.DefaultPrettyPrinter;
 import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.SimpleTimeZone;
-import java.util.TimeZone;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import org.sleuthkit.autopsy.ingest.IngestManager;
+import org.sleuthkit.autopsy.report.GeneralReportModule;
+import org.sleuthkit.autopsy.report.ReportProgressPanel;
 import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus;
 import org.sleuthkit.datamodel.*;
 
@@ -53,6 +54,7 @@ class ReportCaseUco implements GeneralReportModule {
 
     private static final Logger logger = Logger.getLogger(ReportCaseUco.class.getName());
     private static ReportCaseUco instance = null;
+    private ReportCaseUcoConfigPanel configPanel;
 
     private Case currentCase;
     private SleuthkitCase skCase;
@@ -242,6 +244,7 @@ class ReportCaseUco implements GeneralReportModule {
 
     @Override
     public JPanel getConfigurationPanel() {
-        return null; // No configuration panel
+        configPanel = new ReportCaseUcoConfigPanel();
+        return configPanel;
     }
 }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form
new file mode 100755
index 0000000000..f3fe980200
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form
@@ -0,0 +1,67 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<Form version="1.5" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
+  <AuxValues>
+    <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
+    <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
+    <AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
+    <AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
+  </AuxValues>
+
+  <Layout>
+    <DimensionLayout dim="0">
+      <Group type="103" groupAlignment="0" attributes="0">
+          <Group type="102" alignment="0" attributes="0">
+              <EmptySpace min="-2" pref="21" max="-2" attributes="0"/>
+              <Group type="103" groupAlignment="0" attributes="0">
+                  <Group type="102" attributes="0">
+                      <Component id="jLabelSelectDataSource" min="-2" max="-2" attributes="0"/>
+                      <EmptySpace min="0" pref="0" max="32767" attributes="0"/>
+                  </Group>
+                  <Component id="selectDataSourceComboBox" pref="348" max="32767" attributes="0"/>
+              </Group>
+              <EmptySpace max="-2" attributes="0"/>
+          </Group>
+      </Group>
+    </DimensionLayout>
+    <DimensionLayout dim="1">
+      <Group type="103" groupAlignment="0" attributes="0">
+          <Group type="102" alignment="0" attributes="0">
+              <EmptySpace min="-2" pref="11" max="-2" attributes="0"/>
+              <Component id="jLabelSelectDataSource" min="-2" max="-2" attributes="0"/>
+              <EmptySpace max="-2" attributes="0"/>
+              <Component id="selectDataSourceComboBox" min="-2" max="-2" attributes="0"/>
+              <EmptySpace min="-2" pref="172" max="-2" attributes="0"/>
+          </Group>
+      </Group>
+    </DimensionLayout>
+  </Layout>
+  <SubComponents>
+    <Component class="javax.swing.JComboBox" name="selectDataSourceComboBox">
+      <Properties>
+        <Property name="model" type="javax.swing.ComboBoxModel" editor="org.netbeans.modules.form.RADConnectionPropertyEditor">
+          <Connection code="dataSourcesList" type="code"/>
+        </Property>
+        <Property name="enabled" type="boolean" value="false"/>
+      </Properties>
+      <AuxValues>
+        <AuxValue name="JavaCodeGenerator_TypeParameters" type="java.lang.String" value="&lt;String&gt;"/>
+      </AuxValues>
+    </Component>
+    <Component class="javax.swing.JLabel" name="jLabelSelectDataSource">
+      <Properties>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/modules/case_uco/Bundle.properties" key="ReportCaseUcoConfigPanel.jLabelSelectDataSource.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+      <AuxValues>
+        <AuxValue name="generateMnemonicsCode" type="java.lang.Boolean" value="false"/>
+      </AuxValues>
+    </Component>
+  </SubComponents>
+</Form>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
new file mode 100755
index 0000000000..756a25976a
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
@@ -0,0 +1,163 @@
+/*
+ *
+ * Autopsy Forensic Browser
+ *
+ * Copyright 2018 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.modules.case_uco;
+
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.Map.Entry;
+import java.util.Observable;
+import java.util.Observer;
+import javax.swing.ComboBoxModel;
+
+/**
+ * UI controls for Common Files Search scenario where the user intends to find
+ * common files between datasources. It is an inner panel which provides the
+ * ability to select all datasources or a single datasource from a dropdown list
+ * of sources in the current case.
+ */
+public final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
+
+    private static final long serialVersionUID = 1L;
+    static final long NO_DATA_SOURCE_SELECTED = -1;
+    private final Observable fileTypeFilterObservable;
+    private ComboBoxModel<String> dataSourcesList = new DataSourceComboBoxModel();
+    private final Map<Long, String> dataSourceMap;
+
+    /**
+     * Creates new form IntraCasePanel
+     */
+    public ReportCaseUcoConfigPanel() {
+        initComponents();
+        this.dataSourceMap = new HashMap<>();
+        fileTypeFilterObservable = new Observable() {
+            @Override
+            public void notifyObservers() {
+                //set changed before notify observers
+                //we want this observerable to always cause the observer to update when notified
+                this.setChanged();
+                super.notifyObservers();
+            }
+        };
+    }
+
+    /**
+     * Add an Observer to the Observable portion of this panel so that it can be
+     * notified of changes to this panel.
+     *
+     * @param observer the object which is observing this panel
+     */
+    void addObserver(Observer observer) {
+        fileTypeFilterObservable.addObserver(observer);
+    }
+
+    /**
+     * Get the map of datasources which was used to populate the combo box on
+     * this panel.
+     *
+     * @return an unmodifiable copy of the map of datasources
+     */
+    Map<Long, String> getDataSourceMap() {
+        return Collections.unmodifiableMap(this.dataSourceMap);
+    }
+
+    /**
+     * Get the ID for the datasource selected in the combo box.
+     *
+     * @return the selected datasource ID or
+         ReportCaseUcoConfigPanel.NO_DATA_SOURCE_SELECTED if none is selected
+     */
+    Long getSelectedDataSourceId() {
+        for (Entry<Long, String> entry : this.dataSourceMap.entrySet()) {
+            if (entry.getValue().equals(this.selectDataSourceComboBox.getSelectedItem())) {
+                return entry.getKey();
+            }
+        }
+        return ReportCaseUcoConfigPanel.NO_DATA_SOURCE_SELECTED;
+    }
+
+    /**
+     * This method is called from within the constructor to initialize the form.
+     * WARNING: Do NOT modify this code. The content of this method is always
+     * regenerated by the Form Editor.
+     */
+    @SuppressWarnings("unchecked")
+    // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
+    private void initComponents() {
+
+        selectDataSourceComboBox = new javax.swing.JComboBox<>();
+        jLabelSelectDataSource = new javax.swing.JLabel();
+
+        selectDataSourceComboBox.setModel(dataSourcesList);
+        selectDataSourceComboBox.setEnabled(false);
+
+        jLabelSelectDataSource.setText(org.openide.util.NbBundle.getMessage(ReportCaseUcoConfigPanel.class, "ReportCaseUcoConfigPanel.jLabelSelectDataSource.text")); // NOI18N
+
+        javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
+        this.setLayout(layout);
+        layout.setHorizontalGroup(
+            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+            .addGroup(layout.createSequentialGroup()
+                .addGap(21, 21, 21)
+                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                    .addGroup(layout.createSequentialGroup()
+                        .addComponent(jLabelSelectDataSource)
+                        .addGap(0, 0, Short.MAX_VALUE))
+                    .addComponent(selectDataSourceComboBox, 0, 348, Short.MAX_VALUE))
+                .addContainerGap())
+        );
+        layout.setVerticalGroup(
+            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+            .addGroup(layout.createSequentialGroup()
+                .addGap(11, 11, 11)
+                .addComponent(jLabelSelectDataSource)
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                .addComponent(selectDataSourceComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
+                .addGap(172, 172, 172))
+        );
+    }// </editor-fold>//GEN-END:initComponents
+
+    // Variables declaration - do not modify//GEN-BEGIN:variables
+    private javax.swing.JLabel jLabelSelectDataSource;
+    private javax.swing.JComboBox<String> selectDataSourceComboBox;
+    // End of variables declaration//GEN-END:variables
+
+    /**
+     * Set the datamodel for the combo box which displays the data sources in
+     * the current case
+     *
+     * @param dataSourceComboBoxModel the DataSourceComboBoxModel to use
+     */
+    void setDatasourceComboboxModel(DataSourceComboBoxModel dataSourceComboBoxModel) {
+        this.dataSourcesList = dataSourceComboBoxModel;
+        this.selectDataSourceComboBox.setModel(dataSourcesList);
+    }
+
+    /**
+     * Update the map of datasources that this panel allows the user to select
+     * from
+     *
+     * @param dataSourceMap A map of datasources
+     */
+    void setDataSourceMap(Map<Long, String> dataSourceMap) {
+        this.dataSourceMap.clear();
+        this.dataSourceMap.putAll(dataSourceMap);
+    }
+}

From 46063c8ef783f4f4a61b64a0216a913b95e4d372 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Tue, 6 Nov 2018 11:17:37 -0500
Subject: [PATCH 12/70] First cut at settings panel

---
 Core/src/org/sleuthkit/autopsy/core/layer.xml           | 4 ++--
 Core/src/org/sleuthkit/autopsy/report/Bundle.properties | 7 -------
 2 files changed, 2 insertions(+), 9 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/core/layer.xml b/Core/src/org/sleuthkit/autopsy/core/layer.xml
index d87c169930..3c87a3df9f 100644
--- a/Core/src/org/sleuthkit/autopsy/core/layer.xml
+++ b/Core/src/org/sleuthkit/autopsy/core/layer.xml
@@ -337,9 +337,9 @@
             <attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.modules.stix.STIXReportModule.getDefault"/>
             <attr name="position" intvalue="910"/>
         </file>
-        <file name="org-sleuthkit-autopsy-report-ReportCaseUco.instance">
+        <file name="org-sleuthkit-autopsy-modules-case_uco-ReportCaseUco.instance">
             <attr name="instanceOf" stringvalue="org.sleuthkit.autopsy.report.GeneralReportModule"/>
-            <attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.report.ReportCaseUco.getDefault"/>
+            <attr name="instanceCreate" methodvalue="org.sleuthkit.autopsy.modules.case_uco.ReportCaseUco.getDefault"/>
             <attr name="position" intvalue="911"/>
         </file>       
         <!--<folder name="JavaHelp">
diff --git a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
index 3f2048b72c..8efbfd9178 100644
--- a/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/report/Bundle.properties
@@ -45,13 +45,6 @@ ReportBodyFile.progress.processing=Now processing {0}...
 ReportBodyFile.getName.text=TSK Body File
 ReportBodyFile.getDesc.text=Body file format report with MAC times for every file. This format can be used for a timeline view.
 ReportBodyFile.getFilePath.text=BodyFile.txt
-ReportCaseUco.progress.initializing=Creating directories...
-ReportCaseUco.progress.querying=Querying files...
-ReportCaseUco.ingestWarning.text=Warning, this report was run before ingest services completed\!
-ReportCaseUco.progress.loading=Loading files...
-ReportCaseUco.progress.processing=Now processing {0}...
-ReportCaseUco.getName.text=CASE/UCO
-ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
 ReportKML.progress.querying=Querying files...
 ReportKML.progress.loading=Loading files...
 ReportKML.getName.text=Google Earth KML

From baeb53bf0ca40f46b264e48364f08a80d4c74130 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Tue, 6 Nov 2018 15:05:54 -0500
Subject: [PATCH 13/70] Got the settings panel to work

---
 .../case_uco/DataSourceComboBoxModel.java     |  2 +-
 .../modules/case_uco/ReportCaseUco.java       |  7 +-
 .../case_uco/ReportCaseUcoConfigPanel.form    |  2 +-
 .../case_uco/ReportCaseUcoConfigPanel.java    | 67 +++++++++----------
 4 files changed, 37 insertions(+), 41 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
index 34fcdb3966..48dd3eab1b 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
@@ -26,7 +26,7 @@ import javax.swing.event.ListDataListener;
 /**
  * Encapsulates meta data needed to populate the data source selection drop down menu
  */ 
-public class DataSourceComboBoxModel extends AbstractListModel<String> implements ComboBoxModel<String> {
+class DataSourceComboBoxModel extends AbstractListModel<String> implements ComboBoxModel<String> {
 
     private static final long serialVersionUID = 1L;
     private final String[] dataSourceList;
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 35b3c71b91..048aeb7821 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -93,6 +93,8 @@ class ReportCaseUco implements GeneralReportModule {
         progressPanel.start();
         progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.initializing"));
         
+        Long selectedDataSourceId = configPanel.getSelectedDataSourceId();
+        
         // Create the JSON generator
         JsonFactory jsonGeneratorFactory = new JsonFactory();
         String reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
@@ -118,9 +120,10 @@ class ReportCaseUco implements GeneralReportModule {
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             // exclude non-fs files/dirs and . and .. files
             final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
-                    + "(meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
+                    + "data_source_obj_id = " + Long.toString(selectedDataSourceId)
+                    + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
                     + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
-                    + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + ")"; //NON-NLS
+                    + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
 
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form
index f3fe980200..9bec50a37e 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.form
@@ -36,7 +36,7 @@
               <Component id="jLabelSelectDataSource" min="-2" max="-2" attributes="0"/>
               <EmptySpace max="-2" attributes="0"/>
               <Component id="selectDataSourceComboBox" min="-2" max="-2" attributes="0"/>
-              <EmptySpace min="-2" pref="172" max="-2" attributes="0"/>
+              <EmptySpace pref="130" max="32767" attributes="0"/>
           </Group>
       </Group>
     </DimensionLayout>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
index 756a25976a..2e2157caf1 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
@@ -19,13 +19,15 @@
  */
 package org.sleuthkit.autopsy.modules.case_uco;
 
-import java.util.Collections;
+import java.sql.SQLException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
-import java.util.Observable;
-import java.util.Observer;
 import javax.swing.ComboBoxModel;
+import org.openide.util.Exceptions;
+import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
+import org.sleuthkit.autopsy.commonfilesearch.DataSourceLoader;
+import org.sleuthkit.datamodel.TskCoreException;
 
 /**
  * UI controls for Common Files Search scenario where the user intends to find
@@ -33,49 +35,40 @@ import javax.swing.ComboBoxModel;
  * ability to select all datasources or a single datasource from a dropdown list
  * of sources in the current case.
  */
-public final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
+final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
 
     private static final long serialVersionUID = 1L;
     static final long NO_DATA_SOURCE_SELECTED = -1;
-    private final Observable fileTypeFilterObservable;
     private ComboBoxModel<String> dataSourcesList = new DataSourceComboBoxModel();
-    private final Map<Long, String> dataSourceMap;
+    private Map<Long, String> dataSourceMap;
+    private final DataSourceLoader dataSourceLoader;
 
     /**
      * Creates new form IntraCasePanel
      */
-    public ReportCaseUcoConfigPanel() {
+    ReportCaseUcoConfigPanel() {
         initComponents();
-        this.dataSourceMap = new HashMap<>();
-        fileTypeFilterObservable = new Observable() {
-            @Override
-            public void notifyObservers() {
-                //set changed before notify observers
-                //we want this observerable to always cause the observer to update when notified
-                this.setChanged();
-                super.notifyObservers();
+        this.dataSourceLoader = new DataSourceLoader();
+        try {
+            this.dataSourceMap = dataSourceLoader.getDataSourceMap();
+        } catch (NoCurrentCaseException | TskCoreException | SQLException ex) {
+            Exceptions.printStackTrace(ex);
+            this.dataSourceMap = new HashMap<>();
+            selectDataSourceComboBox.setEnabled(false);
+            return;
+        }
+        
+        String[] dataSourcesNames = new String[dataSourceMap.size()];
+        if (dataSourcesNames.length > 0) {
+            dataSourcesNames = dataSourceMap.values().toArray(dataSourcesNames);
+            setDatasourceComboboxModel(new DataSourceComboBoxModel(dataSourcesNames));
+            //setDataSourceMap(dataSourceMap);
+            
+            selectDataSourceComboBox.setEnabled(true);
+            if (selectDataSourceComboBox.isEnabled()) {
+                selectDataSourceComboBox.setSelectedIndex(0);
             }
-        };
-    }
-
-    /**
-     * Add an Observer to the Observable portion of this panel so that it can be
-     * notified of changes to this panel.
-     *
-     * @param observer the object which is observing this panel
-     */
-    void addObserver(Observer observer) {
-        fileTypeFilterObservable.addObserver(observer);
-    }
-
-    /**
-     * Get the map of datasources which was used to populate the combo box on
-     * this panel.
-     *
-     * @return an unmodifiable copy of the map of datasources
-     */
-    Map<Long, String> getDataSourceMap() {
-        return Collections.unmodifiableMap(this.dataSourceMap);
+        }
     }
 
     /**
@@ -130,7 +123,7 @@ public final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
                 .addComponent(jLabelSelectDataSource)
                 .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                 .addComponent(selectDataSourceComboBox, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
-                .addGap(172, 172, 172))
+                .addContainerGap(130, Short.MAX_VALUE))
         );
     }// </editor-fold>//GEN-END:initComponents
 

From 798f3dd75a35033f86896bc111294e91c289e44a Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Tue, 6 Nov 2018 15:27:08 -0500
Subject: [PATCH 14/70] Moved some code to guiutils package for code reuse

---
 .../CommonAttributePanel.form                 |  4 +-
 .../CommonAttributePanel.java                 |  2 +
 .../commonfilesearch/InterCasePanel.java      |  1 +
 .../commonfilesearch/IntraCasePanel.java      |  1 +
 .../DataSourceComboBoxModel.java              |  4 +-
 .../DataSourceLoader.java                     |  2 +-
 .../modules/case_uco/Bundle_ja.properties     |  2 -
 .../case_uco/DataSourceComboBoxModel.java     | 80 -------------------
 .../case_uco/ReportCaseUcoConfigPanel.java    |  3 +-
 9 files changed, 11 insertions(+), 88 deletions(-)
 rename Core/src/org/sleuthkit/autopsy/{commonfilesearch => guiutils}/DataSourceComboBoxModel.java (95%)
 rename Core/src/org/sleuthkit/autopsy/{commonfilesearch => guiutils}/DataSourceLoader.java (98%)
 delete mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties
 delete mode 100755 Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java

diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.form b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.form
index 3c712368ef..02353d8835 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.form
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.form
@@ -58,7 +58,7 @@
                   <EmptySpace max="-2" attributes="0"/>
                   <Group type="103" groupAlignment="0" attributes="0">
                       <Group type="102" alignment="1" attributes="0">
-                          <Component id="errorText" pref="300" max="32767" attributes="0"/>
+                          <Component id="errorText" max="32767" attributes="0"/>
                           <EmptySpace min="-2" pref="65" max="-2" attributes="0"/>
                           <Component id="searchButton" min="-2" max="-2" attributes="0"/>
                           <EmptySpace max="-2" attributes="0"/>
@@ -77,7 +77,7 @@
                       <Group type="102" attributes="0">
                           <Group type="103" groupAlignment="0" attributes="0">
                               <Group type="103" groupAlignment="1" max="-2" attributes="0">
-                                  <Component id="commonItemSearchDescription" alignment="0" max="32767" attributes="0"/>
+                                  <Component id="commonItemSearchDescription" alignment="0" pref="403" max="32767" attributes="0"/>
                                   <Group type="102" alignment="0" attributes="0">
                                       <EmptySpace min="-2" pref="20" max="-2" attributes="0"/>
                                       <Group type="103" groupAlignment="0" max="-2" attributes="0">
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
index f73eaf020f..9ad914a468 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
@@ -18,6 +18,8 @@
  */
 package org.sleuthkit.autopsy.commonfilesearch;
 
+import org.sleuthkit.autopsy.guiutils.DataSourceComboBoxModel;
+import org.sleuthkit.autopsy.guiutils.DataSourceLoader;
 import java.awt.Dimension;
 import java.sql.SQLException;
 import java.util.ArrayList;
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java
index 22454979fb..2cb94571ae 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/InterCasePanel.java
@@ -19,6 +19,7 @@
  */
 package org.sleuthkit.autopsy.commonfilesearch;
 
+import org.sleuthkit.autopsy.guiutils.DataSourceComboBoxModel;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/IntraCasePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/IntraCasePanel.java
index 4841d39e84..fd8f9becac 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/IntraCasePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/IntraCasePanel.java
@@ -19,6 +19,7 @@
  */
 package org.sleuthkit.autopsy.commonfilesearch;
 
+import org.sleuthkit.autopsy.guiutils.DataSourceComboBoxModel;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/DataSourceComboBoxModel.java b/Core/src/org/sleuthkit/autopsy/guiutils/DataSourceComboBoxModel.java
similarity index 95%
rename from Core/src/org/sleuthkit/autopsy/commonfilesearch/DataSourceComboBoxModel.java
rename to Core/src/org/sleuthkit/autopsy/guiutils/DataSourceComboBoxModel.java
index 1b55e6bdc3..cece351758 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/DataSourceComboBoxModel.java
+++ b/Core/src/org/sleuthkit/autopsy/guiutils/DataSourceComboBoxModel.java
@@ -17,7 +17,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.commonfilesearch;
+package org.sleuthkit.autopsy.guiutils;
 
 import javax.swing.AbstractListModel;
 import javax.swing.ComboBoxModel;
@@ -44,7 +44,7 @@ public class DataSourceComboBoxModel extends AbstractListModel<String> implement
      *
      * @param theDataSoureList names of data sources for user to pick from
      */
-    DataSourceComboBoxModel(String... theDataSoureList) {
+    public DataSourceComboBoxModel(String... theDataSoureList) {
         dataSourceList = theDataSoureList.clone();
     }
 
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/DataSourceLoader.java b/Core/src/org/sleuthkit/autopsy/guiutils/DataSourceLoader.java
similarity index 98%
rename from Core/src/org/sleuthkit/autopsy/commonfilesearch/DataSourceLoader.java
rename to Core/src/org/sleuthkit/autopsy/guiutils/DataSourceLoader.java
index 69af771dad..deb333780a 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/DataSourceLoader.java
+++ b/Core/src/org/sleuthkit/autopsy/guiutils/DataSourceLoader.java
@@ -17,7 +17,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.commonfilesearch;
+package org.sleuthkit.autopsy.guiutils;
 
 import java.io.File;
 import java.sql.ResultSet;
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties
deleted file mode 100755
index 1204a1e9dc..0000000000
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle_ja.properties
+++ /dev/null
@@ -1,2 +0,0 @@
-
-ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=STIX\u30d5\u30a1\u30a4\u30eb\u307e\u305f\u306fSTIX\u30d5\u30a1\u30a4\u30eb\u306e\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u3092\u9078\u629e
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
deleted file mode 100755
index 48dd3eab1b..0000000000
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/DataSourceComboBoxModel.java
+++ /dev/null
@@ -1,80 +0,0 @@
-/*
- * 
- * Autopsy Forensic Browser
- * 
- * Copyright 2018 Basis Technology Corp.
- * Contact: carrier <at> sleuthkit <dot> org
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.autopsy.modules.case_uco;
-
-import javax.swing.AbstractListModel;
-import javax.swing.ComboBoxModel;
-import javax.swing.event.ListDataListener;
-
-/**
- * Encapsulates meta data needed to populate the data source selection drop down menu
- */ 
-class DataSourceComboBoxModel extends AbstractListModel<String> implements ComboBoxModel<String> {
-
-    private static final long serialVersionUID = 1L;
-    private final String[] dataSourceList;
-    private String selection = null;
-
-    /**
-     * Use this to initialize the panel
-     */
-    DataSourceComboBoxModel() {
-        this.dataSourceList = new String[0];
-    }
-
-    /**
-     * Use this when we have data to display.
-     *
-     * @param theDataSoureList names of data sources for user to pick from
-     */
-    DataSourceComboBoxModel(String... theDataSoureList) {
-        dataSourceList = theDataSoureList.clone();
-    }
-
-    @Override
-    public void setSelectedItem(Object anItem) {
-        selection = (String) anItem;
-    }
-
-    @Override
-    public Object getSelectedItem() {
-        return selection;
-    }
-
-    @Override
-    public int getSize() {
-        return dataSourceList.length;
-    }
-
-    @Override
-    public String getElementAt(int index) {
-        return dataSourceList[index];
-    }
-
-    @Override
-    public void addListDataListener(ListDataListener listener) {
-        this.listenerList.add(ListDataListener.class, listener);
-    }
-
-    @Override
-    public void removeListDataListener(ListDataListener listener) {
-        this.listenerList.remove(ListDataListener.class, listener);
-    }
-}
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
index 2e2157caf1..d416ede656 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
@@ -26,7 +26,8 @@ import java.util.Map.Entry;
 import javax.swing.ComboBoxModel;
 import org.openide.util.Exceptions;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
-import org.sleuthkit.autopsy.commonfilesearch.DataSourceLoader;
+import org.sleuthkit.autopsy.guiutils.DataSourceLoader;
+import org.sleuthkit.autopsy.guiutils.DataSourceComboBoxModel;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**

From 075d57a6b917aee5c8201757d55a84785bf6e543 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Tue, 6 Nov 2018 15:53:52 -0500
Subject: [PATCH 15/70] Code cleanup

---
 .../modules/case_uco/Bundle.properties        |  2 +-
 .../modules/case_uco/ReportCaseUco.java       | 65 ++++++++++---------
 .../case_uco/ReportCaseUcoConfigPanel.java    | 38 ++---------
 .../commonfilessearch/InterCaseTestUtils.java |  2 +-
 .../commonfilessearch/IntraCaseTestUtils.java |  2 +-
 5 files changed, 45 insertions(+), 64 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
index 3fb4ab5d6e..7ec1dbe154 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
@@ -3,7 +3,7 @@ ReportCaseUco.progress.initializing=Creating directories...
 ReportCaseUco.progress.querying=Querying files...
 ReportCaseUco.ingestWarning.text=Warning, this report was run before ingest services completed\!
 ReportCaseUco.progress.loading=Loading files...
-ReportCaseUco.progress.processing=Now processing {0}...
+ReportCaseUco.progress.processing=Saving files in CASE/UCO format...
 ReportCaseUco.getName.text=CASE/UCO
 ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
 ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=Select a data source for the CASE/UCO report
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 048aeb7821..bbda213a65 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -55,9 +55,6 @@ class ReportCaseUco implements GeneralReportModule {
     private static final Logger logger = Logger.getLogger(ReportCaseUco.class.getName());
     private static ReportCaseUco instance = null;
     private ReportCaseUcoConfigPanel configPanel;
-
-    private Case currentCase;
-    private SleuthkitCase skCase;
     
     private static final String REPORT_FILE_NAME = "CaseUco.txt";
     
@@ -82,19 +79,33 @@ class ReportCaseUco implements GeneralReportModule {
     @Override
     @SuppressWarnings("deprecation")
     public void generateReport(String baseReportDir, ReportProgressPanel progressPanel) {
-        // Start the progress bar and setup the report
+
+        if (configPanel == null) {
+            logger.log(Level.SEVERE, "CASE/UCO settings panel has not been initialized"); //NON-NLS
+            // ELTODO
+            return;            
+        }
+        
+        Long selectedDataSourceId = configPanel.getSelectedDataSourceId();
+        if (selectedDataSourceId == ReportCaseUcoConfigPanel.NO_DATA_SOURCE_SELECTED) {
+            logger.log(Level.SEVERE, "No data source selected for CASE/UCO report"); //NON-NLS
+            // ELTODO
+            return;
+        } 
+        
+        Case currentCase;
         try {
             currentCase = Case.getCurrentCaseThrows();
         } catch (NoCurrentCaseException ex) {
             logger.log(Level.SEVERE, "Exception while getting open case.", ex);
             return;
         }
+        
+        // Start the progress bar and setup the report
         progressPanel.setIndeterminate(false);
         progressPanel.start();
         progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.initializing"));
-        
-        Long selectedDataSourceId = configPanel.getSelectedDataSourceId();
-        
+              
         // Create the JSON generator
         JsonFactory jsonGeneratorFactory = new JsonFactory();
         String reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
@@ -107,9 +118,14 @@ class ReportCaseUco implements GeneralReportModule {
             return;
         }
         
-        skCase = currentCase.getSleuthkitCase();
+        // Check if ingest has finished
+        if (IngestManager.getInstance().isIngestRunning()) {
+            String ingestwarning = NbBundle.getMessage(this.getClass(), "ReportCaseUco.ingestWarning.text");
+            // ELTODO what to do with this warning?
+        }
+
+        SleuthkitCase skCase = currentCase.getSleuthkitCase();
 
-        // Run query to get all files
         JsonGenerator jsonGenerator = null;
         SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
         try {
@@ -118,7 +134,8 @@ class ReportCaseUco implements GeneralReportModule {
             jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter("  ", "\n")));
             
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
-            // exclude non-fs files/dirs and . and .. files
+            
+            // Run query to get all files, exclude directories
             final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
                     + "data_source_obj_id = " + Long.toString(selectedDataSourceId)
                     + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
@@ -129,18 +146,10 @@ class ReportCaseUco implements GeneralReportModule {
 
             SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(query);
             ResultSet resultSet = queryResult.getResultSet();
-            // Check if ingest has finished
-            String ingestwarning = "";
-            if (IngestManager.getInstance().isIngestRunning()) {
-                ingestwarning = NbBundle.getMessage(this.getClass(), "ReportCaseUco.ingestWarning.text");
-            }
-            // ELTODO what to do with this warning?
 
-            int numFiles = 1000; // ELTODO resultSet.size();
-            progressPanel.setMaximumProgress(numFiles / 100);
+            progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing"));
             
             // Loop files and write info to report
-            int count = 0;
             while (resultSet.next()) {
 
                 if (progressPanel.getStatus() == ReportStatus.CANCELED) {
@@ -159,19 +168,10 @@ class ReportCaseUco implements GeneralReportModule {
                 String extension = resultSet.getString("extension");
                 
                 addFile(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator);
-                
-                /* ELTODO if (count++ == 100) {
-                    progressPanel.increment();
-                    progressPanel.updateStatusLabel(
-                            NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing",
-                                    file.getName()));
-                    count = 0;
-                }*/
-
             }
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
-            logger.log(Level.SEVERE, "Failed to get the unique path.", ex); //NON-NLS
+            logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
         } catch (IOException ex) {
             logger.log(Level.SEVERE, "Failed to create JSON output for the CASE/UCO report", ex); //NON-NLS
         } catch (SQLException ex) {
@@ -247,7 +247,12 @@ class ReportCaseUco implements GeneralReportModule {
 
     @Override
     public JPanel getConfigurationPanel() {
-        configPanel = new ReportCaseUcoConfigPanel();
+        try {
+            configPanel = new ReportCaseUcoConfigPanel();
+        } catch (NoCurrentCaseException | TskCoreException | SQLException ex) {
+            logger.log(Level.SEVERE, "Failed to initialize CASE/UCO settings panel", ex); //NON-NLS
+            configPanel = null;
+        }
         return configPanel;
     }
 }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
index d416ede656..72e560994c 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
@@ -20,20 +20,17 @@
 package org.sleuthkit.autopsy.modules.case_uco;
 
 import java.sql.SQLException;
-import java.util.HashMap;
 import java.util.Map;
 import java.util.Map.Entry;
 import javax.swing.ComboBoxModel;
-import org.openide.util.Exceptions;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.guiutils.DataSourceLoader;
 import org.sleuthkit.autopsy.guiutils.DataSourceComboBoxModel;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
- * UI controls for Common Files Search scenario where the user intends to find
- * common files between datasources. It is an inner panel which provides the
- * ability to select all datasources or a single datasource from a dropdown list
+ * UI controls for CASE/UCO report. It is a panel which provides the
+ * ability to select a single datasource from a dropdown list
  * of sources in the current case.
  */
 final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
@@ -41,34 +38,24 @@ final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
     private static final long serialVersionUID = 1L;
     static final long NO_DATA_SOURCE_SELECTED = -1;
     private ComboBoxModel<String> dataSourcesList = new DataSourceComboBoxModel();
-    private Map<Long, String> dataSourceMap;
+    private final Map<Long, String> dataSourceMap;
     private final DataSourceLoader dataSourceLoader;
 
     /**
-     * Creates new form IntraCasePanel
+     * Creates new form ReportCaseUcoConfigPanel
      */
-    ReportCaseUcoConfigPanel() {
+    ReportCaseUcoConfigPanel() throws NoCurrentCaseException, TskCoreException, SQLException {
         initComponents();
         this.dataSourceLoader = new DataSourceLoader();
-        try {
-            this.dataSourceMap = dataSourceLoader.getDataSourceMap();
-        } catch (NoCurrentCaseException | TskCoreException | SQLException ex) {
-            Exceptions.printStackTrace(ex);
-            this.dataSourceMap = new HashMap<>();
-            selectDataSourceComboBox.setEnabled(false);
-            return;
-        }
+        this.dataSourceMap = dataSourceLoader.getDataSourceMap();
         
         String[] dataSourcesNames = new String[dataSourceMap.size()];
         if (dataSourcesNames.length > 0) {
             dataSourcesNames = dataSourceMap.values().toArray(dataSourcesNames);
             setDatasourceComboboxModel(new DataSourceComboBoxModel(dataSourcesNames));
-            //setDataSourceMap(dataSourceMap);
             
             selectDataSourceComboBox.setEnabled(true);
-            if (selectDataSourceComboBox.isEnabled()) {
-                selectDataSourceComboBox.setSelectedIndex(0);
-            }
+            selectDataSourceComboBox.setSelectedIndex(0);
         }
     }
 
@@ -143,15 +130,4 @@ final class ReportCaseUcoConfigPanel extends javax.swing.JPanel {
         this.dataSourcesList = dataSourceComboBoxModel;
         this.selectDataSourceComboBox.setModel(dataSourcesList);
     }
-
-    /**
-     * Update the map of datasources that this panel allows the user to select
-     * from
-     *
-     * @param dataSourceMap A map of datasources
-     */
-    void setDataSourceMap(Map<Long, String> dataSourceMap) {
-        this.dataSourceMap.clear();
-        this.dataSourceMap.putAll(dataSourceMap);
-    }
 }
diff --git a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
index e4d6ae5dd8..82fadebf84 100644
--- a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
+++ b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
@@ -56,7 +56,7 @@ import org.sleuthkit.autopsy.commonfilesearch.CaseDBCommonAttributeInstanceNode;
 import org.sleuthkit.autopsy.commonfilesearch.CentralRepoCommonAttributeInstance;
 import org.sleuthkit.autopsy.commonfilesearch.CentralRepoCommonAttributeInstanceNode;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeSearchResults;
-import org.sleuthkit.autopsy.commonfilesearch.DataSourceLoader;
+import org.sleuthkit.autopsy.guiutils.DataSourceLoader;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeValue;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeValueList;
 import org.sleuthkit.autopsy.datamodel.DisplayableItemNode;
diff --git a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/IntraCaseTestUtils.java b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/IntraCaseTestUtils.java
index eacbad7a6d..d8f9f86ec3 100644
--- a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/IntraCaseTestUtils.java
+++ b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/IntraCaseTestUtils.java
@@ -36,7 +36,7 @@ import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
 import org.sleuthkit.autopsy.commonfilesearch.AbstractCommonAttributeInstance;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeSearchResults;
-import org.sleuthkit.autopsy.commonfilesearch.DataSourceLoader;
+import org.sleuthkit.autopsy.guiutils.DataSourceLoader;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeValue;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeValueList;
 import org.sleuthkit.autopsy.coreutils.TimeStampUtils;

From 46f51c2c18f2bc9a775d1e714433f55635ed1598 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Wed, 7 Nov 2018 15:13:00 -0500
Subject: [PATCH 16/70] Saving data soirce imfo in CASE/UCO format

---
 .../modules/case_uco/ReportCaseUco.java       | 81 +++++++++++++++++--
 1 file changed, 76 insertions(+), 5 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index bbda213a65..7e4bbd17a1 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -133,10 +133,13 @@ class ReportCaseUco implements GeneralReportModule {
             // instert \n after each field for more readable formatting
             jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter("  ", "\n")));
             
+            // create CASE/UCO data source entry
+            String dataSourceRelationshipName = getDataSourceInfo(selectedDataSourceId, skCase, jsonGenerator);
+            
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             
-            // Run query to get all files, exclude directories
-            final String query = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
+            // Run getAllFilesQuery to get all files, exclude directories
+            final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
                     + "data_source_obj_id = " + Long.toString(selectedDataSourceId)
                     + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
                     + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
@@ -144,7 +147,7 @@ class ReportCaseUco implements GeneralReportModule {
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
 
-            SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(query);
+            SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery);
             ResultSet resultSet = queryResult.getResultSet();
 
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing"));
@@ -167,7 +170,7 @@ class ReportCaseUco implements GeneralReportModule {
                 String mime_type = resultSet.getString("mime_type"); 
                 String extension = resultSet.getString("extension");
                 
-                addFile(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator);
+                saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator);
             }
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
@@ -187,8 +190,75 @@ class ReportCaseUco implements GeneralReportModule {
             }
         }
     }
+    
+    private String getDataSourceInfo(Long selectedDataSourceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException {
+        
+        String getImageDataSourceQuery = "select size from tsk_image_info where obj_id = " + selectedDataSourceId;
+        SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getImageDataSourceQuery);
+        ResultSet resultSet = queryResult.getResultSet();
+        Long imageSize = (long) 0;
+        String imageName = "";
+        boolean isImageDataSource = false;
+        // check if we got a result
+        while (resultSet.next()) {
+            // we got a result so the data source was an image data source
+            imageSize = resultSet.getLong(1);
+            isImageDataSource = true;
+            break;
+        }
+        
+        if (isImageDataSource) {
+            // get path to image file
+            String getPathToDataSourceQuery = "select name from tsk_image_names where obj_id = " + selectedDataSourceId;
+            queryResult = skCase.executeQuery(getPathToDataSourceQuery);
+            resultSet = queryResult.getResultSet();
+            while (resultSet.next()) {
+                imageName = resultSet.getString(1);
+                break;
+            }
+        } else {
+            // logical file data source
+            String getLogicalDataSourceQuery = "select name from tsk_files where obj_id = " + selectedDataSourceId;
+            queryResult = skCase.executeQuery(getLogicalDataSourceQuery);
+            resultSet = queryResult.getResultSet();
+            while (resultSet.next()) {
+                imageName = resultSet.getString(1);
+                break;
+            }
+        }
 
-    private void addFile(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, 
+        return saveDataSourceInCaseUcoFormat(jsonGenerator, imageName, imageSize, selectedDataSourceId);
+    }
+    
+    private String saveDataSourceInCaseUcoFormat(JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId) throws IOException {
+        
+        String dataSourceTraceId = "data-source-"+selectedDataSourceId;
+        catalog.writeStartObject();
+        catalog.writeStringField("@id", dataSourceTraceId);
+        catalog.writeStringField("@type", "Trace");
+        
+        catalog.writeFieldName("propertyBundle");
+        catalog.writeStartArray();
+        
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "File");
+        catalog.writeStringField("filePath", imageName);
+        catalog.writeEndObject();
+        
+        if (imageSize > 0) {
+            catalog.writeStartObject();
+            catalog.writeStringField("@type", "ContentData");
+            catalog.writeStringField("sizeInBytes", Long.toString(imageSize));
+            catalog.writeEndObject();
+        }
+        
+        catalog.writeEndArray();
+        catalog.writeEndObject();
+        
+        return dataSourceTraceId;
+    }
+
+    private void saveFileInCaseUcoFormat(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, 
             String atime, String mtime, String extension, JsonGenerator catalog) throws IOException {
         
         catalog.writeStartObject();
@@ -251,6 +321,7 @@ class ReportCaseUco implements GeneralReportModule {
             configPanel = new ReportCaseUcoConfigPanel();
         } catch (NoCurrentCaseException | TskCoreException | SQLException ex) {
             logger.log(Level.SEVERE, "Failed to initialize CASE/UCO settings panel", ex); //NON-NLS
+            // ELTODO display error
             configPanel = null;
         }
         return configPanel;

From 6fe00f312ea4f3c57057b306da52fcc66905a366 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Wed, 7 Nov 2018 16:43:31 -0500
Subject: [PATCH 17/70] Added relationships between traces. Lots of bug fixes

---
 .../modules/case_uco/ReportCaseUco.java       | 68 ++++++++++++++-----
 1 file changed, 52 insertions(+), 16 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 7e4bbd17a1..6c1c3bc59f 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -57,6 +57,7 @@ class ReportCaseUco implements GeneralReportModule {
     private ReportCaseUcoConfigPanel configPanel;
     
     private static final String REPORT_FILE_NAME = "CaseUco.txt";
+    private static final String SEPARATOR = java.io.File.separator;
     
     // Hidden constructor for the report
     private ReportCaseUco() {
@@ -134,7 +135,7 @@ class ReportCaseUco implements GeneralReportModule {
             jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter("  ", "\n")));
             
             // create CASE/UCO data source entry
-            String dataSourceRelationshipName = getDataSourceInfo(selectedDataSourceId, skCase, jsonGenerator);
+            String dataSourceTraceId = getDataSourceInfo(selectedDataSourceId, skCase, jsonGenerator);
             
             progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
             
@@ -170,7 +171,7 @@ class ReportCaseUco implements GeneralReportModule {
                 String mime_type = resultSet.getString("mime_type"); 
                 String extension = resultSet.getString("extension");
                 
-                saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator);
+                saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
             }
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
@@ -213,7 +214,7 @@ class ReportCaseUco implements GeneralReportModule {
             queryResult = skCase.executeQuery(getPathToDataSourceQuery);
             resultSet = queryResult.getResultSet();
             while (resultSet.next()) {
-                imageName = resultSet.getString(1);
+                imageName = resultSet.getString(1); // ELTODO remove double slashes
                 break;
             }
         } else {
@@ -232,6 +233,7 @@ class ReportCaseUco implements GeneralReportModule {
     
     private String saveDataSourceInCaseUcoFormat(JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId) throws IOException {
         
+        // create a "trace" entry for the data source
         String dataSourceTraceId = "data-source-"+selectedDataSourceId;
         catalog.writeStartObject();
         catalog.writeStringField("@id", dataSourceTraceId);
@@ -259,10 +261,13 @@ class ReportCaseUco implements GeneralReportModule {
     }
 
     private void saveFileInCaseUcoFormat(Long objectId, String fileName, String parent_path, String md5Hash, String mime_type, long size, String ctime, 
-            String atime, String mtime, String extension, JsonGenerator catalog) throws IOException {
+            String atime, String mtime, String extension, JsonGenerator catalog, String dataSourceTraceId) throws IOException {
         
+        String fileTraceId = "file-" + objectId;
+        
+        // create a "trace" entry for the file
         catalog.writeStartObject();
-        catalog.writeStringField("@id", "file-"+objectId);
+        catalog.writeStringField("@id", fileTraceId);
         catalog.writeStringField("@type", "Trace");
         
         catalog.writeFieldName("propertyBundle");
@@ -273,29 +278,60 @@ class ReportCaseUco implements GeneralReportModule {
         catalog.writeStringField("createdTime", ctime);
         catalog.writeStringField("accessedTime", atime);
         catalog.writeStringField("modifiedTime", mtime);
-        catalog.writeStringField("extension", extension);
+        if (extension != null) {
+            catalog.writeStringField("extension", extension);
+        }
         catalog.writeStringField("fileName", fileName);
-        catalog.writeStringField("filePath", parent_path);
+        if (parent_path != null) {
+            catalog.writeStringField("filePath", parent_path + fileName);
+        }
         catalog.writeStringField("sizeInBytes", Long.toString(size));        
         catalog.writeEndObject();
         
         catalog.writeStartObject();
         catalog.writeStringField("@type", "ContentData");
         catalog.writeStringField("sizeInBytes", Long.toString(size));
-        catalog.writeStringField("mimeType", mime_type);
-        catalog.writeFieldName("hash");
-        catalog.writeStartArray();
-        catalog.writeStartObject();
-        catalog.writeStringField("@type", "Hash");
-        catalog.writeStringField("hashMethod", "SHA256");
-        catalog.writeStringField("hashValue", md5Hash);
-        catalog.writeEndObject();
-        catalog.writeEndArray();
+        if (mime_type != null) {
+            catalog.writeStringField("mimeType", mime_type);
+        }
+        if (md5Hash != null) {
+            catalog.writeFieldName("hash");
+            catalog.writeStartArray();
+            catalog.writeStartObject();
+            catalog.writeStringField("@type", "Hash");
+            catalog.writeStringField("hashMethod", "SHA256");
+            catalog.writeStringField("hashValue", md5Hash);
+            catalog.writeEndObject();
+            catalog.writeEndArray();
+        }
 
         catalog.writeEndObject();
         
         catalog.writeEndArray();
         catalog.writeEndObject();
+        
+        // create a "relationship" entry between the file and the data source
+        catalog.writeStartObject();
+        catalog.writeStringField("@id", "relationship-" + objectId);
+        catalog.writeStringField("@type", "Relationship");
+        catalog.writeStringField("source", fileTraceId);
+        catalog.writeStringField("target", dataSourceTraceId);
+        catalog.writeStringField("kindOfRelationshipe", "contained-within");
+        catalog.writeBooleanField("isDirectional", true);
+        
+        catalog.writeFieldName("propertyBundle");
+        catalog.writeStartArray();        
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "PathRelation");
+        if (parent_path != null) {
+            catalog.writeStringField("path", parent_path + fileName);
+        } else {
+            catalog.writeStringField("path", fileName);
+        }
+        catalog.writeEndObject();        
+        catalog.writeEndArray();
+        
+        catalog.writeEndObject();
     }
 
     @Override

From 7368a7e64b88c5dd4f45895d1c9b18640dc7d6d1 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Thu, 8 Nov 2018 08:17:26 -0500
Subject: [PATCH 18/70] Added support for new hash columns. Started on
 reworking E01 module.

---
 .../autopsy/datamodel/ImageNode.java          |  16 +++
 .../modules/e01verify/Bundle.properties       |   3 +
 .../e01verify/E01VerifierModuleFactory.java   |  41 +++++-
 .../e01verify/E01VerifyIngestModule.java      | 132 +++++++++++++++++-
 4 files changed, 184 insertions(+), 8 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
index d11d7c64b2..4fcbe3566b 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
@@ -128,6 +128,12 @@ public class ImageNode extends AbstractContentNode<Image> {
         "ImageNode.createSheet.md5.name=MD5 Hash",
         "ImageNode.createSheet.md5.displayName=MD5 Hash",
         "ImageNode.createSheet.md5.desc=MD5 Hash of the image",
+        "ImageNode.createSheet.sha1.name=SHA1 Hash",
+        "ImageNode.createSheet.sha1.displayName=SHA1 Hash",
+        "ImageNode.createSheet.sha1.desc=SHA1 Hash of the image", 
+        "ImageNode.createSheet.sha256.name=SHA256 Hash",
+        "ImageNode.createSheet.sha256.displayName=SHA256 Hash",
+        "ImageNode.createSheet.sha256.desc=SHA256 Hash of the image",       
         "ImageNode.createSheet.timezone.name=Timezone",
         "ImageNode.createSheet.timezone.displayName=Timezone",
         "ImageNode.createSheet.timezone.desc=Timezone of the image",
@@ -165,6 +171,16 @@ public class ImageNode extends AbstractContentNode<Image> {
                 Bundle.ImageNode_createSheet_md5_displayName(),
                 Bundle.ImageNode_createSheet_md5_desc(),
                 this.content.getMd5()));
+        
+        sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_sha1_name(),
+                Bundle.ImageNode_createSheet_sha1_displayName(),
+                Bundle.ImageNode_createSheet_sha1_desc(),
+                this.content.getSha1()));
+        
+        sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_sha256_name(),
+                Bundle.ImageNode_createSheet_sha256_displayName(),
+                Bundle.ImageNode_createSheet_sha256_desc(),
+                this.content.getSha256()));
 
         sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_timezone_name(),
                 Bundle.ImageNode_createSheet_timezone_displayName(),
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
index 04f02cd579..445bbc0461 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
@@ -13,3 +13,6 @@ EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>EWF Verification Results f
 EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
 EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
 EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
+IngestSettingsPanel.verifyHashesCheckbox.text=Verify existing hashes
+IngestSettingsPanel.computeHashesCheckbox.text=Calculate hashes if none are present
+IngestSettingsPanel.jLabel3.text=Ingest Settings
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java
index 0b4233d86a..6adb514df9 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java
@@ -25,6 +25,8 @@ import org.sleuthkit.autopsy.ingest.IngestModuleFactoryAdapter;
 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
 import org.sleuthkit.autopsy.ingest.IngestModuleFactory;
 import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
+import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettingsPanel;
+import org.sleuthkit.autopsy.ingest.NoIngestModuleIngestJobSettings;
 
 /**
  * An factory that creates data source ingest modules that verify the integrity
@@ -60,7 +62,42 @@ public class E01VerifierModuleFactory extends IngestModuleFactoryAdapter {
     }
 
     @Override
-    public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings ingestOptions) {
-        return new E01VerifyIngestModule();
+    public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings settings) {
+        if (settings instanceof IngestSettings) {
+            return new E01VerifyIngestModule((IngestSettings) settings);
+        }
+        /*
+         * Compatibility check for older versions.
+         */
+        if (settings instanceof NoIngestModuleIngestJobSettings) {
+            return new E01VerifyIngestModule(new IngestSettings());
+        }
+        
+        throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
     }
+    
+    @Override
+    public IngestModuleIngestJobSettings getDefaultIngestJobSettings() {
+        return new IngestSettings();
+    }
+
+    @Override
+    public boolean hasIngestJobSettingsPanel() {
+        return true;
+    }
+
+    @Override
+    public IngestModuleIngestJobSettingsPanel getIngestJobSettingsPanel(IngestModuleIngestJobSettings settings) {
+        if (settings instanceof IngestSettings) {
+            return new IngestSettingsPanel((IngestSettings) settings);
+        }
+        /*
+         * Compatibility check for older versions.
+         */
+        if (settings instanceof NoIngestModuleIngestJobSettings) {
+            return new IngestSettingsPanel(new IngestSettings());
+        }
+        
+        throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
+    }    
 }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index 27a189f478..15e8128fee 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -20,10 +20,12 @@ package org.sleuthkit.autopsy.modules.e01verify;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
+import java.util.ArrayList;
+import java.util.List;
 import java.util.logging.Level;
 import javax.xml.bind.DatatypeConverter;
-import org.openide.util.NbBundle;
-import org.python.bouncycastle.util.Arrays;
+//import org.python.bouncycastle.util.Arrays;
+import java.util.Arrays;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
 import org.sleuthkit.autopsy.ingest.DataSourceIngestModuleProgress;
@@ -51,33 +53,130 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
     private static final long DEFAULT_CHUNK_SIZE = 32 * 1024;
     private static final IngestServices services = IngestServices.getInstance();
 
+    private final boolean computeHashes;
+    private final boolean verifyHashes;
+    
+    private final List<MessageDigest> messageDigests = new ArrayList<>();
+    
     private MessageDigest messageDigest;
     private boolean verified = false;
     private String calculatedHash = "";
     private String storedHash = "";
     private IngestJobContext context;
-
-    E01VerifyIngestModule() {
+    
+    E01VerifyIngestModule(IngestSettings settings) {
+        computeHashes = settings.shouldComputeHashes();
+        verifyHashes = settings.shouldVerifyHashes();
     }
 
+    @NbBundle.Messages({
+        "E01VerifyIngestModule.startup.noCheckboxesSelected=At least one of the checkboxes must be selected"
+    })
     @Override
     public void startUp(IngestJobContext context) throws IngestModuleException {
         this.context = context;
         verified = false;
         storedHash = "";
         calculatedHash = "";
-
+        
+        // It's an error if the module is run without either option selected
+        if (!(computeHashes || verifyHashes)) {
+            throw new IngestModuleException(Bundle.E01VerifyIngestModule_startup_noCheckboxesSelected());
+        }
+        
         try {
             messageDigest = MessageDigest.getInstance("MD5"); //NON-NLS
         } catch (NoSuchAlgorithmException ex) {
             throw new IngestModuleException(Bundle.UnableToCalculateHashes(), ex);
         }
+        
+        
     }
-
+    
+    @NbBundle.Messages({
+        "# {0} - imageName",
+        "E01VerifyIngestModule.process.skipCompute=Not computing new hashes for {0} since the option was disabled",
+        "# {0} - imageName",
+        "E01VerifyIngestModule.process.skipVerify=Not verifying existing hashes for {0} since the option was disabled",
+        "# {0} - hashName",
+        "E01VerifyIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm"
+    })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
         String imgName = dataSource.getName();
 
+        // Skip non-images
+        if (!(dataSource instanceof Image)) {
+            logger.log(Level.INFO, "Skipping non-image {0}", imgName); //NON-NLS
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
+                    NbBundle.getMessage(this.getClass(),
+                            "EwfVerifyIngestModule.process.skipNonEwf",
+                            imgName)));
+            return ProcessResult.OK;
+        }
+        Image img = (Image) dataSource;
+        
+        // Determine which mode we're in. 
+        // - If there are any preset hashes, then we'll verify them (assuming the verify checkbox is selected)
+        // - Otherwise we'll calculate and store all three hashes (assuming the compute checkbox is selected)
+        
+        // First get a list of all stored hash types
+        List<HashType> hashesToCalculate = new ArrayList<>();
+        if (img.getMd5() != null && ! img.getMd5().isEmpty()) {
+            hashesToCalculate.add(HashType.MD5);
+        }
+        if (img.getSha1() != null && ! img.getSha1().isEmpty()) {
+            hashesToCalculate.add(HashType.SHA1);
+        }
+        if (img.getSha256() != null && ! img.getSha256().isEmpty()) {
+            hashesToCalculate.add(HashType.SHA256);
+        }
+        
+        // Figure out which mode we should be in
+        Mode mode;
+        if (hashesToCalculate.isEmpty()) {
+            mode = Mode.COMPUTE;
+        } else {
+            mode = Mode.VERIFY;
+        }
+        
+        // If that mode was not enabled by the user, exit
+        if (mode.equals(Mode.COMPUTE) && ! this.computeHashes) {
+            logger.log(Level.INFO, "Not computing hashes for {0} since the option was disabled", imgName); //NON-NLS
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
+                    Bundle.E01VerifyIngestModule_process_skipCompute(imgName)));
+            return ProcessResult.OK;
+        } else if (mode.equals(Mode.VERIFY) && ! this.verifyHashes) {
+            logger.log(Level.INFO, "Not verifying hashes for {0} since the option was disabled", imgName); //NON-NLS
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
+                    Bundle.E01VerifyIngestModule_process_skipVerify(imgName)));
+            return ProcessResult.OK;
+        }
+        
+        // If we're in compute mode (i.e., the hash list is empty), add all hash algorithms
+        // to the list.
+        if (mode.equals(Mode.COMPUTE)) {
+            hashesToCalculate.addAll(Arrays.asList(HashType.values()));
+        }
+        
+        // Set up the digests
+        for (HashType hashType:hashesToCalculate) {
+            try {
+                messageDigest = MessageDigest.getInstance(hashType.getName()); //NON-NLS
+            } catch (NoSuchAlgorithmException ex) {
+                String msg = Bundle.E01VerifyIngestModule_process_hashAlgorithmError(hashType.getName());
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                logger.log(Level.SEVERE, msg, ex);
+                return ProcessResult.ERROR;
+            }
+        }
+        
+        return ProcessResult.OK;
+    }
+
+    public ProcessResult process2(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
+        String imgName = dataSource.getName();
+
         // Skip non-images
         if (!(dataSource instanceof Image)) {
             logger.log(Level.INFO, "Skipping non-image {0}", imgName); //NON-NLS
@@ -186,4 +285,25 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
 
         return ProcessResult.OK;
     }
+    
+    private enum Mode {
+        COMPUTE,
+        VERIFY;
+    }
+    
+    private enum HashType {
+        MD5("MD5"), 
+        SHA1("SHA-1"),
+        SHA256("SHA-256");
+        
+        private final String name; // This should be the string expected by MessageDigest
+        
+        HashType(String name) {
+            this.name = name;
+        }
+        
+        String getName() {
+            return name;
+        }
+    }
 }

From 6b3fb0ec2932ab94b70b3f712eb3cb6d906579d6 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Thu, 8 Nov 2018 12:47:04 -0500
Subject: [PATCH 19/70] Add code to verify hashes

---
 .../e01verify/E01VerifyIngestModule.java      | 159 +++++++++++++++---
 1 file changed, 139 insertions(+), 20 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index 15e8128fee..ae6b64ff51 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -56,9 +56,9 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
     private final boolean computeHashes;
     private final boolean verifyHashes;
     
-    private final List<MessageDigest> messageDigests = new ArrayList<>();
+    //private final List<MessageDigest> messageDigests = new ArrayList<>();
+    private final List<HashStruct> hashInfo = new ArrayList<>();
     
-    private MessageDigest messageDigest;
     private boolean verified = false;
     private String calculatedHash = "";
     private String storedHash = "";
@@ -83,14 +83,23 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         if (!(computeHashes || verifyHashes)) {
             throw new IngestModuleException(Bundle.E01VerifyIngestModule_startup_noCheckboxesSelected());
         }
+    }
+    
+    // MOVE AND RENAME THIS
+    private class HashStruct {
+        HashType type;
+        MessageDigest digest;
+        String storedHash;
+        String calculatedHash;
         
-        try {
-            messageDigest = MessageDigest.getInstance("MD5"); //NON-NLS
-        } catch (NoSuchAlgorithmException ex) {
-            throw new IngestModuleException(Bundle.UnableToCalculateHashes(), ex);
+        HashStruct(HashType type, String storedHash) {
+            this.type = type;
+            this.storedHash = storedHash;
         }
         
-        
+        void setMessageDigest(MessageDigest digest) {
+            this.digest = digest;
+        }
     }
     
     @NbBundle.Messages({
@@ -99,7 +108,14 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         "# {0} - imageName",
         "E01VerifyIngestModule.process.skipVerify=Not verifying existing hashes for {0} since the option was disabled",
         "# {0} - hashName",
-        "E01VerifyIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm"
+        "E01VerifyIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm",
+        "# {0} - hashName",
+        "# {1} - hashValue",
+        "E01VerifyIngestModule.process.hashMatch={0} hash verified: {1} ",
+        "# {0} - hashName",
+        "# {1} - calculatedHashValue",
+        "# {2} - storedHashValue",
+        "E01VerifyIngestModule.process.hashNonMatch={0} hash not verified - calculated hash: {1}  stored hash: {2}",
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -115,26 +131,40 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             return ProcessResult.OK;
         }
         Image img = (Image) dataSource;
+
+        // Make sure the image size we have is not zero
+        long size = img.getSize();
+        if (size == 0) {
+            logger.log(Level.WARNING, "Size of image {0} was 0 when queried.", imgName); //NON-NLS
+            services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(),
+                    NbBundle.getMessage(this.getClass(),
+                            "EwfVerifyIngestModule.process.errGetSizeOfImg",
+                            imgName)));
+        }
         
         // Determine which mode we're in. 
         // - If there are any preset hashes, then we'll verify them (assuming the verify checkbox is selected)
         // - Otherwise we'll calculate and store all three hashes (assuming the compute checkbox is selected)
         
         // First get a list of all stored hash types
-        List<HashType> hashesToCalculate = new ArrayList<>();
+        //List<HashType> hashesToCalculate = new ArrayList<>();
         if (img.getMd5() != null && ! img.getMd5().isEmpty()) {
-            hashesToCalculate.add(HashType.MD5);
+            //hashesToCalculate.add(HashType.MD5);
+            hashInfo.add(new HashStruct(HashType.MD5, img.getMd5()));
         }
         if (img.getSha1() != null && ! img.getSha1().isEmpty()) {
-            hashesToCalculate.add(HashType.SHA1);
+            //hashesToCalculate.add(HashType.SHA1);
+            hashInfo.add(new HashStruct(HashType.SHA1, img.getSha1()));
         }
         if (img.getSha256() != null && ! img.getSha256().isEmpty()) {
-            hashesToCalculate.add(HashType.SHA256);
+            //hashesToCalculate.add(HashType.SHA256);
+            hashInfo.add(new HashStruct(HashType.SHA256, img.getSha256()));
         }
         
         // Figure out which mode we should be in
         Mode mode;
-        if (hashesToCalculate.isEmpty()) {
+        //if (hashesToCalculate.isEmpty()) {
+        if (hashInfo.isEmpty()) {
             mode = Mode.COMPUTE;
         } else {
             mode = Mode.VERIFY;
@@ -156,21 +186,110 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         // If we're in compute mode (i.e., the hash list is empty), add all hash algorithms
         // to the list.
         if (mode.equals(Mode.COMPUTE)) {
-            hashesToCalculate.addAll(Arrays.asList(HashType.values()));
+            //hashesToCalculate.addAll(Arrays.asList(HashType.values()));
+            for(HashType type : HashType.values()) {
+                hashInfo.add(new HashStruct(type, ""));
+            }
         }
         
         // Set up the digests
-        for (HashType hashType:hashesToCalculate) {
+        //for (HashType hashType:hashesToCalculate) {
+        for (HashStruct struct:hashInfo) {
             try {
-                messageDigest = MessageDigest.getInstance(hashType.getName()); //NON-NLS
+                //messageDigests.add(MessageDigest.getInstance(hashType.getName())); //NON-NLS
+                struct.setMessageDigest(MessageDigest.getInstance(struct.type.getName()));
             } catch (NoSuchAlgorithmException ex) {
-                String msg = Bundle.E01VerifyIngestModule_process_hashAlgorithmError(hashType.getName());
+                String msg = Bundle.E01VerifyIngestModule_process_hashAlgorithmError(struct.type.getName());
                 services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, msg, ex);
                 return ProcessResult.ERROR;
             }
         }
         
+        // Libewf uses a chunk size of 64 times the sector size, which is the
+        // motivation for using it here. For other images it shouldn't matter,
+        // so they can use this chunk size as well.
+        long chunkSize = 64 * img.getSsize();
+        chunkSize = (chunkSize == 0) ? DEFAULT_CHUNK_SIZE : chunkSize;
+
+        // Casting to double to capture decimals
+        int totalChunks = (int) Math.ceil((double) size / (double) chunkSize);
+        logger.log(Level.INFO, "Total chunks = {0}", totalChunks); //NON-NLS
+
+        // Set up the progress bar
+        statusHelper.switchToDeterminate(totalChunks);
+        
+        // Read in byte size chunks and update the hash value with the data.
+        byte[] data = new byte[(int) chunkSize];
+        int read;
+        for (int i = 0; i < totalChunks; i++) {
+            if (context.dataSourceIngestIsCancelled()) {
+                return ProcessResult.OK;
+            }
+            try {
+                read = img.read(data, i * chunkSize, chunkSize);
+            } catch (TskCoreException ex) {
+                String msg = NbBundle.getMessage(this.getClass(),
+                        "EwfVerifyIngestModule.process.errReadImgAtChunk", imgName, i);
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                logger.log(Level.SEVERE, msg, ex);
+                return ProcessResult.ERROR;
+            }
+
+            // Only update with the read bytes.
+            if (read == chunkSize) {
+                for (HashStruct struct:hashInfo) {
+                    struct.digest.update(data);
+                }
+            } else {
+                byte[] subData = Arrays.copyOfRange(data, 0, read);
+                for (HashStruct struct:hashInfo) {
+                    struct.digest.update(subData);
+                }
+            }
+            statusHelper.progress(i);
+        }
+        
+        // Produce the final hashes
+        for(HashStruct struct:hashInfo) {
+            struct.calculatedHash = DatatypeConverter.printHexBinary(struct.digest.digest()).toLowerCase();
+            logger.log(Level.INFO, "Hash calculated from {0}: {1}", new Object[]{imgName, struct.calculatedHash}); //NON-NLS
+        }
+        
+        if (mode.equals(Mode.VERIFY)) {
+            // Check that each hash matches
+            boolean verified = true;
+            String detailedResults = NbBundle
+                .getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verifyResultsHeader", imgName);
+            String hashResults = "";
+            
+            for (HashStruct struct:hashInfo) {
+                if (struct.storedHash.equals(struct.calculatedHash)) {
+                    hashResults += Bundle.E01VerifyIngestModule_process_hashMatch(struct.type.name, struct.storedHash);
+                } else {
+                    verified = false;
+                    hashResults += Bundle.E01VerifyIngestModule_process_hashNonMatch(struct.type.name, struct.calculatedHash, struct.storedHash);
+                }
+                
+            }
+            
+            String verificationResultStr;
+            if (verified) {
+                verificationResultStr = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verified");
+            } else {
+                verificationResultStr = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.notVerified");
+            }
+            
+            detailedResults += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.resultLi", verificationResultStr);
+            detailedResults += hashResults;
+
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(), imgName + verificationResultStr, detailedResults));
+        
+        } else {
+            // Store the hashes in the database
+            // TO DO
+        }
+        
         return ProcessResult.OK;
     }
 
@@ -255,16 +374,16 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
 
             // Only update with the read bytes.
             if (read == chunkSize) {
-                messageDigest.update(data);
+                //messageDigest.update(data);
             } else {
                 byte[] subData = Arrays.copyOfRange(data, 0, read);
-                messageDigest.update(subData);
+                //messageDigest.update(subData);
             }
             statusHelper.progress(i);
         }
 
         // Finish generating the hash and get it as a string value
-        calculatedHash = DatatypeConverter.printHexBinary(messageDigest.digest()).toLowerCase();
+        //calculatedHash = DatatypeConverter.printHexBinary(messageDigest.digest()).toLowerCase();
         verified = calculatedHash.equals(storedHash);
         logger.log(Level.INFO, "Hash calculated from {0}: {1}", new Object[]{imgName, calculatedHash}); //NON-NLS
 

From 7a0d31c31b333c3e470743d31b0a86f1b5016cd7 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 8 Nov 2018 14:45:15 -0500
Subject: [PATCH 20/70] Added UI warnings on errors

---
 .../modules/case_uco/Bundle.properties        |  5 ---
 .../modules/case_uco/ReportCaseUco.java       | 43 ++++++++++++-------
 2 files changed, 28 insertions(+), 20 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
index 7ec1dbe154..b49648b8f1 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
@@ -1,9 +1,4 @@
 OpenIDE-Module-Name=CaseUcoModule
-ReportCaseUco.progress.initializing=Creating directories...
-ReportCaseUco.progress.querying=Querying files...
-ReportCaseUco.ingestWarning.text=Warning, this report was run before ingest services completed\!
-ReportCaseUco.progress.loading=Loading files...
-ReportCaseUco.progress.processing=Saving files in CASE/UCO format...
 ReportCaseUco.getName.text=CASE/UCO
 ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
 ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=Select a data source for the CASE/UCO report
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 6c1c3bc59f..cce4ed46ae 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -39,6 +39,7 @@ import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.autopsy.coreutils.MessageNotifyUtil;
 import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.autopsy.report.GeneralReportModule;
@@ -56,8 +57,7 @@ class ReportCaseUco implements GeneralReportModule {
     private static ReportCaseUco instance = null;
     private ReportCaseUcoConfigPanel configPanel;
     
-    private static final String REPORT_FILE_NAME = "CaseUco.txt";
-    private static final String SEPARATOR = java.io.File.separator;
+    private static final String REPORT_FILE_NAME = "CaseUco.json";
     
     // Hidden constructor for the report
     private ReportCaseUco() {
@@ -77,20 +77,30 @@ class ReportCaseUco implements GeneralReportModule {
      * @param baseReportDir path to save the report
      * @param progressPanel panel to update the report's progress
      */
+    @NbBundle.Messages({
+        "ReportCaseUco.notInitialized=CASE/UCO settings panel has not been initialized",
+        "ReportCaseUco.noDataSourceSelected=No data source selected for CASE/UCO report",
+        "ReportCaseUco.noCaseOpen=Unable to open currect case",
+        "ReportCaseUco.unableToCreateDirectories=Unable to create directory for CASE/UCO report",
+        "ReportCaseUco.initializing=Creating directories...",
+        "ReportCaseUco.querying=Querying files...",
+        "ReportCaseUco.ingestWarning=Warning, this report will be created before ingest services completed\\!",
+        "ReportCaseUco.processing=Saving files in CASE/UCO format..."
+    })
     @Override
     @SuppressWarnings("deprecation")
     public void generateReport(String baseReportDir, ReportProgressPanel progressPanel) {
 
         if (configPanel == null) {
             logger.log(Level.SEVERE, "CASE/UCO settings panel has not been initialized"); //NON-NLS
-            // ELTODO
+            MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_notInitialized());
             return;            
         }
         
         Long selectedDataSourceId = configPanel.getSelectedDataSourceId();
         if (selectedDataSourceId == ReportCaseUcoConfigPanel.NO_DATA_SOURCE_SELECTED) {
             logger.log(Level.SEVERE, "No data source selected for CASE/UCO report"); //NON-NLS
-            // ELTODO
+            MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noDataSourceSelected());
             return;
         } 
         
@@ -99,13 +109,14 @@ class ReportCaseUco implements GeneralReportModule {
             currentCase = Case.getCurrentCaseThrows();
         } catch (NoCurrentCaseException ex) {
             logger.log(Level.SEVERE, "Exception while getting open case.", ex);
+            MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noCaseOpen());
             return;
         }
         
         // Start the progress bar and setup the report
         progressPanel.setIndeterminate(false);
         progressPanel.start();
-        progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.initializing"));
+        progressPanel.updateStatusLabel(Bundle.ReportCaseUco_initializing());
               
         // Create the JSON generator
         JsonFactory jsonGeneratorFactory = new JsonFactory();
@@ -115,14 +126,14 @@ class ReportCaseUco implements GeneralReportModule {
             Files.createDirectories(Paths.get(reportFile.getParent()));
         } catch (IOException ex) {
             logger.log(Level.SEVERE, "Unable to create directory for CASE/UCO report", ex); //NON-NLS
-            // ELTODO what else needs to be done here?
+            MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories());
             return;
         }
         
         // Check if ingest has finished
         if (IngestManager.getInstance().isIngestRunning()) {
-            String ingestwarning = NbBundle.getMessage(this.getClass(), "ReportCaseUco.ingestWarning.text");
-            // ELTODO what to do with this warning?
+            MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning());
+            // ELTODO exit?
         }
 
         SleuthkitCase skCase = currentCase.getSleuthkitCase();
@@ -134,11 +145,11 @@ class ReportCaseUco implements GeneralReportModule {
             // instert \n after each field for more readable formatting
             jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter("  ", "\n")));
             
+            progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
+            
             // create CASE/UCO data source entry
             String dataSourceTraceId = getDataSourceInfo(selectedDataSourceId, skCase, jsonGenerator);
             
-            progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.querying"));
-            
             // Run getAllFilesQuery to get all files, exclude directories
             final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
                     + "data_source_obj_id = " + Long.toString(selectedDataSourceId)
@@ -146,14 +157,13 @@ class ReportCaseUco implements GeneralReportModule {
                     + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
                     + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS
 
-            progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.loading"));
-
             SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery);
             ResultSet resultSet = queryResult.getResultSet();
 
-            progressPanel.updateStatusLabel(NbBundle.getMessage(this.getClass(), "ReportCaseUco.progress.processing"));
+            progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
             
             // Loop files and write info to report
+            int count = 0;
             while (resultSet.next()) {
 
                 if (progressPanel.getStatus() == ReportStatus.CANCELED) {
@@ -172,8 +182,10 @@ class ReportCaseUco implements GeneralReportModule {
                 String extension = resultSet.getString("extension");
                 
                 saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
+                count++;
             }
             progressPanel.complete(ReportStatus.COMPLETE);
+            logger.log(Level.INFO, "ELDEBUG Number of files saved {0}", count); //NON-NLS
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
         } catch (IOException ex) {
@@ -285,12 +297,12 @@ class ReportCaseUco implements GeneralReportModule {
         if (parent_path != null) {
             catalog.writeStringField("filePath", parent_path + fileName);
         }
+        catalog.writeBooleanField("isDirectory", false);
         catalog.writeStringField("sizeInBytes", Long.toString(size));        
         catalog.writeEndObject();
         
         catalog.writeStartObject();
         catalog.writeStringField("@type", "ContentData");
-        catalog.writeStringField("sizeInBytes", Long.toString(size));
         if (mime_type != null) {
             catalog.writeStringField("mimeType", mime_type);
         }
@@ -304,6 +316,7 @@ class ReportCaseUco implements GeneralReportModule {
             catalog.writeEndObject();
             catalog.writeEndArray();
         }
+        catalog.writeStringField("sizeInBytes", Long.toString(size));
 
         catalog.writeEndObject();
         
@@ -357,7 +370,7 @@ class ReportCaseUco implements GeneralReportModule {
             configPanel = new ReportCaseUcoConfigPanel();
         } catch (NoCurrentCaseException | TskCoreException | SQLException ex) {
             logger.log(Level.SEVERE, "Failed to initialize CASE/UCO settings panel", ex); //NON-NLS
-            // ELTODO display error
+            MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_notInitialized());
             configPanel = null;
         }
         return configPanel;

From 7c72f7cb0e7be2fd92e06e90bf56b94dfdb9df78 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 8 Nov 2018 16:34:24 -0500
Subject: [PATCH 21/70] Added trace and relationship entries for Autopy case.
 Bug fixes

---
 .../modules/case_uco/ReportCaseUco.java       | 95 ++++++++++++++++---
 1 file changed, 82 insertions(+), 13 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index cce4ed46ae..8e095deb81 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -49,7 +49,7 @@ import org.sleuthkit.datamodel.*;
 
 /**
  * ReportCaseUco generates a report in the CASE/UCO format. It saves basic
- * file info like full path, name, MIME type, times, and hash.
+ file info like full caseDirPath, name, MIME type, times, and hash.
  */
 class ReportCaseUco implements GeneralReportModule {
 
@@ -74,7 +74,7 @@ class ReportCaseUco implements GeneralReportModule {
     /**
      * Generates a CASE/UCO format report.
      *
-     * @param baseReportDir path to save the report
+     * @param baseReportDir caseDirPath to save the report
      * @param progressPanel panel to update the report's progress
      */
     @NbBundle.Messages({
@@ -94,6 +94,7 @@ class ReportCaseUco implements GeneralReportModule {
         if (configPanel == null) {
             logger.log(Level.SEVERE, "CASE/UCO settings panel has not been initialized"); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_notInitialized());
+            progressPanel.complete(ReportStatus.ERROR);
             return;            
         }
         
@@ -101,6 +102,7 @@ class ReportCaseUco implements GeneralReportModule {
         if (selectedDataSourceId == ReportCaseUcoConfigPanel.NO_DATA_SOURCE_SELECTED) {
             logger.log(Level.SEVERE, "No data source selected for CASE/UCO report"); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noDataSourceSelected());
+            progressPanel.complete(ReportStatus.ERROR);
             return;
         } 
         
@@ -110,6 +112,7 @@ class ReportCaseUco implements GeneralReportModule {
         } catch (NoCurrentCaseException ex) {
             logger.log(Level.SEVERE, "Exception while getting open case.", ex);
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noCaseOpen());
+            progressPanel.complete(ReportStatus.ERROR);
             return;
         }
         
@@ -127,6 +130,7 @@ class ReportCaseUco implements GeneralReportModule {
         } catch (IOException ex) {
             logger.log(Level.SEVERE, "Unable to create directory for CASE/UCO report", ex); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories());
+            progressPanel.complete(ReportStatus.ERROR);
             return;
         }
         
@@ -147,8 +151,11 @@ class ReportCaseUco implements GeneralReportModule {
             
             progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
             
+            // create CASE/UCO entry for the Autopsy case
+            String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
+            
             // create CASE/UCO data source entry
-            String dataSourceTraceId = getDataSourceInfo(selectedDataSourceId, skCase, jsonGenerator);
+            String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator);
             
             // Run getAllFilesQuery to get all files, exclude directories
             final String getAllFilesQuery = "select obj_id, name, size, crtime, atime, mtime, md5, parent_path, mime_type, extension from tsk_files where "
@@ -162,8 +169,7 @@ class ReportCaseUco implements GeneralReportModule {
 
             progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
             
-            // Loop files and write info to report
-            int count = 0;
+            // Loop files and write info to CASE/UCO report
             while (resultSet.next()) {
 
                 if (progressPanel.getStatus() == ReportStatus.CANCELED) {
@@ -182,21 +188,24 @@ class ReportCaseUco implements GeneralReportModule {
                 String extension = resultSet.getString("extension");
                 
                 saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
-                count++;
             }
             progressPanel.complete(ReportStatus.COMPLETE);
-            logger.log(Level.INFO, "ELDEBUG Number of files saved {0}", count); //NON-NLS
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
+            progressPanel.complete(ReportStatus.ERROR);
         } catch (IOException ex) {
             logger.log(Level.SEVERE, "Failed to create JSON output for the CASE/UCO report", ex); //NON-NLS
+            progressPanel.complete(ReportStatus.ERROR);
         } catch (SQLException ex) {
             logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS
+            progressPanel.complete(ReportStatus.ERROR);
+        } catch (NoCurrentCaseException ex) {
+            logger.log(Level.SEVERE, "No current case open", ex); //NON-NLS
+            progressPanel.complete(ReportStatus.ERROR);
         } finally {
             if (jsonGenerator != null) {
                 try {
                     jsonGenerator.close();
-                    // ELTODO investigate database closing issue
                 } catch (IOException ex) {
                     logger.log(Level.WARNING, "Failed to close JSON output file", ex); //NON-NLS
                 }
@@ -204,7 +213,48 @@ class ReportCaseUco implements GeneralReportModule {
         }
     }
     
-    private String getDataSourceInfo(Long selectedDataSourceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException {
+    
+    private String saveCaseInfo(SleuthkitCase skCase, JsonGenerator catalog) throws TskCoreException, SQLException, IOException, NoCurrentCaseException {
+        
+        // create a "trace" entry for the Autopsy case iteself
+        String uniqueCaseName;
+        String dbFileName;
+        TskData.DbType dbType = skCase.getDatabaseType();
+        if (dbType == TskData.DbType.SQLITE) {
+            uniqueCaseName = Case.getCurrentCaseThrows().getName();
+            dbFileName = skCase.getDatabaseName();
+        } else {
+            uniqueCaseName = skCase.getDatabaseName();
+            dbFileName = "";
+        }
+        
+        String caseDirPath = skCase.getDbDirPath();
+        String caseTraceId = "case-" + uniqueCaseName;
+        catalog.writeStartObject();
+        catalog.writeStringField("@id", caseTraceId);
+        catalog.writeStringField("@type", "Trace");
+
+        catalog.writeFieldName("propertyBundle");
+        catalog.writeStartArray();
+
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "File");
+        if (dbType == TskData.DbType.SQLITE) {
+            catalog.writeStringField("filePath", caseDirPath + java.io.File.separator + dbFileName);
+            catalog.writeBooleanField("isDirectory", false);
+        } else {
+            catalog.writeStringField("filePath", caseDirPath);
+            catalog.writeBooleanField("isDirectory", true);            
+        }
+        catalog.writeEndObject();
+
+        catalog.writeEndArray();
+        catalog.writeEndObject();
+
+        return caseTraceId;
+    }
+    
+    private String saveDataSourceInfo(Long selectedDataSourceId, String caseTraceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException {
         
         String getImageDataSourceQuery = "select size from tsk_image_info where obj_id = " + selectedDataSourceId;
         SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getImageDataSourceQuery);
@@ -221,12 +271,12 @@ class ReportCaseUco implements GeneralReportModule {
         }
         
         if (isImageDataSource) {
-            // get path to image file
+            // get caseDirPath to image file
             String getPathToDataSourceQuery = "select name from tsk_image_names where obj_id = " + selectedDataSourceId;
             queryResult = skCase.executeQuery(getPathToDataSourceQuery);
             resultSet = queryResult.getResultSet();
             while (resultSet.next()) {
-                imageName = resultSet.getString(1); // ELTODO remove double slashes
+                imageName = resultSet.getString(1);
                 break;
             }
         } else {
@@ -240,10 +290,10 @@ class ReportCaseUco implements GeneralReportModule {
             }
         }
 
-        return saveDataSourceInCaseUcoFormat(jsonGenerator, imageName, imageSize, selectedDataSourceId);
+        return saveDataSourceInCaseUcoFormat(jsonGenerator, imageName, imageSize, selectedDataSourceId, caseTraceId);
     }
     
-    private String saveDataSourceInCaseUcoFormat(JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId) throws IOException {
+    private String saveDataSourceInCaseUcoFormat(JsonGenerator catalog, String imageName, Long imageSize, Long selectedDataSourceId, String caseTraceId) throws IOException {
         
         // create a "trace" entry for the data source
         String dataSourceTraceId = "data-source-"+selectedDataSourceId;
@@ -269,6 +319,25 @@ class ReportCaseUco implements GeneralReportModule {
         catalog.writeEndArray();
         catalog.writeEndObject();
         
+        // create a "relationship" entry between the case and the data source
+        catalog.writeStartObject();
+        catalog.writeStringField("@id", "relationship-" + caseTraceId);
+        catalog.writeStringField("@type", "Relationship");
+        catalog.writeStringField("source", dataSourceTraceId);
+        catalog.writeStringField("target", caseTraceId);
+        catalog.writeStringField("kindOfRelationshipe", "contained-within");
+        catalog.writeBooleanField("isDirectional", true);
+        
+        catalog.writeFieldName("propertyBundle");
+        catalog.writeStartArray();        
+        catalog.writeStartObject();
+        catalog.writeStringField("@type", "PathRelation");
+        catalog.writeStringField("path", imageName);
+        catalog.writeEndObject();
+        catalog.writeEndArray();
+        
+        catalog.writeEndObject();        
+        
         return dataSourceTraceId;
     }
 

From ba20b8366b37981580413e7b2d31f22876241605 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 8 Nov 2018 16:39:47 -0500
Subject: [PATCH 22/70] Resolved TODOs

---
 .../org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java  | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 8e095deb81..97c564274c 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -84,7 +84,7 @@ class ReportCaseUco implements GeneralReportModule {
         "ReportCaseUco.unableToCreateDirectories=Unable to create directory for CASE/UCO report",
         "ReportCaseUco.initializing=Creating directories...",
         "ReportCaseUco.querying=Querying files...",
-        "ReportCaseUco.ingestWarning=Warning, this report will be created before ingest services completed\\!",
+        "ReportCaseUco.ingestWarning=Warning, this report will be created before ingest services completed",
         "ReportCaseUco.processing=Saving files in CASE/UCO format..."
     })
     @Override
@@ -137,7 +137,6 @@ class ReportCaseUco implements GeneralReportModule {
         // Check if ingest has finished
         if (IngestManager.getInstance().isIngestRunning()) {
             MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning());
-            // ELTODO exit?
         }
 
         SleuthkitCase skCase = currentCase.getSleuthkitCase();

From 1257120c1d8c208c39ac1351f693dceedd38f5d7 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 8 Nov 2018 17:16:27 -0500
Subject: [PATCH 23/70] Properly closing database connection for single user
 cases

---
 .../sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 97c564274c..ddcd35eb93 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -165,7 +165,7 @@ class ReportCaseUco implements GeneralReportModule {
 
             SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery);
             ResultSet resultSet = queryResult.getResultSet();
-
+            
             progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
             
             // Loop files and write info to CASE/UCO report
@@ -188,6 +188,7 @@ class ReportCaseUco implements GeneralReportModule {
                 
                 saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
             }
+            queryResult.close();
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
@@ -268,6 +269,7 @@ class ReportCaseUco implements GeneralReportModule {
             isImageDataSource = true;
             break;
         }
+        queryResult.close();
         
         if (isImageDataSource) {
             // get caseDirPath to image file
@@ -278,6 +280,7 @@ class ReportCaseUco implements GeneralReportModule {
                 imageName = resultSet.getString(1);
                 break;
             }
+            queryResult.close();
         } else {
             // logical file data source
             String getLogicalDataSourceQuery = "select name from tsk_files where obj_id = " + selectedDataSourceId;
@@ -287,6 +290,7 @@ class ReportCaseUco implements GeneralReportModule {
                 imageName = resultSet.getString(1);
                 break;
             }
+            queryResult.close();
         }
 
         return saveDataSourceInCaseUcoFormat(jsonGenerator, imageName, imageSize, selectedDataSourceId, caseTraceId);

From c5b8b91c39371c0d87f4717488ac523c28113e2c Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 8 Nov 2018 17:26:27 -0500
Subject: [PATCH 24/70] Minor

---
 .../org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index ddcd35eb93..2a2aeef444 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -110,7 +110,7 @@ class ReportCaseUco implements GeneralReportModule {
         try {
             currentCase = Case.getCurrentCaseThrows();
         } catch (NoCurrentCaseException ex) {
-            logger.log(Level.SEVERE, "Exception while getting open case.", ex);
+            logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noCaseOpen());
             progressPanel.complete(ReportStatus.ERROR);
             return;
@@ -123,7 +123,7 @@ class ReportCaseUco implements GeneralReportModule {
               
         // Create the JSON generator
         JsonFactory jsonGeneratorFactory = new JsonFactory();
-        String reportPath = baseReportDir + getRelativeFilePath(); //NON-NLS
+        String reportPath = baseReportDir + getRelativeFilePath();
         java.io.File reportFile = Paths.get(reportPath).toFile();
         try {
             Files.createDirectories(Paths.get(reportFile.getParent()));

From 785b75677e816cac6f675f0a7727eaeeaef55a6f Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 8 Nov 2018 17:45:07 -0500
Subject: [PATCH 25/70] Using try-with-resources instead in couple of places

---
 .../modules/case_uco/ReportCaseUco.java       | 111 ++++++++----------
 1 file changed, 51 insertions(+), 60 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 2a2aeef444..b363d5c8a3 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -104,16 +104,6 @@ class ReportCaseUco implements GeneralReportModule {
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noDataSourceSelected());
             progressPanel.complete(ReportStatus.ERROR);
             return;
-        } 
-        
-        Case currentCase;
-        try {
-            currentCase = Case.getCurrentCaseThrows();
-        } catch (NoCurrentCaseException ex) {
-            logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
-            MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noCaseOpen());
-            progressPanel.complete(ReportStatus.ERROR);
-            return;
         }
         
         // Start the progress bar and setup the report
@@ -139,7 +129,6 @@ class ReportCaseUco implements GeneralReportModule {
             MessageNotifyUtil.Message.warn(Bundle.ReportCaseUco_ingestWarning());
         }
 
-        SleuthkitCase skCase = currentCase.getSleuthkitCase();
 
         JsonGenerator jsonGenerator = null;
         SimpleTimeZone timeZone = new SimpleTimeZone(0, "GMT");
@@ -148,6 +137,8 @@ class ReportCaseUco implements GeneralReportModule {
             // instert \n after each field for more readable formatting
             jsonGenerator.setPrettyPrinter(new DefaultPrettyPrinter().withObjectIndenter(new DefaultIndenter("  ", "\n")));
             
+            SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
+            
             progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
             
             // create CASE/UCO entry for the Autopsy case
@@ -162,33 +153,33 @@ class ReportCaseUco implements GeneralReportModule {
                     + " AND ((meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_UNDEF.getValue()
                     + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue()
                     + ") OR (meta_type = " + TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_VIRT.getValue() + "))"; //NON-NLS
-
-            SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery);
-            ResultSet resultSet = queryResult.getResultSet();
             
-            progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
-            
-            // Loop files and write info to CASE/UCO report
-            while (resultSet.next()) {
-
-                if (progressPanel.getStatus() == ReportStatus.CANCELED) {
-                    break;
+            try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getAllFilesQuery)) {
+                ResultSet resultSet = queryResult.getResultSet();
+                
+                progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
+                
+                // Loop files and write info to CASE/UCO report
+                while (resultSet.next()) {
+                    
+                    if (progressPanel.getStatus() == ReportStatus.CANCELED) {
+                        break;
+                    }
+                    
+                    Long objectId = resultSet.getLong(1);
+                    String fileName = resultSet.getString(2);
+                    long size = resultSet.getLong("size");
+                    String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
+                    String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
+                    String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
+                    String md5Hash = resultSet.getString("md5");
+                    String parent_path = resultSet.getString("parent_path");
+                    String mime_type = resultSet.getString("mime_type");
+                    String extension = resultSet.getString("extension");
+                    
+                    saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
                 }
-                
-                Long objectId = resultSet.getLong(1);
-                String fileName = resultSet.getString(2);
-                long size = resultSet.getLong("size");
-                String crtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("crtime"), timeZone);
-                String atime = ContentUtils.getStringTimeISO8601(resultSet.getLong("atime"), timeZone);
-                String mtime = ContentUtils.getStringTimeISO8601(resultSet.getLong("mtime"), timeZone);
-                String md5Hash = resultSet.getString("md5"); 
-                String parent_path = resultSet.getString("parent_path"); 
-                String mime_type = resultSet.getString("mime_type"); 
-                String extension = resultSet.getString("extension");
-                
-                saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
             }
-            queryResult.close();
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
@@ -255,42 +246,42 @@ class ReportCaseUco implements GeneralReportModule {
     }
     
     private String saveDataSourceInfo(Long selectedDataSourceId, String caseTraceId, SleuthkitCase skCase, JsonGenerator jsonGenerator) throws TskCoreException, SQLException, IOException {
-        
-        String getImageDataSourceQuery = "select size from tsk_image_info where obj_id = " + selectedDataSourceId;
-        SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getImageDataSourceQuery);
-        ResultSet resultSet = queryResult.getResultSet();
+            
         Long imageSize = (long) 0;
-        String imageName = "";
-        boolean isImageDataSource = false;
-        // check if we got a result
-        while (resultSet.next()) {
-            // we got a result so the data source was an image data source
-            imageSize = resultSet.getLong(1);
-            isImageDataSource = true;
-            break;
+        String imageName = "";        
+        boolean isImageDataSource = false;        
+        String getImageDataSourceQuery = "select size from tsk_image_info where obj_id = " + selectedDataSourceId;
+        try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getImageDataSourceQuery)) {
+            ResultSet resultSet = queryResult.getResultSet();
+            // check if we got a result
+            while (resultSet.next()) {
+                // we got a result so the data source was an image data source
+                imageSize = resultSet.getLong(1);
+                isImageDataSource = true;
+                break;
+            }
         }
-        queryResult.close();
         
         if (isImageDataSource) {
             // get caseDirPath to image file
             String getPathToDataSourceQuery = "select name from tsk_image_names where obj_id = " + selectedDataSourceId;
-            queryResult = skCase.executeQuery(getPathToDataSourceQuery);
-            resultSet = queryResult.getResultSet();
-            while (resultSet.next()) {
-                imageName = resultSet.getString(1);
-                break;
+            try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getPathToDataSourceQuery)) {
+                ResultSet resultSet = queryResult.getResultSet();
+                while (resultSet.next()) {
+                    imageName = resultSet.getString(1);
+                    break;
+                }
             }
-            queryResult.close();
         } else {
             // logical file data source
             String getLogicalDataSourceQuery = "select name from tsk_files where obj_id = " + selectedDataSourceId;
-            queryResult = skCase.executeQuery(getLogicalDataSourceQuery);
-            resultSet = queryResult.getResultSet();
-            while (resultSet.next()) {
-                imageName = resultSet.getString(1);
-                break;
+            try (SleuthkitCase.CaseDbQuery queryResult = skCase.executeQuery(getLogicalDataSourceQuery)) {
+                ResultSet resultSet = queryResult.getResultSet();
+                while (resultSet.next()) {
+                    imageName = resultSet.getString(1);
+                    break;
+                }
             }
-            queryResult.close();
         }
 
         return saveDataSourceInCaseUcoFormat(jsonGenerator, imageName, imageSize, selectedDataSourceId, caseTraceId);

From 0fc98a74873045e7a113092a61a46c87c57bcc59 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 9 Nov 2018 07:39:31 -0500
Subject: [PATCH 26/70] Adjusting UI text

---
 .../modules/e01verify/Bundle.properties       |  4 +--
 .../e01verify/E01VerifyIngestModule.java      | 35 ++++++++++++++-----
 2 files changed, 29 insertions(+), 10 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
index 445bbc0461..3323e64dec 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
@@ -1,5 +1,5 @@
 OpenIDE-Module-Name=ewfVerify
-EwfVerifyIngestModule.moduleName.text=E01 Verifier
+EwfVerifyIngestModule.moduleName.text=Image Integrity
 EwfVerifyIngestModule.moduleDesc.text=Validates the integrity of E01 files.
 EwfVerifyIngestModule.process.errProcImg=Error processing {0}
 EwfVerifyIngestModule.process.skipNonEwf=Skipping non-E01 image {0}
@@ -9,7 +9,7 @@ EwfVerifyIngestModule.process.errGetSizeOfImg=Error getting size of {0}. Image w
 EwfVerifyIngestModule.process.errReadImgAtChunk=Error reading {0} at chunk {1}
 EwfVerifyIngestModule.shutDown.verified=\ verified
 EwfVerifyIngestModule.shutDown.notVerified=\ not verified
-EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>EWF Verification Results for {0}</p>
+EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Image Verification Results for {0}</p>
 EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
 EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
 EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index ae6b64ff51..a41b4f4992 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -110,12 +110,17 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         "# {0} - hashName",
         "E01VerifyIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm",
         "# {0} - hashName",
-        "# {1} - hashValue",
-        "E01VerifyIngestModule.process.hashMatch={0} hash verified: {1} ",
+        "E01VerifyIngestModule.process.hashMatch=<li>{0} hash verified</li>",
         "# {0} - hashName",
-        "# {1} - calculatedHashValue",
-        "# {2} - storedHashValue",
-        "E01VerifyIngestModule.process.hashNonMatch={0} hash not verified - calculated hash: {1}  stored hash: {2}",
+        "E01VerifyIngestModule.process.hashNonMatch=<li>{0} hash not verified</li>",
+        "# {0} - calculatedHashValue",
+        "E01VerifyIngestModule.process.calculatedHash=<li>   Calculated hash: {0}</li>",
+        "# {0} - storedHashValue",
+        "E01VerifyIngestModule.process.storedHash=<li>   Stored hash: {0}</li>",
+        "E01VerifyIngestModule.process.listTest=<li>Level 1</li><ul><li>Level 2 a</li><li>Level 2b</li></ul><li> Level 1 again</li>",
+        "# {0} - calculatedHashValue",
+        "# {1} - storedHashValue",
+        "E01VerifyIngestModule.process.hashList=<ul><li>Calculated hash: {0}</li><li>Stored hash: {1}</li></ul>",
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -216,6 +221,16 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         int totalChunks = (int) Math.ceil((double) size / (double) chunkSize);
         logger.log(Level.INFO, "Total chunks = {0}", totalChunks); //NON-NLS
 
+        if (mode.equals(Mode.VERIFY)) {
+            logger.log(Level.INFO, "Starting hash verification of {0}", img.getName()); //NON-NLS
+        } else {
+            logger.log(Level.INFO, "Starting hash calculation for {0}", img.getName()); //NON-NLS
+        }
+        services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
+        NbBundle.getMessage(this.getClass(),
+                "EwfVerifyIngestModule.process.startingImg",
+                imgName)));
+        
         // Set up the progress bar
         statusHelper.switchToDeterminate(totalChunks);
         
@@ -265,12 +280,16 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             
             for (HashStruct struct:hashInfo) {
                 if (struct.storedHash.equals(struct.calculatedHash)) {
-                    hashResults += Bundle.E01VerifyIngestModule_process_hashMatch(struct.type.name, struct.storedHash);
+                    hashResults += Bundle.E01VerifyIngestModule_process_hashMatch(struct.type.name);
                 } else {
                     verified = false;
-                    hashResults += Bundle.E01VerifyIngestModule_process_hashNonMatch(struct.type.name, struct.calculatedHash, struct.storedHash);
+                    hashResults += Bundle.E01VerifyIngestModule_process_hashNonMatch(struct.type.name);
                 }
-                
+                hashResults += Bundle.E01VerifyIngestModule_process_hashList(struct.calculatedHash, struct.storedHash);
+                //hashResults += Bundle.E01VerifyIngestModule_process_hashList(struct.calculatedHash, struct.storedHash);
+                //hashResults += Bundle.E01VerifyIngestModule_process_calculatedHash(struct.calculatedHash);
+                //hashResults += Bundle.E01VerifyIngestModule_process_storedHash(struct.storedHash);
+                //hashResults += Bundle.E01VerifyIngestModule_process_listTest();
             }
             
             String verificationResultStr;

From 5ec9776d6bf79715aba53c57d92ab804dd6669d9 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Fri, 9 Nov 2018 08:32:02 -0500
Subject: [PATCH 27/70] Minor name changes

---
 .../modules/case_uco/Bundle.properties        |  6 ++--
 .../modules/case_uco/ReportCaseUco.java       | 28 +++++++++----------
 .../case_uco/ReportCaseUcoConfigPanel.java    |  2 +-
 3 files changed, 18 insertions(+), 18 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
index b49648b8f1..8c17dbd39f 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/Bundle.properties
@@ -1,4 +1,4 @@
 OpenIDE-Module-Name=CaseUcoModule
-ReportCaseUco.getName.text=CASE/UCO
-ReportCaseUco.getDesc.text=CASE/UCO format report with basic property fields for every file.
-ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=Select a data source for the CASE/UCO report
+ReportCaseUco.getName.text=CASE-UCO
+ReportCaseUco.getDesc.text=CASE-UCO format report with basic property fields for every file.
+ReportCaseUcoConfigPanel.jLabelSelectDataSource.text=Select a data source for the CASE-UCO report
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index b363d5c8a3..7e4971c338 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -48,7 +48,7 @@ import org.sleuthkit.autopsy.report.ReportProgressPanel.ReportStatus;
 import org.sleuthkit.datamodel.*;
 
 /**
- * ReportCaseUco generates a report in the CASE/UCO format. It saves basic
+ * ReportCaseUco generates a report in the CASE-UCO format. It saves basic
  file info like full caseDirPath, name, MIME type, times, and hash.
  */
 class ReportCaseUco implements GeneralReportModule {
@@ -72,27 +72,27 @@ class ReportCaseUco implements GeneralReportModule {
     }
 
     /**
-     * Generates a CASE/UCO format report.
+     * Generates a CASE-UCO format report.
      *
      * @param baseReportDir caseDirPath to save the report
      * @param progressPanel panel to update the report's progress
      */
     @NbBundle.Messages({
-        "ReportCaseUco.notInitialized=CASE/UCO settings panel has not been initialized",
-        "ReportCaseUco.noDataSourceSelected=No data source selected for CASE/UCO report",
+        "ReportCaseUco.notInitialized=CASE-UCO settings panel has not been initialized",
+        "ReportCaseUco.noDataSourceSelected=No data source selected for CASE-UCO report",
         "ReportCaseUco.noCaseOpen=Unable to open currect case",
-        "ReportCaseUco.unableToCreateDirectories=Unable to create directory for CASE/UCO report",
+        "ReportCaseUco.unableToCreateDirectories=Unable to create directory for CASE-UCO report",
         "ReportCaseUco.initializing=Creating directories...",
         "ReportCaseUco.querying=Querying files...",
         "ReportCaseUco.ingestWarning=Warning, this report will be created before ingest services completed",
-        "ReportCaseUco.processing=Saving files in CASE/UCO format..."
+        "ReportCaseUco.processing=Saving files in CASE-UCO format..."
     })
     @Override
     @SuppressWarnings("deprecation")
     public void generateReport(String baseReportDir, ReportProgressPanel progressPanel) {
 
         if (configPanel == null) {
-            logger.log(Level.SEVERE, "CASE/UCO settings panel has not been initialized"); //NON-NLS
+            logger.log(Level.SEVERE, "CASE-UCO settings panel has not been initialized"); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_notInitialized());
             progressPanel.complete(ReportStatus.ERROR);
             return;            
@@ -100,7 +100,7 @@ class ReportCaseUco implements GeneralReportModule {
         
         Long selectedDataSourceId = configPanel.getSelectedDataSourceId();
         if (selectedDataSourceId == ReportCaseUcoConfigPanel.NO_DATA_SOURCE_SELECTED) {
-            logger.log(Level.SEVERE, "No data source selected for CASE/UCO report"); //NON-NLS
+            logger.log(Level.SEVERE, "No data source selected for CASE-UCO report"); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_noDataSourceSelected());
             progressPanel.complete(ReportStatus.ERROR);
             return;
@@ -118,7 +118,7 @@ class ReportCaseUco implements GeneralReportModule {
         try {
             Files.createDirectories(Paths.get(reportFile.getParent()));
         } catch (IOException ex) {
-            logger.log(Level.SEVERE, "Unable to create directory for CASE/UCO report", ex); //NON-NLS
+            logger.log(Level.SEVERE, "Unable to create directory for CASE-UCO report", ex); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_unableToCreateDirectories());
             progressPanel.complete(ReportStatus.ERROR);
             return;
@@ -141,10 +141,10 @@ class ReportCaseUco implements GeneralReportModule {
             
             progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
             
-            // create CASE/UCO entry for the Autopsy case
+            // create CASE-UCO entry for the Autopsy case
             String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
             
-            // create CASE/UCO data source entry
+            // create CASE-UCO data source entry
             String dataSourceTraceId = saveDataSourceInfo(selectedDataSourceId, caseTraceId, skCase, jsonGenerator);
             
             // Run getAllFilesQuery to get all files, exclude directories
@@ -159,7 +159,7 @@ class ReportCaseUco implements GeneralReportModule {
                 
                 progressPanel.updateStatusLabel(Bundle.ReportCaseUco_processing());
                 
-                // Loop files and write info to CASE/UCO report
+                // Loop files and write info to CASE-UCO report
                 while (resultSet.next()) {
                     
                     if (progressPanel.getStatus() == ReportStatus.CANCELED) {
@@ -185,7 +185,7 @@ class ReportCaseUco implements GeneralReportModule {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
             progressPanel.complete(ReportStatus.ERROR);
         } catch (IOException ex) {
-            logger.log(Level.SEVERE, "Failed to create JSON output for the CASE/UCO report", ex); //NON-NLS
+            logger.log(Level.SEVERE, "Failed to create JSON output for the CASE-UCO report", ex); //NON-NLS
             progressPanel.complete(ReportStatus.ERROR);
         } catch (SQLException ex) {
             logger.log(Level.WARNING, "Unable to read result set", ex); //NON-NLS
@@ -432,7 +432,7 @@ class ReportCaseUco implements GeneralReportModule {
         try {
             configPanel = new ReportCaseUcoConfigPanel();
         } catch (NoCurrentCaseException | TskCoreException | SQLException ex) {
-            logger.log(Level.SEVERE, "Failed to initialize CASE/UCO settings panel", ex); //NON-NLS
+            logger.log(Level.SEVERE, "Failed to initialize CASE-UCO settings panel", ex); //NON-NLS
             MessageNotifyUtil.Message.error(Bundle.ReportCaseUco_notInitialized());
             configPanel = null;
         }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
index 72e560994c..4ed5a8f624 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUcoConfigPanel.java
@@ -29,7 +29,7 @@ import org.sleuthkit.autopsy.guiutils.DataSourceComboBoxModel;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
- * UI controls for CASE/UCO report. It is a panel which provides the
+ * UI controls for CASE-UCO report. It is a panel which provides the
  * ability to select a single datasource from a dropdown list
  * of sources in the current case.
  */

From 9c3ab9089542c249eccfa3d1f3c8742d2860bcfd Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 9 Nov 2018 12:53:55 -0500
Subject: [PATCH 28/70] Can now save computed hashes.

---
 .../e01verify/E01VerifyIngestModule.java      | 259 ++++++------------
 1 file changed, 85 insertions(+), 174 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index a41b4f4992..e2cdae806b 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -1,7 +1,7 @@
 /*
  * Autopsy Forensic Browser
  *
- * Copyright 2013-2014 Basis Technology Corp.
+ * Copyright 2013-2018 Basis Technology Corp.
  * Contact: carrier <at> sleuthkit <dot> org
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -24,7 +24,6 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
 import javax.xml.bind.DatatypeConverter;
-//import org.python.bouncycastle.util.Arrays;
 import java.util.Arrays;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.ingest.DataSourceIngestModule;
@@ -36,7 +35,6 @@ import org.sleuthkit.autopsy.ingest.IngestServices;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.TskCoreException;
-import org.sleuthkit.datamodel.TskData;
 import org.openide.util.NbBundle;
 
 /**
@@ -56,12 +54,8 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
     private final boolean computeHashes;
     private final boolean verifyHashes;
     
-    //private final List<MessageDigest> messageDigests = new ArrayList<>();
-    private final List<HashStruct> hashInfo = new ArrayList<>();
+    private final List<HashData> hashDataList = new ArrayList<>();
     
-    private boolean verified = false;
-    private String calculatedHash = "";
-    private String storedHash = "";
     private IngestJobContext context;
     
     E01VerifyIngestModule(IngestSettings settings) {
@@ -75,9 +69,6 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
     @Override
     public void startUp(IngestJobContext context) throws IngestModuleException {
         this.context = context;
-        verified = false;
-        storedHash = "";
-        calculatedHash = "";
         
         // It's an error if the module is run without either option selected
         if (!(computeHashes || verifyHashes)) {
@@ -85,23 +76,6 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         }
     }
     
-    // MOVE AND RENAME THIS
-    private class HashStruct {
-        HashType type;
-        MessageDigest digest;
-        String storedHash;
-        String calculatedHash;
-        
-        HashStruct(HashType type, String storedHash) {
-            this.type = type;
-            this.storedHash = storedHash;
-        }
-        
-        void setMessageDigest(MessageDigest digest) {
-            this.digest = digest;
-        }
-    }
-    
     @NbBundle.Messages({
         "# {0} - imageName",
         "E01VerifyIngestModule.process.skipCompute=Not computing new hashes for {0} since the option was disabled",
@@ -114,13 +88,16 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         "# {0} - hashName",
         "E01VerifyIngestModule.process.hashNonMatch=<li>{0} hash not verified</li>",
         "# {0} - calculatedHashValue",
-        "E01VerifyIngestModule.process.calculatedHash=<li>   Calculated hash: {0}</li>",
-        "# {0} - storedHashValue",
-        "E01VerifyIngestModule.process.storedHash=<li>   Stored hash: {0}</li>",
-        "E01VerifyIngestModule.process.listTest=<li>Level 1</li><ul><li>Level 2 a</li><li>Level 2b</li></ul><li> Level 1 again</li>",
-        "# {0} - calculatedHashValue",
         "# {1} - storedHashValue",
         "E01VerifyIngestModule.process.hashList=<ul><li>Calculated hash: {0}</li><li>Stored hash: {1}</li></ul>",
+        "# {0} - hashName",
+        "# {1} - calculatedHashValue",
+        "E01VerifyIngestModule.process.calcHashWithType=<li>Calculated {0} hash: {1}</li>",
+        "# {0} - imageName",
+        "E01VerifyIngestModule.process.calculateHashDone=<p>Image Hash Calculation Results for {0}</p>", 
+        "E01VerifyIngestModule.process.hashesCalculated= hashes calculated", 
+        "# {0} - imageName",
+        "E01VerifyIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -152,24 +129,19 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         // - Otherwise we'll calculate and store all three hashes (assuming the compute checkbox is selected)
         
         // First get a list of all stored hash types
-        //List<HashType> hashesToCalculate = new ArrayList<>();
         if (img.getMd5() != null && ! img.getMd5().isEmpty()) {
-            //hashesToCalculate.add(HashType.MD5);
-            hashInfo.add(new HashStruct(HashType.MD5, img.getMd5()));
+            hashDataList.add(new HashData(HashType.MD5, img.getMd5()));
         }
         if (img.getSha1() != null && ! img.getSha1().isEmpty()) {
-            //hashesToCalculate.add(HashType.SHA1);
-            hashInfo.add(new HashStruct(HashType.SHA1, img.getSha1()));
+            hashDataList.add(new HashData(HashType.SHA1, img.getSha1()));
         }
         if (img.getSha256() != null && ! img.getSha256().isEmpty()) {
-            //hashesToCalculate.add(HashType.SHA256);
-            hashInfo.add(new HashStruct(HashType.SHA256, img.getSha256()));
+            hashDataList.add(new HashData(HashType.SHA256, img.getSha256()));
         }
         
         // Figure out which mode we should be in
         Mode mode;
-        //if (hashesToCalculate.isEmpty()) {
-        if (hashInfo.isEmpty()) {
+        if (hashDataList.isEmpty()) {
             mode = Mode.COMPUTE;
         } else {
             mode = Mode.VERIFY;
@@ -191,20 +163,17 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         // If we're in compute mode (i.e., the hash list is empty), add all hash algorithms
         // to the list.
         if (mode.equals(Mode.COMPUTE)) {
-            //hashesToCalculate.addAll(Arrays.asList(HashType.values()));
             for(HashType type : HashType.values()) {
-                hashInfo.add(new HashStruct(type, ""));
+                hashDataList.add(new HashData(type, ""));
             }
         }
         
         // Set up the digests
-        //for (HashType hashType:hashesToCalculate) {
-        for (HashStruct struct:hashInfo) {
+        for (HashData hashData:hashDataList) {
             try {
-                //messageDigests.add(MessageDigest.getInstance(hashType.getName())); //NON-NLS
-                struct.setMessageDigest(MessageDigest.getInstance(struct.type.getName()));
+                hashData.digest = MessageDigest.getInstance(hashData.type.getName());
             } catch (NoSuchAlgorithmException ex) {
-                String msg = Bundle.E01VerifyIngestModule_process_hashAlgorithmError(struct.type.getName());
+                String msg = Bundle.E01VerifyIngestModule_process_hashAlgorithmError(hashData.type.getName());
                 services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, msg, ex);
                 return ProcessResult.ERROR;
@@ -253,12 +222,12 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
 
             // Only update with the read bytes.
             if (read == chunkSize) {
-                for (HashStruct struct:hashInfo) {
+                for (HashData struct:hashDataList) {
                     struct.digest.update(data);
                 }
             } else {
                 byte[] subData = Arrays.copyOfRange(data, 0, read);
-                for (HashStruct struct:hashInfo) {
+                for (HashData struct:hashDataList) {
                     struct.digest.update(subData);
                 }
             }
@@ -266,9 +235,9 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         }
         
         // Produce the final hashes
-        for(HashStruct struct:hashInfo) {
-            struct.calculatedHash = DatatypeConverter.printHexBinary(struct.digest.digest()).toLowerCase();
-            logger.log(Level.INFO, "Hash calculated from {0}: {1}", new Object[]{imgName, struct.calculatedHash}); //NON-NLS
+        for(HashData hashData:hashDataList) {
+            hashData.calculatedHash = DatatypeConverter.printHexBinary(hashData.digest.digest()).toLowerCase();
+            logger.log(Level.INFO, "Hash calculated from {0}: {1}", new Object[]{imgName, hashData.calculatedHash}); //NON-NLS
         }
         
         if (mode.equals(Mode.VERIFY)) {
@@ -278,157 +247,84 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
                 .getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verifyResultsHeader", imgName);
             String hashResults = "";
             
-            for (HashStruct struct:hashInfo) {
-                if (struct.storedHash.equals(struct.calculatedHash)) {
-                    hashResults += Bundle.E01VerifyIngestModule_process_hashMatch(struct.type.name);
+            for (HashData hashData:hashDataList) {
+                if (hashData.storedHash.equals(hashData.calculatedHash)) {
+                    hashResults += Bundle.E01VerifyIngestModule_process_hashMatch(hashData.type.name);
                 } else {
                     verified = false;
-                    hashResults += Bundle.E01VerifyIngestModule_process_hashNonMatch(struct.type.name);
+                    hashResults += Bundle.E01VerifyIngestModule_process_hashNonMatch(hashData.type.name);
                 }
-                hashResults += Bundle.E01VerifyIngestModule_process_hashList(struct.calculatedHash, struct.storedHash);
-                //hashResults += Bundle.E01VerifyIngestModule_process_hashList(struct.calculatedHash, struct.storedHash);
-                //hashResults += Bundle.E01VerifyIngestModule_process_calculatedHash(struct.calculatedHash);
-                //hashResults += Bundle.E01VerifyIngestModule_process_storedHash(struct.storedHash);
-                //hashResults += Bundle.E01VerifyIngestModule_process_listTest();
+                hashResults += Bundle.E01VerifyIngestModule_process_hashList(hashData.calculatedHash, hashData.storedHash);
             }
             
             String verificationResultStr;
+            MessageType messageType;
             if (verified) {
+                messageType = MessageType.INFO;
                 verificationResultStr = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verified");
             } else {
+                messageType = MessageType.WARNING;
                 verificationResultStr = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.notVerified");
             }
             
             detailedResults += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.resultLi", verificationResultStr);
             detailedResults += hashResults;
 
-            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(), imgName + verificationResultStr, detailedResults));
+            services.postMessage(IngestMessage.createMessage(messageType, E01VerifierModuleFactory.getModuleName(), 
+                    imgName + verificationResultStr, detailedResults));
         
         } else {
-            // Store the hashes in the database
-            // TO DO
-        }
-        
-        return ProcessResult.OK;
-    }
-
-    public ProcessResult process2(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
-        String imgName = dataSource.getName();
-
-        // Skip non-images
-        if (!(dataSource instanceof Image)) {
-            logger.log(Level.INFO, "Skipping non-image {0}", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
-                    NbBundle.getMessage(this.getClass(),
-                            "EwfVerifyIngestModule.process.skipNonEwf",
-                            imgName)));
-            return ProcessResult.OK;
-        }
-        Image img = (Image) dataSource;
-
-        // Skip images that are not E01
-        if (img.getType() != TskData.TSK_IMG_TYPE_ENUM.TSK_IMG_TYPE_EWF_EWF) {
-            logger.log(Level.INFO, "Skipping non-ewf image {0}", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
-                    NbBundle.getMessage(this.getClass(),
-                            "EwfVerifyIngestModule.process.skipNonEwf",
-                            imgName)));
-            return ProcessResult.OK;
-        }
-
-        // Report an error for null or empty MD5
-        if ((img.getMd5() == null) || img.getMd5().isEmpty()) {
-            services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(),
-                    NbBundle.getMessage(this.getClass(),
-                            "EwfVerifyIngestModule.process.noStoredHash",
-                            imgName)));
-            return ProcessResult.ERROR;
-        }
-
-        storedHash = img.getMd5().toLowerCase();
-        logger.log(Level.INFO, "Hash value stored in {0}: {1}", new Object[]{imgName, storedHash}); //NON-NLS
-
-        logger.log(Level.INFO, "Starting hash verification of {0}", img.getName()); //NON-NLS
-        services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
-                NbBundle.getMessage(this.getClass(),
-                        "EwfVerifyIngestModule.process.startingImg",
-                        imgName)));
-
-        long size = img.getSize();
-        if (size == 0) {
-            logger.log(Level.WARNING, "Size of image {0} was 0 when queried.", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(),
-                    NbBundle.getMessage(this.getClass(),
-                            "EwfVerifyIngestModule.process.errGetSizeOfImg",
-                            imgName)));
-        }
-
-        // Libewf uses a sector size of 64 times the sector size, which is the
-        // motivation for using it here.
-        long chunkSize = 64 * img.getSsize();
-        chunkSize = (chunkSize == 0) ? DEFAULT_CHUNK_SIZE : chunkSize;
-
-        // Casting to double to capture decimals
-        int totalChunks = (int) Math.ceil((double) size / (double) chunkSize);
-        logger.log(Level.INFO, "Total chunks = {0}", totalChunks); //NON-NLS
-        int read;
-
-        byte[] data = new byte[(int) chunkSize];
-        statusHelper.switchToDeterminate(totalChunks);
-
-        // Read in byte size chunks and update the hash value with the data.
-        for (int i = 0; i < totalChunks; i++) {
-            if (context.dataSourceIngestIsCancelled()) {
-                return ProcessResult.OK;
-            }
+            // Store the hashes in the database and update the image
             try {
-                read = img.read(data, i * chunkSize, chunkSize);
+                String results = Bundle.E01VerifyIngestModule_process_calculateHashDone(imgName);
+                
+                for (HashData hashData:hashDataList) {
+                    switch (hashData.type) {
+                        case MD5:
+                            img.setMD5(hashData.calculatedHash);
+                            break;
+                        case SHA1:
+                            img.setSha1(hashData.calculatedHash);
+                            break; 
+                        case SHA256:
+                            img.setSha256(hashData.calculatedHash);
+                            break;
+                        default:
+                            break;
+                    }
+                    results += Bundle.E01VerifyIngestModule_process_calcHashWithType(hashData.type.name, hashData.calculatedHash);
+                }
+                
+                // Write the inbox message
+                services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(), 
+                        imgName + Bundle.E01VerifyIngestModule_process_hashesCalculated(), results));
+                
+                //
+                // TODO Send event to update UI
+                //
             } catch (TskCoreException ex) {
-                String msg = NbBundle.getMessage(this.getClass(),
-                        "EwfVerifyIngestModule.process.errReadImgAtChunk", imgName, i);
+                String msg = Bundle.E01VerifyIngestModule_process_errorSavingHashes(imgName);
                 services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
-                logger.log(Level.SEVERE, msg, ex);
+                logger.log(Level.SEVERE, "Error saving hash for image " + imgName + " to database", ex);
                 return ProcessResult.ERROR;
             }
-
-            // Only update with the read bytes.
-            if (read == chunkSize) {
-                //messageDigest.update(data);
-            } else {
-                byte[] subData = Arrays.copyOfRange(data, 0, read);
-                //messageDigest.update(subData);
-            }
-            statusHelper.progress(i);
         }
-
-        // Finish generating the hash and get it as a string value
-        //calculatedHash = DatatypeConverter.printHexBinary(messageDigest.digest()).toLowerCase();
-        verified = calculatedHash.equals(storedHash);
-        logger.log(Level.INFO, "Hash calculated from {0}: {1}", new Object[]{imgName, calculatedHash}); //NON-NLS
-
-        logger.log(Level.INFO, "complete() {0}", E01VerifierModuleFactory.getModuleName()); //NON-NLS
-        String msg;
-        if (verified) {
-            msg = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verified");
-        } else {
-            msg = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.notVerified");
-        }
-        String extra = NbBundle
-                .getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verifyResultsHeader", imgName);
-        extra += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.resultLi", msg);
-        extra += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.calcHashLi", calculatedHash);
-        extra += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.storedHashLi", storedHash);
-        services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(), imgName + msg, extra));
-        logger.log(Level.INFO, "{0}{1}", new Object[]{imgName, msg});
-
+        
         return ProcessResult.OK;
     }
     
+    /**
+     * Enum to track whether we're in computer or verify mode
+     */
     private enum Mode {
         COMPUTE,
         VERIFY;
     }
     
+    /**
+     * Enum to hold the type of hash.
+     * The value in the "name" field should be compatible with MessageDigest
+     */
     private enum HashType {
         MD5("MD5"), 
         SHA1("SHA-1"),
@@ -444,4 +340,19 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             return name;
         }
     }
+    
+    /**
+     * Utility class to hold data for a specific hash algorithm.
+     */
+    private class HashData {
+        private HashType type;
+        private MessageDigest digest;
+        private String storedHash;
+        private String calculatedHash;
+        
+        HashData(HashType type, String storedHash) {
+            this.type = type;
+            this.storedHash = storedHash;
+        }
+    }
 }

From 837e49d54153079824f42bcfd080af59bc130200 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Wed, 21 Nov 2018 11:33:39 -0500
Subject: [PATCH 29/70] Added setting to limit number of results displayed.

---
 .../autopsy/core/UserPreferences.java         |  18 ++
 .../corecomponents/ViewPreferencesPanel.form  |  59 +++---
 .../corecomponents/ViewPreferencesPanel.java  |  72 ++++----
 .../deletedFiles/DeletedFilePreferences.java  | 171 ------------------
 .../DirectoryTreeTopComponent.java            |   1 +
 5 files changed, 87 insertions(+), 234 deletions(-)
 delete mode 100644 Core/src/org/sleuthkit/autopsy/deletedFiles/DeletedFilePreferences.java

diff --git a/Core/src/org/sleuthkit/autopsy/core/UserPreferences.java b/Core/src/org/sleuthkit/autopsy/core/UserPreferences.java
index 2be9a9b447..e10a650974 100644
--- a/Core/src/org/sleuthkit/autopsy/core/UserPreferences.java
+++ b/Core/src/org/sleuthkit/autopsy/core/UserPreferences.java
@@ -75,6 +75,8 @@ public final class UserPreferences {
     public static final String SHOW_ONLY_CURRENT_USER_TAGS = "ShowOnlyCurrentUserTags";
     public static final String HIDE_CENTRAL_REPO_COMMENTS_AND_OCCURRENCES = "HideCentralRepoCommentsAndOccurrences";
     public static final String DISPLAY_TRANSLATED_NAMES = "DisplayTranslatedNames";
+    public static final String MAXIMUM_NUMBER_OF_RESULTS = "MaximumNumberOfResults";
+    private static final int DEFAULT_MAX_RESULTS = 20000;
     
     // Prevent instantiation.
     private UserPreferences() {
@@ -471,4 +473,20 @@ public final class UserPreferences {
     public static void setLogFileCount(int count) {
         preferences.putInt(MAX_NUM_OF_LOG_FILE, count);
     }
+    
+    /**
+     * Set the maximum number of result rows to show in data result tables.
+     * @param max 
+     */
+    public static void setMaximumNumberOfResults(int max) {
+        preferences.putInt(MAXIMUM_NUMBER_OF_RESULTS, max);
+    }
+    
+    /**
+     * Get the maximum number of result rows to show in data result tables.
+     * @return 
+     */
+    public static int getMaximumNumberOfResults() {
+        return preferences.getInt(MAXIMUM_NUMBER_OF_RESULTS, DEFAULT_MAX_RESULTS);
+    }
 }
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.form b/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.form
index 1f9dfc4ceb..fbbfe38b3c 100755
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.form
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.form
@@ -1,6 +1,6 @@
 <?xml version="1.0" encoding="UTF-8" ?>
 
-<Form version="1.4" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
+<Form version="1.5" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
   <AuxValues>
     <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
     <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
@@ -21,7 +21,7 @@
     </DimensionLayout>
     <DimensionLayout dim="1">
       <Group type="103" groupAlignment="0" attributes="0">
-          <Component id="viewPreferencesScrollPane" alignment="0" max="32767" attributes="0"/>
+          <Component id="viewPreferencesScrollPane" alignment="0" pref="528" max="32767" attributes="0"/>
       </Group>
     </DimensionLayout>
   </Layout>
@@ -87,9 +87,13 @@
               <Layout>
                 <DimensionLayout dim="0">
                   <Group type="103" groupAlignment="0" attributes="0">
-                      <Group type="102" attributes="0">
+                      <Group type="102" alignment="0" attributes="0">
                           <EmptySpace max="-2" attributes="0"/>
                           <Group type="103" groupAlignment="0" attributes="0">
+                              <Group type="102" attributes="0">
+                                  <EmptySpace min="10" pref="10" max="-2" attributes="0"/>
+                                  <Component id="hideOtherUsersTagsCheckbox" min="-2" max="-2" attributes="0"/>
+                              </Group>
                               <Group type="102" alignment="0" attributes="0">
                                   <Component id="centralRepoLabel" min="-2" max="-2" attributes="0"/>
                                   <EmptySpace min="-2" pref="135" max="-2" attributes="0"/>
@@ -144,16 +148,13 @@
                                       </Group>
                                   </Group>
                               </Group>
-                              <Component id="deletedFilesLimitLabel" min="-2" pref="215" max="-2" attributes="0"/>
-                              <Group type="102" attributes="0">
-                                  <EmptySpace min="10" pref="10" max="-2" attributes="0"/>
-                                  <Group type="103" groupAlignment="0" attributes="0">
-                                      <Component id="hideOtherUsersTagsCheckbox" min="-2" max="-2" attributes="0"/>
-                                      <Component id="deletedFilesLimitCheckbox" pref="567" max="32767" attributes="0"/>
-                                  </Group>
+                              <Group type="102" alignment="0" attributes="0">
+                                  <Component id="maximumResultsLabel" min="-2" max="-2" attributes="0"/>
+                                  <EmptySpace max="-2" attributes="0"/>
+                                  <Component id="maximumResultsSpinner" min="-2" pref="70" max="-2" attributes="0"/>
                               </Group>
                           </Group>
-                          <EmptySpace max="-2" attributes="0"/>
+                          <EmptySpace max="32767" attributes="0"/>
                       </Group>
                   </Group>
                 </DimensionLayout>
@@ -184,8 +185,11 @@
                                   <Component id="commentsOccurencesColumnsCheckbox" min="-2" pref="18" max="-2" attributes="0"/>
                                   <EmptySpace max="-2" attributes="0"/>
                                   <Component id="commentsOccurencesColumnWrapAroundText" min="-2" max="-2" attributes="0"/>
-                                  <EmptySpace min="-2" pref="11" max="-2" attributes="0"/>
-                                  <Component id="deletedFilesLimitLabel" min="-2" max="-2" attributes="0"/>
+                                  <EmptySpace min="-2" pref="6" max="-2" attributes="0"/>
+                                  <Group type="103" groupAlignment="3" attributes="0">
+                                      <Component id="maximumResultsLabel" alignment="3" min="-2" max="-2" attributes="0"/>
+                                      <Component id="maximumResultsSpinner" alignment="3" min="-2" max="-2" attributes="0"/>
+                                  </Group>
                               </Group>
                               <Group type="102" alignment="0" attributes="0">
                                   <Component id="selectFileLabel" min="-2" max="-2" attributes="0"/>
@@ -207,9 +211,7 @@
                                   <Component id="translateNamesInTableRadioButton" min="-2" max="-2" attributes="0"/>
                               </Group>
                           </Group>
-                          <EmptySpace max="-2" attributes="0"/>
-                          <Component id="deletedFilesLimitCheckbox" min="-2" pref="26" max="-2" attributes="0"/>
-                          <EmptySpace pref="8" max="32767" attributes="0"/>
+                          <EmptySpace max="32767" attributes="0"/>
                       </Group>
                   </Group>
                 </DimensionLayout>
@@ -364,20 +366,13 @@
                     <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="commentsOccurencesColumnsCheckboxActionPerformed"/>
                   </Events>
                 </Component>
-                <Component class="javax.swing.JCheckBox" name="deletedFilesLimitCheckbox">
+                <Component class="javax.swing.JLabel" name="maximumResultsLabel">
                   <Properties>
                     <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
-                      <ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="ViewPreferencesPanel.deletedFilesLimitCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+                      <ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="ViewPreferencesPanel.maximumResultsLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
                     </Property>
-                  </Properties>
-                  <Events>
-                    <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="deletedFilesLimitCheckboxActionPerformed"/>
-                  </Events>
-                </Component>
-                <Component class="javax.swing.JLabel" name="deletedFilesLimitLabel">
-                  <Properties>
-                    <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
-                      <ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="ViewPreferencesPanel.deletedFilesLimitLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+                    <Property name="toolTipText" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+                      <ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="ViewPreferencesPanel.maximumResultsLabel.toolTipText" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
                     </Property>
                   </Properties>
                 </Component>
@@ -427,6 +422,16 @@
                     <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="translateNamesInTableRadioButtonActionPerformed"/>
                   </Events>
                 </Component>
+                <Component class="javax.swing.JSpinner" name="maximumResultsSpinner">
+                  <Properties>
+                    <Property name="model" type="javax.swing.SpinnerModel" editor="org.netbeans.modules.form.editors2.SpinnerModelEditor">
+                      <SpinnerModel initial="20000" maximum="100000" minimum="0" numberType="java.lang.Integer" stepSize="10000" type="number"/>
+                    </Property>
+                  </Properties>
+                  <Events>
+                    <EventHandler event="stateChanged" listener="javax.swing.event.ChangeListener" parameters="javax.swing.event.ChangeEvent" handler="maximumResultsSpinnerStateChanged"/>
+                  </Events>
+                </Component>
               </SubComponents>
             </Container>
             <Container class="javax.swing.JPanel" name="currentCaseSettingsPanel">
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.java b/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.java
index 5678b0f7cb..03df39c680 100755
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/ViewPreferencesPanel.java
@@ -27,7 +27,6 @@ import org.sleuthkit.autopsy.casemodule.CasePreferences;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbUtil;
 import org.sleuthkit.autopsy.core.UserPreferences;
 import org.sleuthkit.autopsy.coreutils.TimeZoneUtils;
-import org.sleuthkit.autopsy.deletedFiles.DeletedFilePreferences;
 import org.sleuthkit.autopsy.directorytree.DirectoryTreeTopComponent;
 import org.sleuthkit.autopsy.texttranslation.TextTranslationService;
 
@@ -74,7 +73,7 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
         commentsOccurencesColumnWrapAroundText.setEnabled(EamDbUtil.useCentralRepo());
         commentsOccurencesColumnsCheckbox.setSelected(UserPreferences.hideCentralRepoCommentsAndOccurrences());
 
-        deletedFilesLimitCheckbox.setSelected(DeletedFilePreferences.getDefault().getShouldLimitDeletedFiles());
+        maximumResultsSpinner.setValue(UserPreferences.getMaximumNumberOfResults());
         translateNamesInTableRadioButton.setSelected(UserPreferences.displayTranslatedFileNames());
         
         TextTranslationService tts = TextTranslationService.getInstance();
@@ -106,12 +105,11 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
         UserPreferences.setShowOnlyCurrentUserTags(hideOtherUsersTagsCheckbox.isSelected());
         UserPreferences.setHideCentralRepoCommentsAndOccurrences(commentsOccurencesColumnsCheckbox.isSelected());
         UserPreferences.setDisplayTranslatedFileNames(translateNamesInTableRadioButton.isSelected());
+        UserPreferences.setMaximumNumberOfResults((Integer)maximumResultsSpinner.getValue());
 
         storeGroupItemsInTreeByDataSource();
 
         DirectoryTreeTopComponent.getDefault().setShowRejectedResults(hideRejectedResultsCheckbox.isSelected() == false);
-
-        DeletedFilePreferences.getDefault().setShouldLimitDeletedFiles(deletedFilesLimitCheckbox.isSelected());
     }
 
     /**
@@ -156,13 +154,13 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
         hideOtherUsersTagsLabel = new javax.swing.JLabel();
         centralRepoLabel = new javax.swing.JLabel();
         commentsOccurencesColumnsCheckbox = new javax.swing.JCheckBox();
-        deletedFilesLimitCheckbox = new javax.swing.JCheckBox();
-        deletedFilesLimitLabel = new javax.swing.JLabel();
+        maximumResultsLabel = new javax.swing.JLabel();
         jScrollPane1 = new javax.swing.JScrollPane();
         timeZoneList = new javax.swing.JList<>();
         translateTextLabel = new javax.swing.JLabel();
         commentsOccurencesColumnWrapAroundText = new javax.swing.JLabel();
         translateNamesInTableRadioButton = new javax.swing.JRadioButton();
+        maximumResultsSpinner = new javax.swing.JSpinner();
         currentCaseSettingsPanel = new javax.swing.JPanel();
         groupByDataSourceCheckbox = new javax.swing.JCheckBox();
         currentSessionSettingsPanel = new javax.swing.JPanel();
@@ -260,14 +258,8 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
             }
         });
 
-        org.openide.awt.Mnemonics.setLocalizedText(deletedFilesLimitCheckbox, org.openide.util.NbBundle.getMessage(ViewPreferencesPanel.class, "ViewPreferencesPanel.deletedFilesLimitCheckbox.text")); // NOI18N
-        deletedFilesLimitCheckbox.addActionListener(new java.awt.event.ActionListener() {
-            public void actionPerformed(java.awt.event.ActionEvent evt) {
-                deletedFilesLimitCheckboxActionPerformed(evt);
-            }
-        });
-
-        org.openide.awt.Mnemonics.setLocalizedText(deletedFilesLimitLabel, org.openide.util.NbBundle.getMessage(ViewPreferencesPanel.class, "ViewPreferencesPanel.deletedFilesLimitLabel.text")); // NOI18N
+        org.openide.awt.Mnemonics.setLocalizedText(maximumResultsLabel, org.openide.util.NbBundle.getMessage(ViewPreferencesPanel.class, "ViewPreferencesPanel.maximumResultsLabel.text")); // NOI18N
+        maximumResultsLabel.setToolTipText(org.openide.util.NbBundle.getMessage(ViewPreferencesPanel.class, "ViewPreferencesPanel.maximumResultsLabel.toolTipText")); // NOI18N
 
         timeZoneList.addListSelectionListener(new javax.swing.event.ListSelectionListener() {
             public void valueChanged(javax.swing.event.ListSelectionEvent evt) {
@@ -287,6 +279,13 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
             }
         });
 
+        maximumResultsSpinner.setModel(new javax.swing.SpinnerNumberModel(20000, 0, 100000, 10000));
+        maximumResultsSpinner.addChangeListener(new javax.swing.event.ChangeListener() {
+            public void stateChanged(javax.swing.event.ChangeEvent evt) {
+                maximumResultsSpinnerStateChanged(evt);
+            }
+        });
+
         javax.swing.GroupLayout globalSettingsPanelLayout = new javax.swing.GroupLayout(globalSettingsPanel);
         globalSettingsPanel.setLayout(globalSettingsPanelLayout);
         globalSettingsPanelLayout.setHorizontalGroup(
@@ -294,6 +293,9 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
             .addGroup(globalSettingsPanelLayout.createSequentialGroup()
                 .addContainerGap()
                 .addGroup(globalSettingsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                    .addGroup(globalSettingsPanelLayout.createSequentialGroup()
+                        .addGap(10, 10, 10)
+                        .addComponent(hideOtherUsersTagsCheckbox))
                     .addGroup(globalSettingsPanelLayout.createSequentialGroup()
                         .addComponent(centralRepoLabel)
                         .addGap(135, 135, 135)
@@ -334,13 +336,11 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
                                     .addComponent(useLocalTimeRadioButton)
                                     .addComponent(useAnotherTimeRadioButton)
                                     .addComponent(translateNamesInTableRadioButton)))))
-                    .addComponent(deletedFilesLimitLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 215, javax.swing.GroupLayout.PREFERRED_SIZE)
                     .addGroup(globalSettingsPanelLayout.createSequentialGroup()
-                        .addGap(10, 10, 10)
-                        .addGroup(globalSettingsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-                            .addComponent(hideOtherUsersTagsCheckbox)
-                            .addComponent(deletedFilesLimitCheckbox, javax.swing.GroupLayout.DEFAULT_SIZE, 567, Short.MAX_VALUE))))
-                .addContainerGap())
+                        .addComponent(maximumResultsLabel)
+                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                        .addComponent(maximumResultsSpinner, javax.swing.GroupLayout.PREFERRED_SIZE, 70, javax.swing.GroupLayout.PREFERRED_SIZE)))
+                .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
         );
         globalSettingsPanelLayout.setVerticalGroup(
             globalSettingsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
@@ -369,8 +369,10 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
                         .addComponent(commentsOccurencesColumnsCheckbox, javax.swing.GroupLayout.PREFERRED_SIZE, 18, javax.swing.GroupLayout.PREFERRED_SIZE)
                         .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                         .addComponent(commentsOccurencesColumnWrapAroundText)
-                        .addGap(11, 11, 11)
-                        .addComponent(deletedFilesLimitLabel))
+                        .addGap(6, 6, 6)
+                        .addGroup(globalSettingsPanelLayout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+                            .addComponent(maximumResultsLabel)
+                            .addComponent(maximumResultsSpinner, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))
                     .addGroup(globalSettingsPanelLayout.createSequentialGroup()
                         .addComponent(selectFileLabel)
                         .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
@@ -389,9 +391,7 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
                         .addComponent(translateTextLabel)
                         .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                         .addComponent(translateNamesInTableRadioButton)))
-                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
-                .addComponent(deletedFilesLimitCheckbox, javax.swing.GroupLayout.PREFERRED_SIZE, 26, javax.swing.GroupLayout.PREFERRED_SIZE)
-                .addContainerGap(8, Short.MAX_VALUE))
+                .addContainerGap(javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
         );
 
         currentCaseSettingsPanel.setBorder(javax.swing.BorderFactory.createTitledBorder(org.openide.util.NbBundle.getMessage(ViewPreferencesPanel.class, "ViewPreferencesPanel.currentCaseSettingsPanel.border.title"))); // NOI18N
@@ -477,7 +477,7 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
         );
         layout.setVerticalGroup(
             layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-            .addComponent(viewPreferencesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+            .addComponent(viewPreferencesScrollPane, javax.swing.GroupLayout.DEFAULT_SIZE, 528, Short.MAX_VALUE)
         );
     }// </editor-fold>//GEN-END:initComponents
 
@@ -513,14 +513,6 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
         }
     }//GEN-LAST:event_timeZoneListValueChanged
 
-    private void deletedFilesLimitCheckboxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_deletedFilesLimitCheckboxActionPerformed
-        if (immediateUpdates) {
-            DeletedFilePreferences.getDefault().setShouldLimitDeletedFiles(deletedFilesLimitCheckbox.isSelected());
-        } else {
-            firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null);
-        }
-    }//GEN-LAST:event_deletedFilesLimitCheckboxActionPerformed
-
     private void commentsOccurencesColumnsCheckboxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_commentsOccurencesColumnsCheckboxActionPerformed
         if (immediateUpdates) {
             UserPreferences.setHideCentralRepoCommentsAndOccurrences(commentsOccurencesColumnsCheckbox.isSelected());
@@ -611,6 +603,14 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
         }
     }//GEN-LAST:event_useBestViewerRadioButtonActionPerformed
 
+    private void maximumResultsSpinnerStateChanged(javax.swing.event.ChangeEvent evt) {//GEN-FIRST:event_maximumResultsSpinnerStateChanged
+        if (immediateUpdates) {
+            UserPreferences.setMaximumNumberOfResults((Integer)maximumResultsSpinner.getValue());
+        } else {
+            firePropertyChange(OptionsPanelController.PROP_CHANGED, null, null);            
+        }
+    }//GEN-LAST:event_maximumResultsSpinnerStateChanged
+
 
     // Variables declaration - do not modify//GEN-BEGIN:variables
     private javax.swing.JLabel centralRepoLabel;
@@ -620,8 +620,6 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
     private javax.swing.JPanel currentSessionSettingsPanel;
     private javax.swing.JCheckBox dataSourcesHideKnownCheckbox;
     private javax.swing.JCheckBox dataSourcesHideSlackCheckbox;
-    private javax.swing.JCheckBox deletedFilesLimitCheckbox;
-    private javax.swing.JLabel deletedFilesLimitLabel;
     private javax.swing.JLabel displayTimeLabel;
     private javax.swing.JPanel globalSettingsPanel;
     private javax.swing.JCheckBox groupByDataSourceCheckbox;
@@ -632,6 +630,8 @@ public class ViewPreferencesPanel extends JPanel implements OptionsPanel {
     private javax.swing.JLabel hideSlackFilesLabel;
     private javax.swing.JScrollPane jScrollPane1;
     private javax.swing.JRadioButton keepCurrentViewerRadioButton;
+    private javax.swing.JLabel maximumResultsLabel;
+    private javax.swing.JSpinner maximumResultsSpinner;
     private javax.swing.JLabel selectFileLabel;
     private javax.swing.JList<String> timeZoneList;
     private javax.swing.JRadioButton translateNamesInTableRadioButton;
diff --git a/Core/src/org/sleuthkit/autopsy/deletedFiles/DeletedFilePreferences.java b/Core/src/org/sleuthkit/autopsy/deletedFiles/DeletedFilePreferences.java
deleted file mode 100644
index 4eadd3611d..0000000000
--- a/Core/src/org/sleuthkit/autopsy/deletedFiles/DeletedFilePreferences.java
+++ /dev/null
@@ -1,171 +0,0 @@
-/*
- * Autopsy Forensic Browser
- *
- * Copyright 2018 Basis Technology Corp.
- * Contact: carrier <at> sleuthkit <dot> org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.autopsy.deletedFiles;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.OutputStream;
-import java.nio.file.Files;
-import java.nio.file.Path;
-import java.nio.file.Paths;
-import java.util.Properties;
-import java.util.logging.Level;
-import org.sleuthkit.autopsy.casemodule.CasePreferences;
-import org.sleuthkit.autopsy.coreutils.PlatformUtil;
-import org.sleuthkit.autopsy.coreutils.Logger;
-import org.sleuthkit.autopsy.directorytree.DirectoryTreeTopComponent;
-
-/**
- * Class to store settings related to the display of deleted files.
- */
-public class DeletedFilePreferences {
-
-    private static final String SETTINGS_FILE = "DeletedFilePreferences.properties"; //NON-NLS
-    private static final String KEY_LIMIT_DELETED_FILES = "limitDeletedFiles"; //NON-NLS
-    private static final String KEY_LIMIT_VALUE = "limitValue";
-    private static final String VALUE_TRUE = "true"; //NON-NLS
-    private static final String VALUE_FALSE = "false"; //NON-NLS
-    private static final int DEFAULT_MAX_OBJECTS = 10001;
-    private static final Logger logger = Logger.getLogger(CasePreferences.class.getName());
-    private static DeletedFilePreferences defaultInstance;
-    private static boolean limitDeletedFiles = true;
-    private static int deletedFilesLimit = DEFAULT_MAX_OBJECTS;
-
-    /**
-     * Get the settings for the display of deleted files.
-     *
-     * @return defaultInstance with freshly loaded
-     */
-    public static synchronized DeletedFilePreferences getDefault() {
-        if (defaultInstance == null) {
-            defaultInstance = new DeletedFilePreferences();
-        }
-        defaultInstance.loadFromStorage();
-        return defaultInstance;
-    }
-
-    /**
-     * Prevent instantiation.
-     */
-    private DeletedFilePreferences() {
-    }
-
-    /**
-     * Get the 'limitDeletedFiles' value. This can be true or false. It will
-     * default to true if it was not saved correctly previously.s
-     *
-     * @return true if the number of deleted files displayed should be limied,
-     *         false if it should not be limited.
-     */
-    public boolean getShouldLimitDeletedFiles() {
-        return limitDeletedFiles;
-    }
-
-    /**
-     * Set the 'limitDeletedFiles' value to true or false.
-     *
-     * @param value true if the number of deleted files displayed should be
-     *              limied, false if it should not be limited.
-     */
-    public void setShouldLimitDeletedFiles(boolean value) {
-        limitDeletedFiles = value;
-        saveToStorage();
-        DirectoryTreeTopComponent.getDefault().refreshContentTreeSafe();
-    }
-
-    /**
-     * Get the 'limitValue' value. This is an interger value and will default to
-     * DEFAULT_MAX_OBJECTS if it was not previously saved correctly.
-     *
-     * @return an integer representing the max number of deleted files to display.
-     */
-    public int getDeletedFilesLimit() {
-        return deletedFilesLimit;
-    }
-
-    /**
-     * Set the 'limitValue' for max number of deleted files to display.
-     *
-     * @param value an integer representing the max number of deleted files to display.
-     */
-    public void setDeletedFilesLimit(int value) {
-        deletedFilesLimit = value;
-        saveToStorage();
-        DirectoryTreeTopComponent.getDefault().refreshContentTreeSafe();
-
-    }
-
-    /**
-     * Load deleted file preferences from the settings file.
-     */
-    private void loadFromStorage() {
-        Path settingsFile = Paths.get(PlatformUtil.getUserConfigDirectory(), SETTINGS_FILE); //NON-NLS
-        if (settingsFile.toFile().exists()) {
-            // Read the settings
-            try (InputStream inputStream = Files.newInputStream(settingsFile)) {
-                Properties props = new Properties();
-                props.load(inputStream);
-                String limitDeletedFilesValue = props.getProperty(KEY_LIMIT_DELETED_FILES);
-                if (limitDeletedFilesValue != null) {
-                    switch (limitDeletedFilesValue) {
-                        case VALUE_TRUE:
-                            limitDeletedFiles = true;
-                            break;
-                        case VALUE_FALSE:
-                            limitDeletedFiles = false;
-                            break;
-                        default:
-                            logger.log(Level.WARNING, String.format("Unexpected value '%s' for limit deleted files using value of true instead",
-                                    limitDeletedFilesValue));
-                            limitDeletedFiles = true;
-                            break;
-                    }
-                }
-                String limitValue = props.getProperty(KEY_LIMIT_VALUE);
-                try {
-                    if (limitValue != null) {
-                        deletedFilesLimit = Integer.valueOf(limitValue);
-
-                    }
-                } catch (NumberFormatException ex) {
-                    logger.log(Level.INFO, String.format("Unexpected value '%s' for limit, expected an integer using default of 10,001 instead",
-                            limitValue));
-                    deletedFilesLimit = DEFAULT_MAX_OBJECTS;
-                }
-            } catch (IOException ex) {
-                logger.log(Level.SEVERE, "Error reading deletedFilesPreferences file", ex);
-            }
-        }
-    }
-
-    /**
-     * Store deleted file preferences in the settings file.
-     */
-    private void saveToStorage() {
-        Path settingsFile = Paths.get(PlatformUtil.getUserConfigDirectory(), SETTINGS_FILE); //NON-NLS
-        Properties props = new Properties();
-        props.setProperty(KEY_LIMIT_DELETED_FILES, (limitDeletedFiles ? VALUE_TRUE : VALUE_FALSE));
-        props.setProperty(KEY_LIMIT_VALUE, String.valueOf(deletedFilesLimit));
-        try (OutputStream fos = Files.newOutputStream(settingsFile)) {
-            props.store(fos, ""); //NON-NLS
-        } catch (IOException ex) {
-            logger.log(Level.SEVERE, "Error writing deletedFilesPreferences file", ex);
-        }
-    }
-}
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java
index 4868106217..a1f9c3b537 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/DirectoryTreeTopComponent.java
@@ -173,6 +173,7 @@ public final class DirectoryTreeTopComponent extends TopComponent implements Dat
                     case UserPreferences.HIDE_CENTRAL_REPO_COMMENTS_AND_OCCURRENCES:
                     case UserPreferences.DISPLAY_TRANSLATED_NAMES:
                     case UserPreferences.KEEP_PREFERRED_VIEWER:
+                    case UserPreferences.MAXIMUM_NUMBER_OF_RESULTS:
                         refreshContentTreeSafe();
                         break;
                     case UserPreferences.SHOW_ONLY_CURRENT_USER_TAGS:

From 074b1bb6580c4e5192f6b039749433095811690a Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Wed, 21 Nov 2018 16:54:57 -0500
Subject: [PATCH 30/70] Fixes based on feedback from CASE/USO verification tool

---
 .../modules/case_uco/ReportCaseUco.java       | 25 ++++++++++++++++---
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 7e4971c338..38b9296c34 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -57,7 +57,7 @@ class ReportCaseUco implements GeneralReportModule {
     private static ReportCaseUco instance = null;
     private ReportCaseUcoConfigPanel configPanel;
     
-    private static final String REPORT_FILE_NAME = "CaseUco.json";
+    private static final String REPORT_FILE_NAME = "CASE_UCO_output.json-ld";
     
     // Hidden constructor for the report
     private ReportCaseUco() {
@@ -141,6 +141,9 @@ class ReportCaseUco implements GeneralReportModule {
             
             progressPanel.updateStatusLabel(Bundle.ReportCaseUco_querying());
             
+            // create the required CASE-UCO entries at the beginning of the output file
+            initializeJsonOutputFile(jsonGenerator);
+            
             // create CASE-UCO entry for the Autopsy case
             String caseTraceId = saveCaseInfo(skCase, jsonGenerator);
             
@@ -180,6 +183,10 @@ class ReportCaseUco implements GeneralReportModule {
                     saveFileInCaseUcoFormat(objectId, fileName, parent_path, md5Hash, mime_type, size, crtime, atime, mtime, extension, jsonGenerator, dataSourceTraceId);
                 }
             }
+            
+            // create the required CASE-UCO entries at the end of the output file
+            finilizeJsonOutputFile(jsonGenerator);
+            
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS
@@ -204,7 +211,17 @@ class ReportCaseUco implements GeneralReportModule {
         }
     }
     
+    private void initializeJsonOutputFile(JsonGenerator catalog) throws IOException {
+        catalog.writeStartObject();
+        catalog.writeFieldName("@graph");
+        catalog.writeStartArray();
+    }
     
+    private void finilizeJsonOutputFile(JsonGenerator catalog) throws IOException {
+        catalog.writeEndArray();
+        catalog.writeEndObject();
+    }
+        
     private String saveCaseInfo(SleuthkitCase skCase, JsonGenerator catalog) throws TskCoreException, SQLException, IOException, NoCurrentCaseException {
         
         // create a "trace" entry for the Autopsy case iteself
@@ -319,7 +336,7 @@ class ReportCaseUco implements GeneralReportModule {
         catalog.writeStringField("@type", "Relationship");
         catalog.writeStringField("source", dataSourceTraceId);
         catalog.writeStringField("target", caseTraceId);
-        catalog.writeStringField("kindOfRelationshipe", "contained-within");
+        catalog.writeStringField("kindOfRelationship", "contained-within");
         catalog.writeBooleanField("isDirectional", true);
         
         catalog.writeFieldName("propertyBundle");
@@ -330,7 +347,7 @@ class ReportCaseUco implements GeneralReportModule {
         catalog.writeEndObject();
         catalog.writeEndArray();
         
-        catalog.writeEndObject();        
+        catalog.writeEndObject();
         
         return dataSourceTraceId;
     }
@@ -392,7 +409,7 @@ class ReportCaseUco implements GeneralReportModule {
         catalog.writeStringField("@type", "Relationship");
         catalog.writeStringField("source", fileTraceId);
         catalog.writeStringField("target", dataSourceTraceId);
-        catalog.writeStringField("kindOfRelationshipe", "contained-within");
+        catalog.writeStringField("kindOfRelationship", "contained-within");
         catalog.writeBooleanField("isDirectional", true);
         
         catalog.writeFieldName("propertyBundle");

From 0175664d1acdaf6c066c5bf294a21e9e7a5d90b0 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Mon, 26 Nov 2018 17:27:05 -0500
Subject: [PATCH 31/70] Added max results label and removed deleted limit
 label.

---
 .../sleuthkit/autopsy/corecomponents/Bundle.properties | 10 +++++-----
 .../autopsy/corecomponents/Bundle_ja.properties        |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
index f07d7b911f..942072e39b 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
@@ -171,11 +171,13 @@ OptionsCategory_Name_View=View
 OptionsCategory_Keywords_View=View
 ViewPreferencesPanel.currentSessionSettingsPanel.border.title=Current Session Settings
 ViewPreferencesPanel.hideRejectedResultsCheckbox.text=Hide rejected results
-ViewPreferencesPanel.translateTextLabel.text=Translate text in the:
+ViewPreferencesPanel.selectFileLabel.text=When selecting a file:
 ViewPreferencesPanel.globalSettingsPanel.border.title=Global Settings
 ViewPreferencesPanel.translateNamesInTableRadioButton.text=Table
-ViewPreferencesPanel.deletedFilesLimitLabel.text=Limit number of deleted files displayed:
-ViewPreferencesPanel.deletedFilesLimitCheckbox.text=Limit to 10,000
+ViewPreferencesPanel.commentsOccurencesColumnWrapAroundText.text=to reduce loading times
+ViewPreferencesPanel.translateTextLabel.text=Translate text in the:
+ViewPreferencesPanel.maximumResultsLabel.toolTipText=Maximum numer of rows to display in result tables. 0 = unlimited
+ViewPreferencesPanel.maximumResultsLabel.text=Maximum number of results to display:
 ViewPreferencesPanel.commentsOccurencesColumnsCheckbox.text=C(omments) and O(ccurences) columns
 ViewPreferencesPanel.centralRepoLabel.text=Do not use Central Repository for:
 ViewPreferencesPanel.hideOtherUsersTagsLabel.text=Hide other users' tags in the:
@@ -193,5 +195,3 @@ ViewPreferencesPanel.keepCurrentViewerRadioButton.toolTipText=For example, stay
 ViewPreferencesPanel.keepCurrentViewerRadioButton.text=Stay on the same file viewer
 ViewPreferencesPanel.useBestViewerRadioButton.toolTipText=For example, change from Hex to Media when a JPEG is selected.
 ViewPreferencesPanel.useBestViewerRadioButton.text=Change to the most specific file viewer
-ViewPreferencesPanel.selectFileLabel.text=When selecting a file:
-ViewPreferencesPanel.commentsOccurencesColumnWrapAroundText.text=to reduce loading times
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle_ja.properties
index 7eba327056..21624ee592 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle_ja.properties
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle_ja.properties
@@ -120,7 +120,6 @@ MediaViewImagePanel.externalViewerButton.text=\u5916\u90e8\u30d3\u30e5\u30fc\u30
 DataResultPanel.matchLabel.text=\u7d50\u679c
 DataResultPanel.numberOfChildNodesLabel.text=0
 DataResultPanel.descriptionLabel.text=\u30c7\u30a3\u30ec\u30af\u30c8\u30ea\u30d1\u30b9
-ViewPreferencesPanel.selectFileLabel.text=\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3059\u308b\u5834\u5408\uff1a
 ViewPreferencesPanel.useLocalTimeRadioButton.text=\u30ed\u30fc\u30ab\u30eb\u30bf\u30a4\u30e0\u30be\u30fc\u30f3\u3092\u4f7f\u7528
 ViewPreferencesPanel.displayTimeLabel.text=\u6642\u9593\u3092\u8868\u793a\u3059\u308b\u5834\u5408\uff1a
 ViewPreferencesPanel.viewsHideKnownCheckbox.text=\u30d3\u30e5\u30fc\u30a8\u30ea\u30a2
@@ -130,3 +129,4 @@ ViewPreferencesPanel.keepCurrentViewerRadioButton.toolTipText=\u4f8b\u3048\u3070
 ViewPreferencesPanel.keepCurrentViewerRadioButton.text=\u305d\u306e\u307e\u307e\u540c\u3058\u30d5\u30a1\u30a4\u30eb\u30d3\u30e5\u30fc\u30a2\u3092\u4f7f\u7528
 ViewPreferencesPanel.useBestViewerRadioButton.toolTipText=\u4f8b\u3048\u3070\u3001JPEG\u304c\u9078\u629e\u3055\u308c\u305f\u5834\u5408\u306b\u306fHEX\u304b\u3089\u30e1\u30c7\u30a3\u30a2\u306b\u5909\u66f4\u3059\u308b\u3002
 ViewPreferencesPanel.useBestViewerRadioButton.text=\u6700\u3082\u5c02\u9580\u7684\u306a\u30d5\u30a1\u30a4\u30eb\u30d3\u30e5\u30fc\u30a2\u306b\u5909\u66f4
+ViewPreferencesPanel.selectFileLabel.text=\u30d5\u30a1\u30a4\u30eb\u3092\u9078\u629e\u3059\u308b\u5834\u5408\uff1a

From ae67041ca317e8a224f59762946ea3223f227d4c Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Tue, 27 Nov 2018 16:29:16 -0500
Subject: [PATCH 32/70] 4380 Validation / normalization code for new
 Correlation Attributes

---
 .../CorrelationAttributeNormalizer.java       | 218 ++++++++++++++----
 1 file changed, 179 insertions(+), 39 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
index 11a8e2249b..f13e82b160 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
@@ -1,16 +1,16 @@
 /*
- * 
+ *
  * Autopsy Forensic Browser
- * 
+ *
  * Copyright 2018 Basis Technology Corp.
  * Contact: carrier <at> sleuthkit <dot> org
- * 
+ *
  * Licensed under the Apache License, Version 2.0 (the "License");
  * you may not use this file except in compliance with the License.
  * You may obtain a copy of the License at
- * 
+ *
  *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -25,34 +25,39 @@ import org.apache.commons.validator.routines.DomainValidator;
 import org.apache.commons.validator.routines.EmailValidator;
 
 /**
- * Provides functions for normalizing data by attribute type before insertion or querying.
+ * Provides functions for normalizing data by attribute type before insertion or
+ * querying.
  */
 final public class CorrelationAttributeNormalizer {
-    
+
+    //common seperators that may be removed for normalizing
+    private static final String SEPERATORS_REGEX = "[\\s-:]";
+
     /**
      * This is a utility class - no need for constructing or subclassing, etc...
      */
-    private CorrelationAttributeNormalizer() { }
-    
+    private CorrelationAttributeNormalizer() {
+    }
+
     /**
-     * Normalize the data.  Converts text to lower case, and ensures that the
+     * Normalize the data. Converts text to lower case, and ensures that the
      * data is a valid string of the format expected given the attributeType.
-     *  
+     *
      * @param attributeType correlation type of data
-     * @param data data to normalize
-     * 
+     * @param data          data to normalize
+     *
      * @return normalized data
      */
     public static String normalize(CorrelationAttributeInstance.Type attributeType, String data) throws CorrelationAttributeNormalizationException {
 
-        if(attributeType == null){
+        if (attributeType == null) {
             throw new CorrelationAttributeNormalizationException("Attribute type was null.");
         }
-        if(data == null){
+        if (data == null) {
             throw new CorrelationAttributeNormalizationException("Data was null.");
         }
-        
-        switch(attributeType.getId()){
+
+        switch (attributeType.getId()) {
             case CorrelationAttributeInstance.FILES_TYPE_ID:
                 return normalizeMd5(data);
             case CorrelationAttributeInstance.DOMAIN_TYPE_ID:
@@ -64,38 +69,38 @@ final public class CorrelationAttributeNormalizer {
             case CorrelationAttributeInstance.USBID_TYPE_ID:
                 return normalizeUsbId(data);
             case CorrelationAttributeInstance.SSID_TYPE_ID:
-                return data;
+                return verifySsid(data);
             case CorrelationAttributeInstance.MAC_TYPE_ID:
-                return data;
+                return normalizeMac(data);
             case CorrelationAttributeInstance.IMEI_TYPE_ID:
-                return data;
+                return normalizeImei(data);
             case CorrelationAttributeInstance.IMSI_TYPE_ID:
-                return data;
+                return normalizeImsi(data);
             case CorrelationAttributeInstance.ICCID_TYPE_ID:
-                return data;
+                return normalizeIccid(data);
             default:
                 final String errorMessage = String.format(
-                        "Validator function not found for attribute type: %s", 
+                        "Validator function not found for attribute type: %s",
                         attributeType.getDisplayName());
-                throw new CorrelationAttributeNormalizationException(errorMessage);   
+                throw new CorrelationAttributeNormalizationException(errorMessage);
         }
     }
-    
+
     /**
-     * Validate the data.  Converts text to lower case, and ensures that the
-     * data is a valid string of the format expected given the attributeType.
-     *  
+     * Validate the data. Converts text to lower case, and ensures that the data
+     * is a valid string of the format expected given the attributeType.
+     *
      * @param attributeTypeId correlation type of data
-     * @param data data to normalize
-     * 
+     * @param data            data to normalize
+     *
      * @return normalized data
      */
     public static String normalize(int attributeTypeId, String data) throws CorrelationAttributeNormalizationException {
         try {
             List<CorrelationAttributeInstance.Type> defaultTypes = CorrelationAttributeInstance.getDefaultCorrelationTypes();
             Optional<CorrelationAttributeInstance.Type> typeOption = defaultTypes.stream().filter(attributeType -> attributeType.getId() == attributeTypeId).findAny();
-            
-            if(typeOption.isPresent()){
+
+            if (typeOption.isPresent()) {
                 CorrelationAttributeInstance.Type type = typeOption.get();
                 return CorrelationAttributeNormalizer.normalize(type, data);
             } else {
@@ -112,7 +117,7 @@ final public class CorrelationAttributeNormalizer {
     private static String normalizeMd5(String data) throws CorrelationAttributeNormalizationException {
         final String validMd5Regex = "^[a-f0-9]{32}$";
         final String dataLowered = data.toLowerCase();
-        if(dataLowered.matches(validMd5Regex)){
+        if (dataLowered.matches(validMd5Regex)) {
             return dataLowered;
         } else {
             throw new CorrelationAttributeNormalizationException(String.format("Data purporting to be an MD5 was found not to comform to expected format: %s", data));
@@ -120,15 +125,16 @@ final public class CorrelationAttributeNormalizer {
     }
 
     /**
-     * Verify there are no slashes or invalid domain name characters (such as '?' or \: ). Normalize to lower case.
+     * Verify there are no slashes or invalid domain name characters (such as
+     * '?' or \: ). Normalize to lower case.
      */
     private static String normalizeDomain(String data) throws CorrelationAttributeNormalizationException {
         DomainValidator validator = DomainValidator.getInstance(true);
-        if(validator.isValid(data)){
+        if (validator.isValid(data)) {
             return data.toLowerCase();
         } else {
             final String validIpAddressRegex = "^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$";
-            if(data.matches(validIpAddressRegex)){
+            if (data.matches(validIpAddressRegex)) {
                 return data;
             } else {
                 throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid domain: %s", data));
@@ -137,11 +143,12 @@ final public class CorrelationAttributeNormalizer {
     }
 
     /**
-     *  Verify that there is an '@' and no invalid characters. Should normalize to lower case.
+     * Verify that there is an '@' and no invalid characters. Should normalize
+     * to lower case.
      */
     private static String normalizeEmail(String data) throws CorrelationAttributeNormalizationException {
         EmailValidator validator = EmailValidator.getInstance(true, true);
-        if(validator.isValid(data)){
+        if (validator.isValid(data)) {
             return data.toLowerCase();
         } else {
             throw new CorrelationAttributeNormalizationException(String.format("Data was expected to be a valid email address: %s", data));
@@ -152,7 +159,7 @@ final public class CorrelationAttributeNormalizer {
      * Verify it is only numbers and '+'. Strip spaces, dashes, and parentheses.
      */
     private static String normalizePhone(String data) throws CorrelationAttributeNormalizationException {
-        if(data.matches("\\+?[0-9()\\-\\s]+")){
+        if (data.matches("\\+?[0-9()\\-\\s]+")) {
             String phoneNumber = data.replaceAll("[^0-9\\+]", "");
             return phoneNumber;
         } else {
@@ -167,4 +174,137 @@ final public class CorrelationAttributeNormalizer {
         //TODO replace with correct usb id validation at a later date
         return data;
     }
+
+    /**
+     * Verify the wireless network name is valid
+     *
+     * SSIDs for wireless networks can be at most 32 characters, are case
+     * sensitive, and allow special characters.
+     *
+     * @param data The string to normalize and validate
+     *
+     * @return the unmodified data if the data was a valid length to be an SSID
+     *
+     * @throws CorrelationAttributeNormalizationException if the data was not a
+     *                                                    valid SSID
+     */
+    private static String verifySsid(String data) throws CorrelationAttributeNormalizationException {
+        if (data.length() <= 32) {
+            return data;
+        } else {
+            throw new CorrelationAttributeNormalizationException("Name provided was longer than the maximum valid SSID (32 characters). Name: " + data);
+        }
+    }
+
+    /**
+     * Verify the ICCID (Integrated Circuit Card Identifier) number and
+     * normalize format.
+     *
+     * E.118 defines as up to 22 digits long including luhn check digit while
+     * GSM Phase 1 defines it as a 20 digit operator specific structure. They
+     * begin with 89 which is the ISO 7812 Major Industry Identifier for
+     * telecommunication, followed by a contry code of 1-3 digits as definted by
+     * ITU-T E.164, followed by issuer identifier 1-4 digits, followed by 1 luhn
+     * checksum digit (sometimes omitted). The hexidecimal digit F is used as
+     * filler when necessary in GSM Phase 1 specification.
+     *
+     * 18 digits appears to be the shortest ICCID in use.
+     *
+     * @param data The string to normalize and validate
+     *
+     * @return the data with common number seperators removed and lower cased if
+     *         the data was determined to be a possible ICCID
+     *
+     * @throws CorrelationAttributeNormalizationException if the data was not a
+     *                                                    valid ICCID
+     */
+    private static String normalizeIccid(String data) throws CorrelationAttributeNormalizationException {
+        final String validIccidRegex = "^([8][9][f0-9]{17,22})$";
+        final String iccidWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
+        if (iccidWithoutSeperators.matches(validIccidRegex)) {
+            return iccidWithoutSeperators;
+        } else {
+            throw new CorrelationAttributeNormalizationException("Data provided was not a valid ICCID. : " + data);
+        }
+    }
+
+    /**
+     * Verify the IMSI (International mobile subscriber identity) number and
+     * normalize format.
+     *
+     * First 3 digits Mobile Country Code 2-3 digits Mobile Network Code Up to
+     * 10 digits for mobile subscriber identification number MSIN
+     *
+     * Length will be 14 or 15 digits total
+     *
+     * @param data The string to normalize and validate
+     *
+     * @return the data with common number seperators removed if the data was
+     *         determined to be a possible IMSI
+     *
+     * @throws CorrelationAttributeNormalizationException if the data was not a
+     *                                                    valid IMSI
+     */
+    private static String normalizeImsi(String data) throws CorrelationAttributeNormalizationException {
+        final String validImsiRegex = "^[0-9]{14,15}$";
+        final String imsiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");
+        if (imsiWithoutSeperators.matches(validImsiRegex)) {
+            return imsiWithoutSeperators;
+        } else {
+            throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
+        }
+    }
+
+    /**
+     * Verify the MAC (media access control) address and normalize format.
+     *
+     * A 12 or 16 Hexadecimal digits long depending on standard (Possible
+     * standards EUI-48, MAC-48, EUI-64)
+     *
+     * @param data The string to normalize and validate
+     *
+     * @return the data with common number seperators removed and lowercased if
+     *         the data was determined to be a possible MAC
+     *
+     * @throws CorrelationAttributeNormalizationException if the data was not a
+     *                                                    valid MAC
+     */
+    private static String normalizeMac(String data) throws CorrelationAttributeNormalizationException {
+        final String validMacRegex = "^([a-f0-9]{12}|[a-f0-9]{16})$";
+        final String macWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
+        if (macWithoutSeperators.matches(validMacRegex)) {
+            return macWithoutSeperators;
+        } else {
+            throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
+        }
+    }
+
+    /**
+     * Verify the IMEI (International Mobile Equipment Identity) number and
+     * normalize format.
+     *
+     * 14 to 16 digits digits 1 through 6 are TAC (Type Allocation Code) digits
+     * 7 and 8 are also part of the TAC in phones made in 2003 or later digits 7
+     * and 8 are FAC (Final Assembly Code) in phones made prior to 2003 digits 9
+     * through 14 are the serial number digits 15 and 16 if present represent an
+     * optional luhn checksum (or software version number when dealing with an
+     * IMEI software version)
+     *
+     * @param data The string to normalize and validate
+     *
+     * @return the data with common number seperators removed if the data was
+     *         determined to be a possible IMEI
+     *
+     * @throws CorrelationAttributeNormalizationException if the data was not a
+     *                                                    valid IMEI
+     */
+    private static String normalizeImei(String data) throws CorrelationAttributeNormalizationException {
+        final String validImeiRegex = "^[0-9]{14,16}$";
+        final String imeiWithoutSeperators = data.replaceAll(SEPERATORS_REGEX, "");
+        if (imeiWithoutSeperators.matches(validImeiRegex)) {
+            return imeiWithoutSeperators;
+        } else {
+            throw new CorrelationAttributeNormalizationException("Data provided was not a valid Imsi. : " + data);
+        }
+    }
 }

From e952b32921bda98ab6bddb51d2e639710441e764 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Wed, 28 Nov 2018 13:02:34 -0500
Subject: [PATCH 33/70] Adding file metadata content viewer support for Images

---
 .../autopsy/contentviewers/Metadata.java      | 155 +++++++++++-------
 1 file changed, 95 insertions(+), 60 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
index 03a84d4181..4e50bf6bf4 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
@@ -26,6 +26,8 @@ import org.openide.util.lookup.ServiceProvider;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
 import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import org.sleuthkit.datamodel.AbstractFile;
+import org.sleuthkit.datamodel.Image;
+import org.sleuthkit.datamodel.DataSource;
 import org.sleuthkit.datamodel.FsContent;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
@@ -123,11 +125,14 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
 
     @Messages({
         "Metadata.tableRowTitle.mimeType=MIME Type",
-        "Metadata.nodeText.truncated=(results truncated)"})
+        "Metadata.nodeText.truncated=(results truncated)",
+        "Metadata.tableRowTitle.sha1=SHA1",
+        "Metadata.tableRowTitle.sha256=SHA256"})
     @Override
     public void setNode(Node node) {
         AbstractFile file = node.getLookup().lookup(AbstractFile.class);
-        if (file == null) {
+        Image image = node.getLookup().lookup((Image.class));
+        if (file == null && image == null) {
             setText(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.nonFilePassedIn"));
             return;
         }
@@ -135,64 +140,93 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
         StringBuilder sb = new StringBuilder();
         startTable(sb);
 
-        try {
-            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), file.getUniquePath());
-        } catch (TskCoreException ex) {
-            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), file.getParentPath() + "/" + file.getName());
-        }
-
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.type"), file.getType().getName());
-        addRow(sb, Bundle.Metadata_tableRowTitle_mimeType(), file.getMIMEType());
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.size"), Long.toString(file.getSize()));
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.fileNameAlloc"), file.getDirFlagAsString());
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.metadataAlloc"), file.getMetaFlagsAsString());
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.modified"), ContentUtils.getStringTime(file.getMtime(), file));
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.accessed"), ContentUtils.getStringTime(file.getAtime(), file));
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.created"), ContentUtils.getStringTime(file.getCrtime(), file));
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.changed"), ContentUtils.getStringTime(file.getCtime(), file));
-        
-
-        String md5 = file.getMd5Hash();
-        if (md5 == null) {
-            md5 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
-        }
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.md5"), md5);
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.hashLookupResults"), file.getKnown().toString());
-
-        addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.internalid"), Long.toString(file.getId()));
-        if (file.getType().compareTo(TSK_DB_FILES_TYPE_ENUM.LOCAL) == 0) {
-            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.localPath"), file.getLocalAbsPath());
-        }
-
-        endTable(sb);
-
-        /*
-         * If we have a file system file, grab the more detailed metadata text
-         * too
-         */
-        try {
-            if (file instanceof FsContent) {
-                FsContent fsFile = (FsContent) file;
-
-                sb.append("<hr /><pre>\n"); //NON-NLS
-                sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.text"));
-                sb.append(" <br /><br />"); // NON-NLS
-                for (String str : fsFile.getMetaDataText()) {
-                    sb.append(str).append("<br />"); //NON-NLS
-                    
-                    /* 
-                     * Very long results can cause the UI to hang before displaying,
-                     * so truncate the results if necessary.
-                     */
-                    if(sb.length() > 50000){
-                        sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.truncated"));
-                        break;
-                    }
-                }
-                sb.append("</pre>\n"); //NON-NLS
+        if (file != null) {
+            try {
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), file.getUniquePath());
+            } catch (TskCoreException ex) {
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), file.getParentPath() + "/" + file.getName());
             }
-        } catch (TskCoreException ex) {
-            sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.exceptionNotice.text")).append(ex.getLocalizedMessage());
+
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.type"), file.getType().getName());
+            addRow(sb, Bundle.Metadata_tableRowTitle_mimeType(), file.getMIMEType());
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.size"), Long.toString(file.getSize()));
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.fileNameAlloc"), file.getDirFlagAsString());
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.metadataAlloc"), file.getMetaFlagsAsString());
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.modified"), ContentUtils.getStringTime(file.getMtime(), file));
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.accessed"), ContentUtils.getStringTime(file.getAtime(), file));
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.created"), ContentUtils.getStringTime(file.getCrtime(), file));
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.changed"), ContentUtils.getStringTime(file.getCtime(), file));
+
+
+            String md5 = file.getMd5Hash();
+            if (md5 == null) {
+                md5 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+            }
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.md5"), md5);
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.hashLookupResults"), file.getKnown().toString());
+
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.internalid"), Long.toString(file.getId()));
+            if (file.getType().compareTo(TSK_DB_FILES_TYPE_ENUM.LOCAL) == 0) {
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.localPath"), file.getLocalAbsPath());
+            }
+
+            endTable(sb);
+
+            /*
+             * If we have a file system file, grab the more detailed metadata text
+             * too
+             */
+            try {
+                if (file instanceof FsContent) {
+                    FsContent fsFile = (FsContent) file;
+
+                    sb.append("<hr /><pre>\n"); //NON-NLS
+                    sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.text"));
+                    sb.append(" <br /><br />"); // NON-NLS
+                    for (String str : fsFile.getMetaDataText()) {
+                        sb.append(str).append("<br />"); //NON-NLS
+
+                        /* 
+                         * Very long results can cause the UI to hang before displaying,
+                         * so truncate the results if necessary.
+                         */
+                        if(sb.length() > 50000){
+                            sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.truncated"));
+                            break;
+                        }
+                    }
+                    sb.append("</pre>\n"); //NON-NLS
+                }
+            } catch (TskCoreException ex) {
+                sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.exceptionNotice.text")).append(ex.getLocalizedMessage());
+            }
+        } else {
+            try {
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), image.getUniquePath());
+            } catch (TskCoreException ex) {
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), image.getName());
+            }
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.size"), Long.toString(image.getSize()));
+            
+            String md5 = image.getMd5();
+            if (md5 == null || md5.isEmpty()) {
+                md5 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+            }
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.md5"), md5);
+
+            String sha1 = image.getSha1();
+            if (sha1 == null || sha1.isEmpty()) {
+                sha1 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+            }
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sha1"), sha1);
+            
+            String sha256 = image.getSha256();
+            if (sha256 == null || sha256.isEmpty()) {
+                sha256 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+            }
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sha256"), sha256);
+            
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.internalid"), Long.toString(image.getId()));
         }
 
         setText(sb.toString());
@@ -227,8 +261,9 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
 
     @Override
     public boolean isSupported(Node node) {
+        Image image = node.getLookup().lookup(Image.class);
         AbstractFile file = node.getLookup().lookup(AbstractFile.class);
-        return file != null;
+        return (file != null) || (image != null);
     }
 
     @Override

From 5c525b6846b38564122c740e5573e6badeb35e67 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Thu, 29 Nov 2018 08:36:42 -0500
Subject: [PATCH 34/70] Fixed hash lookup. Removed hashes from results viewer

---
 .../autopsy/contentviewers/Metadata.java      | 36 ++++++++++---------
 .../autopsy/datamodel/ImageNode.java          | 15 --------
 .../modules/e01verify/Bundle.properties       | 10 +++---
 .../e01verify/E01VerifyIngestModule.java      | 25 ++++++++-----
 4 files changed, 42 insertions(+), 44 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
index 4e50bf6bf4..5c3de80e23 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
@@ -207,24 +207,28 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
                 addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), image.getName());
             }
             addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.size"), Long.toString(image.getSize()));
-            
-            String md5 = image.getMd5();
-            if (md5 == null || md5.isEmpty()) {
-                md5 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
-            }
-            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.md5"), md5);
 
-            String sha1 = image.getSha1();
-            if (sha1 == null || sha1.isEmpty()) {
-                sha1 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+            try {
+                String md5 = image.getMd5();
+                if (md5 == null || md5.isEmpty()) {
+                    md5 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+                }
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.md5"), md5);
+
+                String sha1 = image.getSha1();
+                if (sha1 == null || sha1.isEmpty()) {
+                    sha1 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+                }
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sha1"), sha1);
+
+                String sha256 = image.getSha256();
+                if (sha256 == null || sha256.isEmpty()) {
+                    sha256 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
+                }
+                addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sha256"), sha256);
+            } catch (TskCoreException ex) {
+                sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.exceptionNotice.text")).append(ex.getLocalizedMessage());
             }
-            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sha1"), sha1);
-            
-            String sha256 = image.getSha256();
-            if (sha256 == null || sha256.isEmpty()) {
-                sha256 = NbBundle.getMessage(this.getClass(), "Metadata.tableRowContent.md5notCalc");
-            }
-            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sha256"), sha256);
             
             addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.internalid"), Long.toString(image.getId()));
         }
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
index 4fcbe3566b..93bf66deab 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
@@ -167,21 +167,6 @@ public class ImageNode extends AbstractContentNode<Image> {
                 Bundle.ImageNode_createSheet_sectorSize_desc(),
                 this.content.getSsize()));
 
-        sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_md5_name(),
-                Bundle.ImageNode_createSheet_md5_displayName(),
-                Bundle.ImageNode_createSheet_md5_desc(),
-                this.content.getMd5()));
-        
-        sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_sha1_name(),
-                Bundle.ImageNode_createSheet_sha1_displayName(),
-                Bundle.ImageNode_createSheet_sha1_desc(),
-                this.content.getSha1()));
-        
-        sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_sha256_name(),
-                Bundle.ImageNode_createSheet_sha256_displayName(),
-                Bundle.ImageNode_createSheet_sha256_desc(),
-                this.content.getSha256()));
-
         sheetSet.put(new NodeProperty<>(Bundle.ImageNode_createSheet_timezone_name(),
                 Bundle.ImageNode_createSheet_timezone_displayName(),
                 Bundle.ImageNode_createSheet_timezone_desc(),
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
index 3323e64dec..571952d1da 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
@@ -1,8 +1,8 @@
 OpenIDE-Module-Name=ewfVerify
-EwfVerifyIngestModule.moduleName.text=Image Integrity
-EwfVerifyIngestModule.moduleDesc.text=Validates the integrity of E01 files.
+EwfVerifyIngestModule.moduleName.text=Disk Image Integrity
+EwfVerifyIngestModule.moduleDesc.text=Calculates and validates hashes of disk images.
 EwfVerifyIngestModule.process.errProcImg=Error processing {0}
-EwfVerifyIngestModule.process.skipNonEwf=Skipping non-E01 image {0}
+EwfVerifyIngestModule.process.skipNonEwf=Skipping non-disk image data source {0}
 EwfVerifyIngestModule.process.noStoredHash=Image {0} does not have stored hash.
 EwfVerifyIngestModule.process.startingImg=Starting {0}
 EwfVerifyIngestModule.process.errGetSizeOfImg=Error getting size of {0}. Image will not be processed.
@@ -13,6 +13,6 @@ EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Image Verification Results
 EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
 EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
 EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
-IngestSettingsPanel.verifyHashesCheckbox.text=Verify existing hashes
-IngestSettingsPanel.computeHashesCheckbox.text=Calculate hashes if none are present
+IngestSettingsPanel.verifyHashesCheckbox.text=Verify existing disk image hashes
+IngestSettingsPanel.computeHashesCheckbox.text=Calculate image hashes if none are present
 IngestSettingsPanel.jLabel3.text=Ingest Settings
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index e2cdae806b..cf3b8c89ee 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -98,6 +98,8 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         "E01VerifyIngestModule.process.hashesCalculated= hashes calculated", 
         "# {0} - imageName",
         "E01VerifyIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
+        "# {0} - imageName",
+        "E01VerifyIngestModule.process.errorLoadingHashes= Error loading hashes for image {0} from the database", 
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -129,14 +131,21 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         // - Otherwise we'll calculate and store all three hashes (assuming the compute checkbox is selected)
         
         // First get a list of all stored hash types
-        if (img.getMd5() != null && ! img.getMd5().isEmpty()) {
-            hashDataList.add(new HashData(HashType.MD5, img.getMd5()));
-        }
-        if (img.getSha1() != null && ! img.getSha1().isEmpty()) {
-            hashDataList.add(new HashData(HashType.SHA1, img.getSha1()));
-        }
-        if (img.getSha256() != null && ! img.getSha256().isEmpty()) {
-            hashDataList.add(new HashData(HashType.SHA256, img.getSha256()));
+        try {
+            if (img.getMd5() != null && ! img.getMd5().isEmpty()) {
+                hashDataList.add(new HashData(HashType.MD5, img.getMd5()));
+            }
+            if (img.getSha1() != null && ! img.getSha1().isEmpty()) {
+                hashDataList.add(new HashData(HashType.SHA1, img.getSha1()));
+            }
+            if (img.getSha256() != null && ! img.getSha256().isEmpty()) {
+                hashDataList.add(new HashData(HashType.SHA256, img.getSha256()));
+            }
+        } catch (TskCoreException ex) {
+                String msg = Bundle.E01VerifyIngestModule_process_errorLoadingHashes(imgName);
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                logger.log(Level.SEVERE, msg, ex);
+                return ProcessResult.ERROR;
         }
         
         // Figure out which mode we should be in

From a2c250fb352d581b592e72b469e894d131ed5bda Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Thu, 29 Nov 2018 09:05:04 -0500
Subject: [PATCH 35/70] Removed old bundle messages.

---
 .../org/sleuthkit/autopsy/datamodel/ImageNode.java    | 11 +----------
 .../modules/e01verify/E01VerifyIngestModule.java      |  3 ---
 2 files changed, 1 insertion(+), 13 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
index 93bf66deab..0bb186d75e 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ImageNode.java
@@ -124,16 +124,7 @@ public class ImageNode extends AbstractContentNode<Image> {
         "ImageNode.createSheet.type.text=Image",
         "ImageNode.createSheet.sectorSize.name=Sector Size (Bytes)",
         "ImageNode.createSheet.sectorSize.displayName=Sector Size (Bytes)",
-        "ImageNode.createSheet.sectorSize.desc=Sector size of the image in bytes.",
-        "ImageNode.createSheet.md5.name=MD5 Hash",
-        "ImageNode.createSheet.md5.displayName=MD5 Hash",
-        "ImageNode.createSheet.md5.desc=MD5 Hash of the image",
-        "ImageNode.createSheet.sha1.name=SHA1 Hash",
-        "ImageNode.createSheet.sha1.displayName=SHA1 Hash",
-        "ImageNode.createSheet.sha1.desc=SHA1 Hash of the image", 
-        "ImageNode.createSheet.sha256.name=SHA256 Hash",
-        "ImageNode.createSheet.sha256.displayName=SHA256 Hash",
-        "ImageNode.createSheet.sha256.desc=SHA256 Hash of the image",       
+        "ImageNode.createSheet.sectorSize.desc=Sector size of the image in bytes.",      
         "ImageNode.createSheet.timezone.name=Timezone",
         "ImageNode.createSheet.timezone.displayName=Timezone",
         "ImageNode.createSheet.timezone.desc=Timezone of the image",
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index cf3b8c89ee..13b3f6fbea 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -308,9 +308,6 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
                 services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(), 
                         imgName + Bundle.E01VerifyIngestModule_process_hashesCalculated(), results));
                 
-                //
-                // TODO Send event to update UI
-                //
             } catch (TskCoreException ex) {
                 String msg = Bundle.E01VerifyIngestModule_process_errorSavingHashes(imgName);
                 services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));

From 01abb9d7e8900b4172a7cbab1d624a48f40b0818 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Thu, 29 Nov 2018 09:29:06 -0500
Subject: [PATCH 36/70] Added more image metadata fields

---
 .../sleuthkit/autopsy/contentviewers/Metadata.java    | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
index 5c3de80e23..06a442eb2a 100644
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/Metadata.java
@@ -127,7 +127,11 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
         "Metadata.tableRowTitle.mimeType=MIME Type",
         "Metadata.nodeText.truncated=(results truncated)",
         "Metadata.tableRowTitle.sha1=SHA1",
-        "Metadata.tableRowTitle.sha256=SHA256"})
+        "Metadata.tableRowTitle.sha256=SHA256",
+        "Metadata.tableRowTitle.imageType=Type",
+        "Metadata.tableRowTitle.sectorSize=Sector Size",
+        "Metadata.tableRowTitle.timezone=Time Zone",
+        "Metadata.tableRowTitle.deviceId=Device ID"})
     @Override
     public void setNode(Node node) {
         AbstractFile file = node.getLookup().lookup(AbstractFile.class);
@@ -206,6 +210,7 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
             } catch (TskCoreException ex) {
                 addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.name"), image.getName());
             }
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.imageType"), image.getType().getName());        
             addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.size"), Long.toString(image.getSize()));
 
             try {
@@ -229,7 +234,9 @@ public class Metadata extends javax.swing.JPanel implements DataContentViewer {
             } catch (TskCoreException ex) {
                 sb.append(NbBundle.getMessage(this.getClass(), "Metadata.nodeText.exceptionNotice.text")).append(ex.getLocalizedMessage());
             }
-            
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.sectorSize"), Long.toString(image.getSsize()));
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.timezone"), image.getTimeZone());
+            addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.deviceId"), image.getDeviceId());
             addRow(sb, NbBundle.getMessage(this.getClass(), "Metadata.tableRowTitle.internalid"), Long.toString(image.getId()));
         }
 

From 479f7184ed69498765d8d0827c34083725a208b9 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Thu, 29 Nov 2018 10:28:12 -0500
Subject: [PATCH 37/70] Prevent duplicates.

---
 .../eventlisteners/IngestEventsListener.java  | 46 ++++++++++-------
 .../ingestmodule/IngestModule.java            | 49 ++++++++++++-------
 .../SevenZipExtractor.java                    | 41 +++++++++++-----
 .../filetypeid/FileTypeIdIngestModule.java    | 32 +++++++-----
 .../modules/stix/StixArtifactData.java        | 30 +++++++-----
 .../volatilityDSP/VolatilityProcessor.java    | 42 +++++++++-------
 6 files changed, 148 insertions(+), 92 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
index 2f2a35ab2a..7a1b8a5fce 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
@@ -30,6 +30,7 @@ import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.logging.Level;
 import java.util.stream.Collectors;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -48,6 +49,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
 import org.sleuthkit.autopsy.coreutils.ThreadUtils;
+import org.sleuthkit.datamodel.SleuthkitCase;
 
 /**
  * Listen for ingest events and update entries in the Central Repository
@@ -149,29 +151,35 @@ public class IngestEventsListener {
     static private void postCorrelatedBadArtifactToBlackboard(BlackboardArtifact bbArtifact, List<String> caseDisplayNames) {
 
         try {
-            AbstractFile af = bbArtifact.getSleuthkitCase().getAbstractFileById(bbArtifact.getObjectID());
-            Collection<BlackboardAttribute> attributes = new ArrayList<>();
             String MODULE_NAME = Bundle.IngestEventsListener_ingestmodule_name();
-            BlackboardArtifact tifArtifact = af.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
-            BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
-                    Bundle.IngestEventsListener_prevTaggedSet_text());
-            BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
-                    Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", "")));
-            attributes.add(att);
-            attributes.add(att2);
+            
+            Collection<BlackboardAttribute> attributes = new ArrayList<>();
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
+                    Bundle.IngestEventsListener_prevTaggedSet_text()));
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
+                    Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", ""))));
             attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT, MODULE_NAME, bbArtifact.getArtifactID()));
+            
+            SleuthkitCase tskCase = bbArtifact.getSleuthkitCase();
+            AbstractFile abstractFile = tskCase.getAbstractFileById(bbArtifact.getObjectID());
+            org.sleuthkit.datamodel.Blackboard tskBlackboard = tskCase.getBlackboard();
+            // Create artifact if it doesn't already exist.
+            //DLG: Do I use AbstractFile, or BlackboardArtifact for the input?
+            if (!tskBlackboard.artifactExists(abstractFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT, attributes)) {
+                BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
+                tifArtifact.addAttributes(attributes);
+                
+                try {
+                    // index the artifact for keyword search
+                    Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard();
+                    blackboard.indexArtifact(tifArtifact);
+                } catch (Blackboard.BlackboardException | NoCurrentCaseException ex) {
+                    LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
+                }
 
-            tifArtifact.addAttributes(attributes);
-            try {
-                // index the artifact for keyword search
-                Blackboard blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard();
-                blackboard.indexArtifact(tifArtifact);
-            } catch (Blackboard.BlackboardException | NoCurrentCaseException ex) {
-                LOGGER.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
+                // fire event to notify UI of this new artifact
+                IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT));
             }
-
-            // fire event to notify UI of this new artifact
-            IngestServices.getInstance().fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT));
         } catch (TskCoreException ex) {
             LOGGER.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS
         } catch (IllegalStateException ex) {
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
index 0eecc533b0..95491f9cad 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
@@ -18,11 +18,14 @@
  */
 package org.sleuthkit.autopsy.centralrepository.ingestmodule;
 
+import java.util.ArrayList;
+import java.util.Collection;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.stream.Collectors;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -51,6 +54,7 @@ import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.autopsy.centralrepository.eventlisteners.IngestEventsListener;
 import org.sleuthkit.autopsy.healthmonitor.HealthMonitor;
 import org.sleuthkit.autopsy.healthmonitor.TimingMetric;
+import org.sleuthkit.datamodel.SleuthkitCase;
 
 /**
  * Ingest module for inserting entries into the Central Repository database on
@@ -318,30 +322,39 @@ final class IngestModule implements FileIngestModule {
 
         try {
             String MODULE_NAME = IngestModuleFactory.getModuleName();
-            BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
-            BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
-                    Bundle.IngestModule_prevTaggedSet_text());
-            BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
-                    Bundle.IngestModule_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", "")));
-            tifArtifact.addAttribute(att);
-            tifArtifact.addAttribute(att2);
+            
+            Collection<BlackboardAttribute> attributes = new ArrayList<>();
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
+                    Bundle.IngestModule_prevTaggedSet_text()));
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
+                    Bundle.IngestModule_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", ""))));
+            
+            SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
+            org.sleuthkit.datamodel.Blackboard tskBlackboard = tskCase.getBlackboard();
+            // Create artifact if it doesn't already exist.
+            if (!tskBlackboard.artifactExists(abstractFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
+                BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                tifArtifact.addAttributes(attributes);
 
-            try {
-                // index the artifact for keyword search
-                blackboard.indexArtifact(tifArtifact);
-            } catch (Blackboard.BlackboardException ex) {
-                logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
+                try {
+                    // index the artifact for keyword search
+                    blackboard.indexArtifact(tifArtifact);
+                } catch (Blackboard.BlackboardException ex) {
+                    logger.log(Level.SEVERE, "Unable to index blackboard artifact " + tifArtifact.getArtifactID(), ex); //NON-NLS
+                }
+
+                // send inbox message
+                sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash());
+
+                // fire event to notify UI of this new artifact
+                services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
             }
-
-            // send inbox message
-            sendBadFileInboxMessage(tifArtifact, abstractFile.getName(), abstractFile.getMd5Hash());
-
-            // fire event to notify UI of this new artifact
-            services.fireModuleDataEvent(new ModuleDataEvent(MODULE_NAME, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to create BlackboardArtifact.", ex); // NON-NLS
         } catch (IllegalStateException ex) {
             logger.log(Level.SEVERE, "Failed to create BlackboardAttribute.", ex); // NON-NLS
+        } catch (NoCurrentCaseException ex) {
+            logger.log(Level.SEVERE, "Exception while getting open case.", ex); // NON-NLS
         }
     }
 
diff --git a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
index c1aec6c81b..73af437ec1 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
@@ -23,6 +23,7 @@ import java.io.FileOutputStream;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Arrays;
+import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
@@ -66,6 +67,7 @@ import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.DerivedFile;
 import org.sleuthkit.datamodel.EncodedFileOutputStream;
 import org.sleuthkit.datamodel.ReadContentInputStream;
+import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 
@@ -242,28 +244,41 @@ class SevenZipExtractor {
         String msg = NbBundle.getMessage(SevenZipExtractor.class,
                 "EmbeddedFileExtractorIngestModule.ArchiveExtractor.isZipBombCheck.warnMsg", archiveFile.getName(), escapedFilePath);
         try {
-            BlackboardArtifact artifact = rootArchive.getArchiveFile().newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
-            artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, EmbeddedFileExtractorModuleFactory.getModuleName(),
+            Collection<BlackboardAttribute> attributes = new ArrayList<>();
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, EmbeddedFileExtractorModuleFactory.getModuleName(),
                     "Possible Zip Bomb"));
-            artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION,
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DESCRIPTION,
                     EmbeddedFileExtractorModuleFactory.getModuleName(),
                     Bundle.SevenZipExtractor_zipBombArtifactCreation_text(archiveFile.getName())));
-            artifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+            attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
                     EmbeddedFileExtractorModuleFactory.getModuleName(),
                     details));
-            try {
-                // index the artifact for keyword search
-                blackboard.indexArtifact(artifact);
-            } catch (Blackboard.BlackboardException ex) {
-                logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
-                MessageNotifyUtil.Notify.error(
-                        Bundle.SevenZipExtractor_indexError_message(), artifact.getDisplayName());
+            
+            SleuthkitCase tskCase = Case.getCurrentCaseThrows().getSleuthkitCase();
+            org.sleuthkit.datamodel.Blackboard tskBlackboard = tskCase.getBlackboard();
+            // Create artifact if it doesn't already exist.
+            if (!tskBlackboard.artifactExists(archiveFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
+                BlackboardArtifact artifact = archiveFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                artifact.addAttributes(attributes);
+                
+                try {
+                    // index the artifact for keyword search
+                    blackboard.indexArtifact(artifact);
+                } catch (Blackboard.BlackboardException ex) {
+                    logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
+                    MessageNotifyUtil.Notify.error(
+                            Bundle.SevenZipExtractor_indexError_message(), artifact.getDisplayName());
+                }
+                
+                services.postMessage(IngestMessage.createWarningMessage(EmbeddedFileExtractorModuleFactory.getModuleName(), msg, details));
+                
+                services.fireModuleDataEvent(new ModuleDataEvent(EmbeddedFileExtractorModuleFactory.getModuleName(), BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
             }
-            services.fireModuleDataEvent(new ModuleDataEvent(EmbeddedFileExtractorModuleFactory.getModuleName(), BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Error creating blackboard artifact for Zip Bomb Detection for file: " + escapedFilePath, ex); //NON-NLS
+        } catch (NoCurrentCaseException ex) {
+            logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
         }
-        services.postMessage(IngestMessage.createWarningMessage(EmbeddedFileExtractorModuleFactory.getModuleName(), msg, details));
     }
 
     /**
diff --git a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
index c8d88f5d46..f79c10a20c 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
@@ -147,23 +147,29 @@ public class FileTypeIdIngestModule implements FileIngestModule {
      */
     private void createInterestingFileHit(AbstractFile file, FileType fileType) {
         try {
-            BlackboardArtifact artifact;
-            artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
             Collection<BlackboardAttribute> attributes = new ArrayList<>();
-            BlackboardAttribute setNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName());
-            attributes.add(setNameAttribute);
-            BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType());
-            attributes.add(ruleNameAttribute);
-            artifact.addAttributes(attributes);
-            try {
-                Case.getCurrentCaseThrows().getServices().getBlackboard().indexArtifact(artifact);
-            } catch (Blackboard.BlackboardException ex) {
-                logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
-            } catch (NoCurrentCaseException ex) {
-                logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
+            attributes.add(new BlackboardAttribute(
+                    BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, FileTypeIdModuleFactory.getModuleName(), fileType.getInterestingFilesSetName()));
+            attributes.add(new BlackboardAttribute(
+                    BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, FileTypeIdModuleFactory.getModuleName(), fileType.getMimeType()));
+            
+            Case currentCase = Case.getCurrentCaseThrows();
+            org.sleuthkit.datamodel.Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard();
+            // Create artifact if it doesn't already exist.
+            if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
+                BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                artifact.addAttributes(attributes);
+                
+                try {
+                    currentCase.getServices().getBlackboard().indexArtifact(artifact);
+                } catch (Blackboard.BlackboardException ex) {
+                    logger.log(Level.SEVERE, String.format("Unable to index TSK_INTERESTING_FILE_HIT blackboard artifact %d (file obj_id=%d)", artifact.getArtifactID(), file.getId()), ex); //NON-NLS
+                }
             }
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, String.format("Unable to create TSK_INTERESTING_FILE_HIT artifact for file (obj_id=%d)", file.getId()), ex); //NON-NLS
+        } catch (NoCurrentCaseException ex) {
+            logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
         }
     }
 
diff --git a/Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java b/Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java
index 6b0622f630..4df69801aa 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/stix/StixArtifactData.java
@@ -64,15 +64,15 @@ class StixArtifactData {
     @Messages({"StixArtifactData.indexError.message=Failed to index STIX interesting file hit artifact for keyword search.",
             "StixArtifactData.noOpenCase.errMsg=No open case available."})
     public void createArtifact(String a_title) throws TskCoreException {
-        Blackboard blackboard;
+        Case currentCase;
         try {
-            blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard();
+            currentCase = Case.getCurrentCaseThrows();
         } catch (NoCurrentCaseException ex) {
             logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
             MessageNotifyUtil.Notify.error(Bundle.StixArtifactData_noOpenCase_errMsg(), ex.getLocalizedMessage());
             return;
         }
-
+        
         String setName;
         if (a_title != null) {
             setName = "STIX Indicator - " + a_title; //NON-NLS
@@ -80,19 +80,25 @@ class StixArtifactData {
             setName = "STIX Indicator - (no title)"; //NON-NLS
         }
 
-        BlackboardArtifact bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
         Collection<BlackboardAttribute> attributes = new ArrayList<>();
         attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, "Stix", setName)); //NON-NLS
         attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_TITLE, "Stix", observableId)); //NON-NLS
         attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, "Stix", objType)); //NON-NLS
-
-        bba.addAttributes(attributes);
-        try {
-            // index the artifact for keyword search
-            blackboard.indexArtifact(bba);
-        } catch (Blackboard.BlackboardException ex) {
-            logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS
-            MessageNotifyUtil.Notify.error(Bundle.StixArtifactData_indexError_message(), bba.getDisplayName());
+        
+        org.sleuthkit.datamodel.Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard();
+        // Create artifact if it doesn't already exist.
+        if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
+            BlackboardArtifact bba = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+            bba.addAttributes(attributes);
+            
+            try {
+                // index the artifact for keyword search
+                Blackboard blackboard = currentCase.getServices().getBlackboard();
+                blackboard.indexArtifact(bba);
+            } catch (Blackboard.BlackboardException ex) {
+                logger.log(Level.SEVERE, "Unable to index blackboard artifact " + bba.getArtifactID(), ex); //NON-NLS
+                MessageNotifyUtil.Notify.error(Bundle.StixArtifactData_indexError_message(), bba.getDisplayName());
+            }
         }
     }
 
diff --git a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
index bff999c810..2f18643c61 100644
--- a/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
+++ b/Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
@@ -24,6 +24,7 @@ import java.io.File;
 import java.io.IOException;
 import java.nio.file.Paths;
 import java.util.ArrayList;
+import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -374,25 +375,32 @@ class VolatilityProcessor {
                         continue;
                     }
                     try {
-                        BlackboardArtifact volArtifact = resolvedFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
-                        BlackboardAttribute att1 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, VOLATILITY, Bundle.VolatilityProcessor_artifactAttribute_interestingFileSet(pluginName));
-                        volArtifact.addAttribute(att1);
+                        Collection<BlackboardAttribute> attributes = new ArrayList<>();
+                        attributes.add(new BlackboardAttribute(
+                                BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, VOLATILITY, Bundle.VolatilityProcessor_artifactAttribute_interestingFileSet(pluginName)));
+                        
+                        org.sleuthkit.datamodel.Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard();
+                        // Create artifact if it doesn't already exist.
+                        if (!tskBlackboard.artifactExists(resolvedFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
+                            BlackboardArtifact volArtifact = resolvedFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                            volArtifact.addAttributes(attributes);
 
-                        try {
-                            // index the artifact for keyword search
-                            blackboard.indexArtifact(volArtifact);
-                        } catch (Blackboard.BlackboardException ex) {
-                            errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName));
-                            /*
-                             * Log the exception as well as add it to the error
-                             * messages, to ensure that the stack trace is not
-                             * lost.
-                             */
-                            logger.log(Level.SEVERE, String.format("Failed to index artifact (artifactId=%d) for for output of %s plugin", volArtifact.getArtifactID(), pluginName), ex);
+                            try {
+                                // index the artifact for keyword search
+                                blackboard.indexArtifact(volArtifact);
+                            } catch (Blackboard.BlackboardException ex) {
+                                errorMsgs.add(Bundle.VolatilityProcessor_errorMessage_failedToIndexArtifact(pluginName));
+                                /*
+                                 * Log the exception as well as add it to the error
+                                 * messages, to ensure that the stack trace is not
+                                 * lost.
+                                 */
+                                logger.log(Level.SEVERE, String.format("Failed to index artifact (artifactId=%d) for for output of %s plugin", volArtifact.getArtifactID(), pluginName), ex);
+                            }
+
+                            // fire event to notify UI of this new artifact
+                            services.fireModuleDataEvent(new ModuleDataEvent(VOLATILITY, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
                         }
-
-                        // fire event to notify UI of this new artifact
-                        services.fireModuleDataEvent(new ModuleDataEvent(VOLATILITY, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT));
                     } catch (TskCoreException ex) {
                         throw new VolatilityProcessorException(Bundle.VolatilityProcessor_exceptionMessage_errorCreatingArtifact(pluginName), ex);
                     }

From e0243780f9b6ced51483fb259463c3a0849184d8 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Thu, 29 Nov 2018 13:02:33 -0500
Subject: [PATCH 38/70] Starting name change

---
 .../sleuthkit/autopsy/ingest/IngestJobSettings.java   |  3 ++-
 .../autopsy/modules/e01verify/Bundle.properties       | 11 ++++++-----
 .../modules/e01verify/E01VerifyIngestModule.java      |  2 +-
 3 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
index 3913ce097a..8216d66528 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestJobSettings.java
@@ -440,7 +440,8 @@ public final class IngestJobSettings {
                         break;
                     case "EWF Verify": //NON-NLS
                     case "E01 Verify": //NON-NLS
-                        moduleNames.add("E01 Verifier"); //NON-NLS
+                    case "E01 Verifier": // NON-NLS
+                        moduleNames.add("Data Source Integrity"); //NON-NLS
                         break;
                     case "Archive Extractor": //NON-NLS
                         moduleNames.add("Embedded File Extractor"); //NON-NLS
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
index 571952d1da..fe77c40832 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
@@ -1,6 +1,6 @@
 OpenIDE-Module-Name=ewfVerify
-EwfVerifyIngestModule.moduleName.text=Disk Image Integrity
-EwfVerifyIngestModule.moduleDesc.text=Calculates and validates hashes of disk images.
+EwfVerifyIngestModule.moduleName.text=Data Source Integrity
+EwfVerifyIngestModule.moduleDesc.text=Calculates and validates hashes of data sources.
 EwfVerifyIngestModule.process.errProcImg=Error processing {0}
 EwfVerifyIngestModule.process.skipNonEwf=Skipping non-disk image data source {0}
 EwfVerifyIngestModule.process.noStoredHash=Image {0} does not have stored hash.
@@ -9,10 +9,11 @@ EwfVerifyIngestModule.process.errGetSizeOfImg=Error getting size of {0}. Image w
 EwfVerifyIngestModule.process.errReadImgAtChunk=Error reading {0} at chunk {1}
 EwfVerifyIngestModule.shutDown.verified=\ verified
 EwfVerifyIngestModule.shutDown.notVerified=\ not verified
-EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Image Verification Results for {0}</p>
+EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Data Source Verification Results for {0}</p>
 EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
 EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
 EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
-IngestSettingsPanel.verifyHashesCheckbox.text=Verify existing disk image hashes
-IngestSettingsPanel.computeHashesCheckbox.text=Calculate image hashes if none are present
+IngestSettingsPanel.verifyHashesCheckbox.text=Verify existing data source hashes
+IngestSettingsPanel.computeHashesCheckbox.text=Calculate data source hashes if none are present
 IngestSettingsPanel.jLabel3.text=Ingest Settings
+IngestSettingsPanel.jLabel1.text=Note that this module will not run on logical files
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
index 13b3f6fbea..6f7e91d5b1 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
@@ -94,7 +94,7 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         "# {1} - calculatedHashValue",
         "E01VerifyIngestModule.process.calcHashWithType=<li>Calculated {0} hash: {1}</li>",
         "# {0} - imageName",
-        "E01VerifyIngestModule.process.calculateHashDone=<p>Image Hash Calculation Results for {0}</p>", 
+        "E01VerifyIngestModule.process.calculateHashDone=<p>Data Source Hash Calculation Results for {0}</p>", 
         "E01VerifyIngestModule.process.hashesCalculated= hashes calculated", 
         "# {0} - imageName",
         "E01VerifyIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 

From 7a6d466eb97b7559e7df5d241cfe9e071e30134c Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 30 Nov 2018 07:23:16 -0500
Subject: [PATCH 39/70] Renamed module. Changed ordering of ingest modules.

---
 ...dule.java => CentralRepoIngestModule.java} | 44 +++++-----
 ...va => CentralRepoIngestModuleFactory.java} | 14 ++--
 .../ingestmodule/IngestSettings.java          |  2 +-
 .../CommonAttributePanel.java                 |  4 +-
 .../ingest/IngestModuleFactoryLoader.java     | 10 ++-
 .../autopsy/ingest/PipelineConfig.xml         |  2 +-
 .../Bundle.properties                         |  0
 .../Bundle_ja.properties                      |  0
 .../DataSourceIntegrityIngestModule.java}     | 84 +++++++++----------
 .../DataSourceIntegrityModuleFactory.java}    | 12 +--
 .../commonfilessearch/InterCaseTestUtils.java | 10 +--
 11 files changed, 92 insertions(+), 90 deletions(-)
 rename Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/{IngestModule.java => CentralRepoIngestModule.java} (89%)
 rename Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/{IngestModuleFactory.java => CentralRepoIngestModuleFactory.java} (85%)
 rename Core/src/org/sleuthkit/autopsy/modules/{e01verify => dataSourceIntegrity}/Bundle.properties (100%)
 rename Core/src/org/sleuthkit/autopsy/modules/{e01verify => dataSourceIntegrity}/Bundle_ja.properties (100%)
 rename Core/src/org/sleuthkit/autopsy/modules/{e01verify/E01VerifyIngestModule.java => dataSourceIntegrity/DataSourceIntegrityIngestModule.java} (76%)
 rename Core/src/org/sleuthkit/autopsy/modules/{e01verify/E01VerifierModuleFactory.java => dataSourceIntegrity/DataSourceIntegrityModuleFactory.java} (87%)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
similarity index 89%
rename from Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
rename to Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
index 0eecc533b0..261af7373f 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
@@ -56,13 +56,13 @@ import org.sleuthkit.autopsy.healthmonitor.TimingMetric;
  * Ingest module for inserting entries into the Central Repository database on
  * ingest of a data source
  */
-@Messages({"IngestModule.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
-    "IngestModule.prevCaseComment.text=Previous Case: "})
-final class IngestModule implements FileIngestModule {
+@Messages({"CentralRepoIngestModule.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
+    "CentralRepoIngestModule.prevCaseComment.text=Previous Case: "})
+final class CentralRepoIngestModule implements FileIngestModule {
 
     static final boolean DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS = true;
 
-    private final static Logger logger = Logger.getLogger(IngestModule.class.getName());
+    private final static Logger logger = Logger.getLogger(CentralRepoIngestModule.class.getName());
     private final IngestServices services = IngestServices.getInstance();
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
     private static final IngestModuleReferenceCounter warningMsgRefCounter = new IngestModuleReferenceCounter();
@@ -78,7 +78,7 @@ final class IngestModule implements FileIngestModule {
      *
      * @param settings The ingest settings for the module instance.
      */
-    IngestModule(IngestSettings settings) {
+    CentralRepoIngestModule(IngestSettings settings) {
         flagTaggedNotableItems = settings.isFlagTaggedNotableItems();
     }
 
@@ -204,8 +204,8 @@ final class IngestModule implements FileIngestModule {
 
     // see ArtifactManagerTimeTester for details
     @Messages({
-        "IngestModule.notfyBubble.title=Central Repository Not Initialized",
-        "IngestModule.errorMessage.isNotEnabled=Central repository settings are not initialized, cannot run Correlation Engine ingest module."
+        "CentralRepoIngestModule.notfyBubble.title=Central Repository Not Initialized",
+        "CentralRepoIngestModule.errorMessage.isNotEnabled=Central repository settings are not initialized, cannot run Correlation Engine ingest module."
     })
     @Override
     public void startUp(IngestJobContext context) throws IngestModuleException {
@@ -239,7 +239,7 @@ final class IngestModule implements FileIngestModule {
              */
             if (RuntimeProperties.runningWithGUI()) {
                 if (1L == warningMsgRefCounter.incrementAndGet(jobId)) {
-                    MessageNotifyUtil.Notify.warn(Bundle.IngestModule_notfyBubble_title(), Bundle.IngestModule_errorMessage_isNotEnabled());
+                    MessageNotifyUtil.Notify.warn(Bundle.CentralRepoIngestModule_notfyBubble_title(), Bundle.CentralRepoIngestModule_errorMessage_isNotEnabled());
                 }
             }
             return;
@@ -317,12 +317,12 @@ final class IngestModule implements FileIngestModule {
     private void postCorrelatedBadFileToBlackboard(AbstractFile abstractFile, List<String> caseDisplayNames) {
 
         try {
-            String MODULE_NAME = IngestModuleFactory.getModuleName();
+            String MODULE_NAME = CentralRepoIngestModuleFactory.getModuleName();
             BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
             BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
-                    Bundle.IngestModule_prevTaggedSet_text());
+                    Bundle.CentralRepoIngestModule_prevTaggedSet_text());
             BlackboardAttribute att2 = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME,
-                    Bundle.IngestModule_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", "")));
+                    Bundle.CentralRepoIngestModule_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(",", "", "")));
             tifArtifact.addAttribute(att);
             tifArtifact.addAttribute(att2);
 
@@ -353,12 +353,12 @@ final class IngestModule implements FileIngestModule {
      * @param name     badFile's name
      * @param md5Hash  badFile's md5 hash
      */
-    @Messages({"IngestModule.postToBB.fileName=File Name",
-        "IngestModule.postToBB.md5Hash=MD5 Hash",
-        "IngestModule.postToBB.hashSetSource=Source of Hash",
-        "IngestModule.postToBB.eamHit=Central Repository",
+    @Messages({"CentralRepoIngestModule.postToBB.fileName=File Name",
+        "CentralRepoIngestModule.postToBB.md5Hash=MD5 Hash",
+        "CentralRepoIngestModule.postToBB.hashSetSource=Source of Hash",
+        "CentralRepoIngestModule.postToBB.eamHit=Central Repository",
         "# {0} - Name of file that is Notable",
-        "IngestModule.postToBB.knownBadMsg=Notable: {0}"})
+        "CentralRepoIngestModule.postToBB.knownBadMsg=Notable: {0}"})
     public void sendBadFileInboxMessage(BlackboardArtifact artifact, String name, String md5Hash) {
         StringBuilder detailsSb = new StringBuilder();
         //details
@@ -366,7 +366,7 @@ final class IngestModule implements FileIngestModule {
         //hit
         detailsSb.append("<tr>"); //NON-NLS
         detailsSb.append("<th>") //NON-NLS
-                .append(Bundle.IngestModule_postToBB_fileName())
+                .append(Bundle.CentralRepoIngestModule_postToBB_fileName())
                 .append("</th>"); //NON-NLS
         detailsSb.append("<td>") //NON-NLS
                 .append(name)
@@ -375,22 +375,22 @@ final class IngestModule implements FileIngestModule {
 
         detailsSb.append("<tr>"); //NON-NLS
         detailsSb.append("<th>") //NON-NLS
-                .append(Bundle.IngestModule_postToBB_md5Hash())
+                .append(Bundle.CentralRepoIngestModule_postToBB_md5Hash())
                 .append("</th>"); //NON-NLS
         detailsSb.append("<td>").append(md5Hash).append("</td>"); //NON-NLS
         detailsSb.append("</tr>"); //NON-NLS
 
         detailsSb.append("<tr>"); //NON-NLS
         detailsSb.append("<th>") //NON-NLS
-                .append(Bundle.IngestModule_postToBB_hashSetSource())
+                .append(Bundle.CentralRepoIngestModule_postToBB_hashSetSource())
                 .append("</th>"); //NON-NLS
-        detailsSb.append("<td>").append(Bundle.IngestModule_postToBB_eamHit()).append("</td>"); //NON-NLS            
+        detailsSb.append("<td>").append(Bundle.CentralRepoIngestModule_postToBB_eamHit()).append("</td>"); //NON-NLS            
         detailsSb.append("</tr>"); //NON-NLS
 
         detailsSb.append("</table>"); //NON-NLS
 
-        services.postMessage(IngestMessage.createDataMessage(IngestModuleFactory.getModuleName(),
-                Bundle.IngestModule_postToBB_knownBadMsg(name),
+        services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(),
+                Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name),
                 detailsSb.toString(),
                 name + md5Hash,
                 artifact));
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
similarity index 85%
rename from Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
rename to Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
index fc5dcd9c81..078c3a5ac9 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
@@ -33,9 +33,9 @@ import org.sleuthkit.autopsy.ingest.NoIngestModuleIngestJobSettings;
  * Factory for Central Repository ingest modules
  */
 @ServiceProvider(service = org.sleuthkit.autopsy.ingest.IngestModuleFactory.class)
-@NbBundle.Messages({"IngestModuleFactory.ingestmodule.name=Correlation Engine",
-                    "IngestModuleFactory.ingestmodule.desc=Saves properties to the central repository for later correlation"})
-public class IngestModuleFactory extends IngestModuleFactoryAdapter {
+@NbBundle.Messages({"CentralRepoIngestModuleFactory.ingestmodule.name=Correlation Engine",
+                    "CentralRepoIngestModuleFactory.ingestmodule.desc=Saves properties to the central repository for later correlation"})
+public class CentralRepoIngestModuleFactory extends IngestModuleFactoryAdapter {
 
     /**
      * Get the name of the module.
@@ -43,7 +43,7 @@ public class IngestModuleFactory extends IngestModuleFactoryAdapter {
      * @return The module name.
      */
     public static String getModuleName() {
-        return Bundle.IngestModuleFactory_ingestmodule_name();
+        return Bundle.CentralRepoIngestModuleFactory_ingestmodule_name();
     }
 
     @Override
@@ -53,7 +53,7 @@ public class IngestModuleFactory extends IngestModuleFactoryAdapter {
 
     @Override
     public String getModuleDescription() {
-        return Bundle.IngestModuleFactory_ingestmodule_desc();
+        return Bundle.CentralRepoIngestModuleFactory_ingestmodule_desc();
     }
 
     @Override
@@ -69,13 +69,13 @@ public class IngestModuleFactory extends IngestModuleFactoryAdapter {
     @Override
     public FileIngestModule createFileIngestModule(IngestModuleIngestJobSettings settings) {
         if (settings instanceof IngestSettings) {
-            return new IngestModule((IngestSettings) settings);
+            return new CentralRepoIngestModule((IngestSettings) settings);
         }
         /*
          * Compatibility check for older versions.
          */
         if (settings instanceof NoIngestModuleIngestJobSettings) {
-            return new IngestModule(new IngestSettings());
+            return new CentralRepoIngestModule(new IngestSettings());
         }
         
         throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
index 32ab9e9f2d..e591ad5a7e 100755
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
@@ -33,7 +33,7 @@ final class IngestSettings implements IngestModuleIngestJobSettings {
      * Instantiate the ingest job settings with default values.
      */
     IngestSettings() {
-        this.flagTaggedNotableItems = IngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
+        this.flagTaggedNotableItems = CentralRepoIngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
     }
 
     /**
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
index f73eaf020f..1b59598d55 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
@@ -48,7 +48,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
-import org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory;
+import org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataResultViewer;
 import org.sleuthkit.autopsy.corecomponents.DataResultTopComponent;
 import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
@@ -706,7 +706,7 @@ final class CommonAttributePanel extends javax.swing.JDialog implements Observer
                 }
                 //if the eamdb is enabled and an instance is able to be retrieved check if each data source has been processed into the cr 
                 HashMap<DataSource, CorrelatedStatus> dataSourceCorrelationMap = new HashMap<>(); //keep track of the status of all data sources that have been ingested
-                String correlationEngineModuleName = IngestModuleFactory.getModuleName();
+                String correlationEngineModuleName = CentralRepoIngestModuleFactory.getModuleName();
                 SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
                 List<CorrelationDataSource> correlatedDataSources = EamDb.getInstance().getDataSources();
                 List<IngestJobInfo> ingestJobs = skCase.getIngestJobs();
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
index a8df988a01..3001036693 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
@@ -30,7 +30,7 @@ import org.openide.util.Lookup;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.examples.SampleIngestModuleFactory;
-import org.sleuthkit.autopsy.modules.e01verify.E01VerifierModuleFactory;
+import org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityModuleFactory;
 import org.sleuthkit.autopsy.modules.exif.ExifParserModuleFactory;
 import org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchDetectorModuleFactory;
 import org.sleuthkit.autopsy.modules.filetypeid.FileTypeIdModuleFactory;
@@ -39,6 +39,8 @@ import org.sleuthkit.autopsy.modules.interestingitems.InterestingItemsIngestModu
 import org.sleuthkit.autopsy.modules.photoreccarver.PhotoRecCarverIngestModuleFactory;
 import org.sleuthkit.autopsy.modules.embeddedfileextractor.EmbeddedFileExtractorModuleFactory;
 import org.sleuthkit.autopsy.modules.encryptiondetection.EncryptionDetectionModuleFactory;
+import org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory;
+import org.sleuthkit.autopsy.modules.vmextractor.VMExtractorIngestModuleFactory;
 import org.sleuthkit.autopsy.python.JythonModuleLoader;
 
 /**
@@ -55,15 +57,17 @@ final class IngestModuleFactoryLoader {
             add("org.sleuthkit.autopsy.recentactivity.RecentActivityExtracterModuleFactory"); //NON-NLS
             add(HashLookupModuleFactory.class.getCanonicalName());
             add(FileTypeIdModuleFactory.class.getCanonicalName());
+            add(FileExtMismatchDetectorModuleFactory.class.getCanonicalName());
             add(EmbeddedFileExtractorModuleFactory.class.getCanonicalName());
             add(ExifParserModuleFactory.class.getCanonicalName());
             add("org.sleuthkit.autopsy.keywordsearch.KeywordSearchModuleFactory"); //NON-NLS
             add("org.sleuthkit.autopsy.thunderbirdparser.EmailParserModuleFactory"); //NON-NLS
-            add(FileExtMismatchDetectorModuleFactory.class.getCanonicalName());
-            add(E01VerifierModuleFactory.class.getCanonicalName());
             add(EncryptionDetectionModuleFactory.class.getCanonicalName());
             add(InterestingItemsIngestModuleFactory.class.getCanonicalName());
+            add(CentralRepoIngestModuleFactory.class.getCanonicalName());
             add(PhotoRecCarverIngestModuleFactory.class.getCanonicalName());
+            add(VMExtractorIngestModuleFactory.class.getCanonicalName());
+            add(DataSourceIntegrityModuleFactory.class.getCanonicalName());
         }
     };
 
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/PipelineConfig.xml b/Core/src/org/sleuthkit/autopsy/ingest/PipelineConfig.xml
index 8619c3d9fa..362987c289 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/PipelineConfig.xml
+++ b/Core/src/org/sleuthkit/autopsy/ingest/PipelineConfig.xml
@@ -20,7 +20,7 @@ Contains only the core ingest modules that ship with Autopsy -->
     </PIPELINE>
     
     <PIPELINE type="ImageAnalysisStageTwo">
-        <MODULE>org.sleuthkit.autopsy.modules.e01verify.E01VerifierModuleFactory</MODULE>
+        <MODULE>org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityModuleFactory</MODULE>
     </PIPELINE>
     
 </PIPELINE_CONFIG>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
similarity index 100%
rename from Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle.properties
rename to Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle_ja.properties
similarity index 100%
rename from Core/src/org/sleuthkit/autopsy/modules/e01verify/Bundle_ja.properties
rename to Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle_ja.properties
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
similarity index 76%
rename from Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
rename to Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
index 6f7e91d5b1..8b93d00f8f 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifyIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.modules.e01verify;
+package org.sleuthkit.autopsy.modules.dataSourceIntegrity;
 
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
@@ -40,14 +40,12 @@ import org.openide.util.NbBundle;
 /**
  * Data source ingest module that verifies the integrity of an Expert Witness
  * Format (EWF) E01 image file by generating a hash of the file and comparing it
- * to the value stored in the image.
+ * to the value stored in the image. Will also generate hashes for any image-type 
+ * data source that has none.
  */
-@NbBundle.Messages({
-    "UnableToCalculateHashes=Unable to calculate MD5 hashes."
-})
-public class E01VerifyIngestModule implements DataSourceIngestModule {
+public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
 
-    private static final Logger logger = Logger.getLogger(E01VerifyIngestModule.class.getName());
+    private static final Logger logger = Logger.getLogger(DataSourceIntegrityIngestModule.class.getName());
     private static final long DEFAULT_CHUNK_SIZE = 32 * 1024;
     private static final IngestServices services = IngestServices.getInstance();
 
@@ -58,13 +56,13 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
     
     private IngestJobContext context;
     
-    E01VerifyIngestModule(IngestSettings settings) {
+    DataSourceIntegrityIngestModule(IngestSettings settings) {
         computeHashes = settings.shouldComputeHashes();
         verifyHashes = settings.shouldVerifyHashes();
     }
 
     @NbBundle.Messages({
-        "E01VerifyIngestModule.startup.noCheckboxesSelected=At least one of the checkboxes must be selected"
+        "DataSourceIntegrityIngestModule.startup.noCheckboxesSelected=At least one of the checkboxes must be selected"
     })
     @Override
     public void startUp(IngestJobContext context) throws IngestModuleException {
@@ -72,34 +70,34 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         
         // It's an error if the module is run without either option selected
         if (!(computeHashes || verifyHashes)) {
-            throw new IngestModuleException(Bundle.E01VerifyIngestModule_startup_noCheckboxesSelected());
+            throw new IngestModuleException(Bundle.DataSourceIntegrityIngestModule_startup_noCheckboxesSelected());
         }
     }
     
     @NbBundle.Messages({
         "# {0} - imageName",
-        "E01VerifyIngestModule.process.skipCompute=Not computing new hashes for {0} since the option was disabled",
+        "DataSourceIntegrityIngestModule.process.skipCompute=Not computing new hashes for {0} since the option was disabled",
         "# {0} - imageName",
-        "E01VerifyIngestModule.process.skipVerify=Not verifying existing hashes for {0} since the option was disabled",
+        "DataSourceIntegrityIngestModule.process.skipVerify=Not verifying existing hashes for {0} since the option was disabled",
         "# {0} - hashName",
-        "E01VerifyIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm",
+        "DataSourceIntegrityIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm",
         "# {0} - hashName",
-        "E01VerifyIngestModule.process.hashMatch=<li>{0} hash verified</li>",
+        "DataSourceIntegrityIngestModule.process.hashMatch=<li>{0} hash verified</li>",
         "# {0} - hashName",
-        "E01VerifyIngestModule.process.hashNonMatch=<li>{0} hash not verified</li>",
+        "DataSourceIntegrityIngestModule.process.hashNonMatch=<li>{0} hash not verified</li>",
         "# {0} - calculatedHashValue",
         "# {1} - storedHashValue",
-        "E01VerifyIngestModule.process.hashList=<ul><li>Calculated hash: {0}</li><li>Stored hash: {1}</li></ul>",
+        "DataSourceIntegrityIngestModule.process.hashList=<ul><li>Calculated hash: {0}</li><li>Stored hash: {1}</li></ul>",
         "# {0} - hashName",
         "# {1} - calculatedHashValue",
-        "E01VerifyIngestModule.process.calcHashWithType=<li>Calculated {0} hash: {1}</li>",
+        "DataSourceIntegrityIngestModule.process.calcHashWithType=<li>Calculated {0} hash: {1}</li>",
         "# {0} - imageName",
-        "E01VerifyIngestModule.process.calculateHashDone=<p>Data Source Hash Calculation Results for {0}</p>", 
-        "E01VerifyIngestModule.process.hashesCalculated= hashes calculated", 
+        "DataSourceIntegrityIngestModule.process.calculateHashDone=<p>Data Source Hash Calculation Results for {0}</p>", 
+        "DataSourceIntegrityIngestModule.process.hashesCalculated= hashes calculated", 
         "# {0} - imageName",
-        "E01VerifyIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
+        "DataSourceIntegrityIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
         "# {0} - imageName",
-        "E01VerifyIngestModule.process.errorLoadingHashes= Error loading hashes for image {0} from the database", 
+        "DataSourceIntegrityIngestModule.process.errorLoadingHashes= Error loading hashes for image {0} from the database", 
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -108,7 +106,7 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         // Skip non-images
         if (!(dataSource instanceof Image)) {
             logger.log(Level.INFO, "Skipping non-image {0}", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(),
                     NbBundle.getMessage(this.getClass(),
                             "EwfVerifyIngestModule.process.skipNonEwf",
                             imgName)));
@@ -120,7 +118,7 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         long size = img.getSize();
         if (size == 0) {
             logger.log(Level.WARNING, "Size of image {0} was 0 when queried.", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(),
+            services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(),
                     NbBundle.getMessage(this.getClass(),
                             "EwfVerifyIngestModule.process.errGetSizeOfImg",
                             imgName)));
@@ -142,8 +140,8 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
                 hashDataList.add(new HashData(HashType.SHA256, img.getSha256()));
             }
         } catch (TskCoreException ex) {
-                String msg = Bundle.E01VerifyIngestModule_process_errorLoadingHashes(imgName);
-                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                String msg = Bundle.DataSourceIntegrityIngestModule_process_errorLoadingHashes(imgName);
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, msg, ex);
                 return ProcessResult.ERROR;
         }
@@ -159,13 +157,13 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         // If that mode was not enabled by the user, exit
         if (mode.equals(Mode.COMPUTE) && ! this.computeHashes) {
             logger.log(Level.INFO, "Not computing hashes for {0} since the option was disabled", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
-                    Bundle.E01VerifyIngestModule_process_skipCompute(imgName)));
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(),
+                    Bundle.DataSourceIntegrityIngestModule_process_skipCompute(imgName)));
             return ProcessResult.OK;
         } else if (mode.equals(Mode.VERIFY) && ! this.verifyHashes) {
             logger.log(Level.INFO, "Not verifying hashes for {0} since the option was disabled", imgName); //NON-NLS
-            services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
-                    Bundle.E01VerifyIngestModule_process_skipVerify(imgName)));
+            services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(),
+                    Bundle.DataSourceIntegrityIngestModule_process_skipVerify(imgName)));
             return ProcessResult.OK;
         }
         
@@ -182,8 +180,8 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             try {
                 hashData.digest = MessageDigest.getInstance(hashData.type.getName());
             } catch (NoSuchAlgorithmException ex) {
-                String msg = Bundle.E01VerifyIngestModule_process_hashAlgorithmError(hashData.type.getName());
-                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                String msg = Bundle.DataSourceIntegrityIngestModule_process_hashAlgorithmError(hashData.type.getName());
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, msg, ex);
                 return ProcessResult.ERROR;
             }
@@ -204,7 +202,7 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
         } else {
             logger.log(Level.INFO, "Starting hash calculation for {0}", img.getName()); //NON-NLS
         }
-        services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(),
+        services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(),
         NbBundle.getMessage(this.getClass(),
                 "EwfVerifyIngestModule.process.startingImg",
                 imgName)));
@@ -224,7 +222,7 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             } catch (TskCoreException ex) {
                 String msg = NbBundle.getMessage(this.getClass(),
                         "EwfVerifyIngestModule.process.errReadImgAtChunk", imgName, i);
-                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, msg, ex);
                 return ProcessResult.ERROR;
             }
@@ -258,12 +256,12 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             
             for (HashData hashData:hashDataList) {
                 if (hashData.storedHash.equals(hashData.calculatedHash)) {
-                    hashResults += Bundle.E01VerifyIngestModule_process_hashMatch(hashData.type.name);
+                    hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashMatch(hashData.type.name);
                 } else {
                     verified = false;
-                    hashResults += Bundle.E01VerifyIngestModule_process_hashNonMatch(hashData.type.name);
+                    hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashNonMatch(hashData.type.name);
                 }
-                hashResults += Bundle.E01VerifyIngestModule_process_hashList(hashData.calculatedHash, hashData.storedHash);
+                hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashList(hashData.calculatedHash, hashData.storedHash);
             }
             
             String verificationResultStr;
@@ -279,13 +277,13 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
             detailedResults += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.resultLi", verificationResultStr);
             detailedResults += hashResults;
 
-            services.postMessage(IngestMessage.createMessage(messageType, E01VerifierModuleFactory.getModuleName(), 
+            services.postMessage(IngestMessage.createMessage(messageType, DataSourceIntegrityModuleFactory.getModuleName(), 
                     imgName + verificationResultStr, detailedResults));
         
         } else {
             // Store the hashes in the database and update the image
             try {
-                String results = Bundle.E01VerifyIngestModule_process_calculateHashDone(imgName);
+                String results = Bundle.DataSourceIntegrityIngestModule_process_calculateHashDone(imgName);
                 
                 for (HashData hashData:hashDataList) {
                     switch (hashData.type) {
@@ -301,16 +299,16 @@ public class E01VerifyIngestModule implements DataSourceIngestModule {
                         default:
                             break;
                     }
-                    results += Bundle.E01VerifyIngestModule_process_calcHashWithType(hashData.type.name, hashData.calculatedHash);
+                    results += Bundle.DataSourceIntegrityIngestModule_process_calcHashWithType(hashData.type.name, hashData.calculatedHash);
                 }
                 
                 // Write the inbox message
-                services.postMessage(IngestMessage.createMessage(MessageType.INFO, E01VerifierModuleFactory.getModuleName(), 
-                        imgName + Bundle.E01VerifyIngestModule_process_hashesCalculated(), results));
+                services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(), 
+                        imgName + Bundle.DataSourceIntegrityIngestModule_process_hashesCalculated(), results));
                 
             } catch (TskCoreException ex) {
-                String msg = Bundle.E01VerifyIngestModule_process_errorSavingHashes(imgName);
-                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, E01VerifierModuleFactory.getModuleName(), msg));
+                String msg = Bundle.DataSourceIntegrityIngestModule_process_errorSavingHashes(imgName);
+                services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, "Error saving hash for image " + imgName + " to database", ex);
                 return ProcessResult.ERROR;
             }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
similarity index 87%
rename from Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java
rename to Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
index 6adb514df9..7747ffc6b7 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/e01verify/E01VerifierModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
@@ -16,7 +16,7 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.sleuthkit.autopsy.modules.e01verify;
+package org.sleuthkit.autopsy.modules.dataSourceIntegrity;
 
 import org.openide.util.NbBundle;
 import org.openide.util.lookup.ServiceProvider;
@@ -33,10 +33,10 @@ import org.sleuthkit.autopsy.ingest.NoIngestModuleIngestJobSettings;
  * of Expert Witness Format (EWF), i.e., .e01 files .
  */
 @ServiceProvider(service = IngestModuleFactory.class)
-public class E01VerifierModuleFactory extends IngestModuleFactoryAdapter {
+public class DataSourceIntegrityModuleFactory extends IngestModuleFactoryAdapter {
 
     static String getModuleName() {
-        return NbBundle.getMessage(E01VerifyIngestModule.class,
+        return NbBundle.getMessage(DataSourceIntegrityIngestModule.class,
                 "EwfVerifyIngestModule.moduleName.text");
     }
 
@@ -47,7 +47,7 @@ public class E01VerifierModuleFactory extends IngestModuleFactoryAdapter {
 
     @Override
     public String getModuleDescription() {
-        return NbBundle.getMessage(E01VerifyIngestModule.class,
+        return NbBundle.getMessage(DataSourceIntegrityIngestModule.class,
                 "EwfVerifyIngestModule.moduleDesc.text");
     }
 
@@ -64,13 +64,13 @@ public class E01VerifierModuleFactory extends IngestModuleFactoryAdapter {
     @Override
     public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings settings) {
         if (settings instanceof IngestSettings) {
-            return new E01VerifyIngestModule((IngestSettings) settings);
+            return new DataSourceIntegrityIngestModule((IngestSettings) settings);
         }
         /*
          * Compatibility check for older versions.
          */
         if (settings instanceof NoIngestModuleIngestJobSettings) {
-            return new E01VerifyIngestModule(new IngestSettings());
+            return new DataSourceIntegrityIngestModule(new IngestSettings());
         }
         
         throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
diff --git a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
index e4d6ae5dd8..eac3ffd3d2 100644
--- a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
+++ b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
@@ -60,7 +60,7 @@ import org.sleuthkit.autopsy.commonfilesearch.DataSourceLoader;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeValue;
 import org.sleuthkit.autopsy.commonfilesearch.CommonAttributeValueList;
 import org.sleuthkit.autopsy.datamodel.DisplayableItemNode;
-import org.sleuthkit.autopsy.modules.e01verify.E01VerifierModuleFactory;
+import org.sleuthkit.autopsy.modules.dataSourceIntegrity.DataSourceIntegrityModuleFactory;
 import org.sleuthkit.autopsy.modules.embeddedfileextractor.EmbeddedFileExtractorModuleFactory;
 import org.sleuthkit.autopsy.modules.exif.ExifParserModuleFactory;
 import org.sleuthkit.autopsy.modules.fileextmismatch.FileExtMismatchDetectorModuleFactory;
@@ -183,8 +183,8 @@ class InterCaseTestUtils {
         final IngestModuleTemplate hashLookupTemplate = IngestUtils.getIngestModuleTemplate(new HashLookupModuleFactory());
         final IngestModuleTemplate vmExtractorTemplate = IngestUtils.getIngestModuleTemplate(new VMExtractorIngestModuleFactory());
         final IngestModuleTemplate photoRecTemplate = IngestUtils.getIngestModuleTemplate(new PhotoRecCarverIngestModuleFactory());
-        final IngestModuleTemplate e01VerifierTemplate = IngestUtils.getIngestModuleTemplate(new E01VerifierModuleFactory());
-        final IngestModuleTemplate eamDbTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory());
+        final IngestModuleTemplate dataSourceIntegrityTemplate = IngestUtils.getIngestModuleTemplate(new DataSourceIntegrityModuleFactory());
+        final IngestModuleTemplate eamDbTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory());
         final IngestModuleTemplate fileExtMismatchDetectorTemplate = IngestUtils.getIngestModuleTemplate(new FileExtMismatchDetectorModuleFactory());
         //TODO we need to figure out how to get ahold of these objects because they are required for properly filling the CR with test data
 //        final IngestModuleTemplate objectDetectorTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.experimental.objectdetection.ObjectDetectionModuleFactory());
@@ -217,10 +217,10 @@ class InterCaseTestUtils {
         kitchenSink.add(hashLookupTemplate);
         kitchenSink.add(vmExtractorTemplate);
         kitchenSink.add(photoRecTemplate);
-        kitchenSink.add(e01VerifierTemplate);
+        kitchenSink.add(dataSourceIntegrityTemplate);
         kitchenSink.add(eamDbTemplate);
         kitchenSink.add(fileExtMismatchDetectorTemplate);
-        //TODO this list should probably be populated by way of loading the appropriate modules based on finding all of the @ServiceProvider(service = IngestModuleFactory.class) types
+        //TODO this list should probably be populated by way of loading the appropriate modules based on finding all of the @ServiceProvider(service = CentralRepoIngestModuleFactory.class) types
 //        kitchenSink.add(objectDetectorTemplate);
 //        kitchenSink.add(emailParserTemplate);
 //        kitchenSink.add(recentActivityTemplate);

From 75dda5f70b85bf37e7740d3661a2693f244da6c8 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Fri, 30 Nov 2018 10:11:39 -0500
Subject: [PATCH 40/70] Including FilesIdentifierIngestModule.

---
 .../FilesIdentifierIngestModule.java          | 54 +++++++++++--------
 1 file changed, 31 insertions(+), 23 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java
index 88eea65dda..0e0160b9b9 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java
@@ -106,12 +106,15 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
     @Override
     @Messages({"FilesIdentifierIngestModule.indexError.message=Failed to index interesting file hit artifact for keyword search."})
     public ProcessResult process(AbstractFile file) {
+        Case currentCase;
         try {
-            blackboard = Case.getCurrentCaseThrows().getServices().getBlackboard();        
+            currentCase = Case.getCurrentCaseThrows();      
         } catch (NoCurrentCaseException ex) {
             logger.log(Level.SEVERE, "Exception while getting open case.", ex); //NON-NLS
             return ProcessResult.ERROR;
         }
+        blackboard = currentCase.getServices().getBlackboard();
+        
         // Skip slack space files.
         if (file.getType().equals(TskData.TSK_DB_FILES_TYPE_ENUM.SLACK)) {
             return ProcessResult.OK;
@@ -126,7 +129,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
                     // Post an interesting files set hit artifact to the 
                     // blackboard.
                     String moduleName = InterestingItemsIngestModuleFactory.getModuleName();
-                    BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                    
                     Collection<BlackboardAttribute> attributes = new ArrayList<>();
 
                     // Add a set name attribute to the artifact. This adds a 
@@ -141,29 +144,34 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
                     // interesting files set membership rule that was satisfied.
                     BlackboardAttribute ruleNameAttribute = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, moduleName, ruleSatisfied);
                     attributes.add(ruleNameAttribute);
+                    
+                    org.sleuthkit.datamodel.Blackboard tskBlackboard = currentCase.getSleuthkitCase().getBlackboard();
+                    // Create artifact if it doesn't already exist.
+                    if (!tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
+                        BlackboardArtifact artifact = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
+                        artifact.addAttributes(attributes);
+                        
+                        try {
+                            // index the artifact for keyword search
+                            blackboard.indexArtifact(artifact);
+                        } catch (Blackboard.BlackboardException ex) {
+                            logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
+                            MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
+                        }
 
-                    artifact.addAttributes(attributes);
-                    try {
-                        // index the artifact for keyword search
-                        blackboard.indexArtifact(artifact);
-                    } catch (Blackboard.BlackboardException ex) {
-                        logger.log(Level.SEVERE, "Unable to index blackboard artifact " + artifact.getArtifactID(), ex); //NON-NLS
-                        MessageNotifyUtil.Notify.error(Bundle.FilesIdentifierIngestModule_indexError_message(), artifact.getDisplayName());
+                        services.fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
+
+                        // make an ingest inbox message
+                        StringBuilder detailsSb = new StringBuilder();
+                        detailsSb.append("File: " + file.getParentPath() + file.getName() + "<br/>\n");
+                        detailsSb.append("Rule Set: " + filesSet.getName());
+
+                        services.postMessage(IngestMessage.createDataMessage(InterestingItemsIngestModuleFactory.getModuleName(),
+                                "Interesting File Match: " + filesSet.getName() + "(" + file.getName() +")",
+                                detailsSb.toString(),
+                                file.getName(),
+                                artifact));
                     }
-
-                    services.fireModuleDataEvent(new ModuleDataEvent(moduleName, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Collections.singletonList(artifact)));
-
-                    // make an ingest inbox message
-                    StringBuilder detailsSb = new StringBuilder();
-                    detailsSb.append("File: " + file.getParentPath() + file.getName() + "<br/>\n");
-                    detailsSb.append("Rule Set: " + filesSet.getName());
-
-                    services.postMessage(IngestMessage.createDataMessage(InterestingItemsIngestModuleFactory.getModuleName(),
-                            "Interesting File Match: " + filesSet.getName() + "(" + file.getName() +")",
-                            detailsSb.toString(),
-                            file.getName(),
-                            artifact));
-
                 } catch (TskCoreException ex) {
                     FilesIdentifierIngestModule.logger.log(Level.SEVERE, "Error posting to the blackboard", ex); //NOI18N NON-NLS
                 }

From 5beca03856e84b4f06f33fc68a8aed9c8788822b Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Fri, 30 Nov 2018 10:19:58 -0500
Subject: [PATCH 41/70] Removed comment.

---
 .../centralrepository/eventlisteners/IngestEventsListener.java   | 1 -
 1 file changed, 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
index 7a1b8a5fce..841b4b0958 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
@@ -164,7 +164,6 @@ public class IngestEventsListener {
             AbstractFile abstractFile = tskCase.getAbstractFileById(bbArtifact.getObjectID());
             org.sleuthkit.datamodel.Blackboard tskBlackboard = tskCase.getBlackboard();
             // Create artifact if it doesn't already exist.
-            //DLG: Do I use AbstractFile, or BlackboardArtifact for the input?
             if (!tskBlackboard.artifactExists(abstractFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT, attributes)) {
                 BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_ARTIFACT_HIT);
                 tifArtifact.addAttributes(attributes);

From 8e75dd44acf3646d161384fec948f3b94b84b237 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Fri, 30 Nov 2018 15:18:35 -0500
Subject: [PATCH 42/70] 4380 simplify / correct iccid validation regex

---
 .../datamodel/CorrelationAttributeNormalizer.java               | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
index f13e82b160..ba8fa4540d 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/datamodel/CorrelationAttributeNormalizer.java
@@ -219,7 +219,7 @@ final public class CorrelationAttributeNormalizer {
      *                                                    valid ICCID
      */
     private static String normalizeIccid(String data) throws CorrelationAttributeNormalizationException {
-        final String validIccidRegex = "^([8][9][f0-9]{17,22})$";
+        final String validIccidRegex = "^89[f0-9]{17,22}$";
         final String iccidWithoutSeperators = data.toLowerCase().replaceAll(SEPERATORS_REGEX, "");
         if (iccidWithoutSeperators.matches(validIccidRegex)) {
             return iccidWithoutSeperators;

From e6cea140ecb41361d374e1f90120e3ec433fe469 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Sun, 2 Dec 2018 23:20:12 -0500
Subject: [PATCH 43/70] Moved logic to normalize extension inputs.

---
 .../modules/interestingitems/FilesSet.java    | 48 ++++++++++++-------
 .../interestingitems/FilesSetRulePanel.java   |  7 ++-
 2 files changed, 38 insertions(+), 17 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
index 87d25453e7..3fd18957e5 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
@@ -833,7 +833,7 @@ public final class FilesSet implements Serializable {
                 // If there is a leading ".", strip it since 
                 // AbstractFile.getFileNameExtension() returns just the 
                 // extension chars and not the dot.
-                super(extension.startsWith(".") ? extension.substring(1) : extension, false);
+                super(normalize(extension), false);
             }            
             
             /**
@@ -842,10 +842,10 @@ public final class FilesSet implements Serializable {
              * @param extensions The file name extensions to be matched.
              */
             public ExtensionCondition(List<String> extensions) {
-                // If there is a leading ".", strip it since 
+                // If there is a leading "." in any list value, strip it since 
                 // AbstractFile.getFileNameExtension() returns just the 
                 // extension chars and not the dot.
-                super(extensions);
+                super(normalize(extensions));
             }
 
             /**
@@ -862,6 +862,34 @@ public final class FilesSet implements Serializable {
             public boolean passes(AbstractFile file) {
                 return this.textMatches(file.getNameExtension());
             }
+            
+            /**
+             * Strip "." from the start of extensions in the provided list.
+             * 
+             * @param extensions The list of extensions to be processed.
+             * 
+             * @return A post-processed list of extensions.
+             */
+            private static List<String> normalize(List<String> extensions) {
+                List<String> values = new ArrayList<>(extensions);
+                
+                for (int i=0; i < values.size(); i++) {
+                    values.set(i, normalize(values.get(i)));
+                }
+                
+                return values;
+            }
+            
+            /**
+             * Strip "." from the start of the provided extension.
+             * 
+             * @param extensions The extension to be processed.
+             * 
+             * @return A post-processed extension.
+             */
+            private static String normalize(String extension) {
+                return extension.startsWith(".") ? extension.substring(1) : extension;
+            }
 
         }
 
@@ -986,19 +1014,7 @@ public final class FilesSet implements Serializable {
              *                      match.
              */
             CaseInsensitiveMultiValueStringComparisionMatcher(List<String> valuesToMatch) {
-                List<String> values = new ArrayList<>(valuesToMatch);
-                for (int i=0; i < values.size(); i++) {
-                    // Remove leading and trailing whitespace.
-                    String tempValue = values.get(i).trim();
-                    
-                    // Strip "." from the start of the extension if it exists.
-                    if (tempValue.startsWith(".")) {
-                        tempValue = tempValue.substring(1);
-                    }
-                    
-                    values.set(i, tempValue);
-                }
-                this.valuesToMatch = values;
+                this.valuesToMatch = valuesToMatch;
             }
 
             @Override
diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
index 7f8285c4a1..9744b0c5bf 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSetRulePanel.java
@@ -485,7 +485,12 @@ final class FilesSetRulePanel extends javax.swing.JPanel {
                 if (this.fullNameRadioButton.isSelected()) {
                     condition = new FilesSet.Rule.FullNameCondition(this.nameTextField.getText());
                 } else {
-                    condition = new FilesSet.Rule.ExtensionCondition(Arrays.asList(this.nameTextField.getText().split(",")));
+                    List<String> extensions = Arrays.asList(this.nameTextField.getText().split(","));
+                    for (int i=0; i < extensions.size(); i++) {
+                        // Remove leading and trailing whitespace.
+                        extensions.set(i, extensions.get(i).trim());
+                    }
+                    condition = new FilesSet.Rule.ExtensionCondition(extensions);
                 }
             } else {
                 logger.log(Level.SEVERE, "Attempt to get name condition with illegal chars"); // NON-NLS

From c13331388ed03bdfee5b2725e5b222716fcf6df3 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Sun, 2 Dec 2018 23:32:32 -0500
Subject: [PATCH 44/70] Typo fixed.

---
 .../sleuthkit/autopsy/modules/interestingitems/FilesSet.java    | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
index 3fd18957e5..0e91869151 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesSet.java
@@ -883,7 +883,7 @@ public final class FilesSet implements Serializable {
             /**
              * Strip "." from the start of the provided extension.
              * 
-             * @param extensions The extension to be processed.
+             * @param extension The extension to be processed.
              * 
              * @return A post-processed extension.
              */

From 6926a8bbf5d28a7034fe44e4ac262d213dc822d1 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Mon, 3 Dec 2018 07:16:01 -0500
Subject: [PATCH 45/70] New icons for wifi network adapter, sim card, bluetooth
 adapter, device info

---
 .../autopsy/datamodel/ExtractedContent.java       |   8 ++++++++
 .../src/org/sleuthkit/autopsy/images/sim_card.png | Bin 0 -> 306 bytes
 .../org/sleuthkit/autopsy/report/ReportHTML.java  |  12 ++++++++++++
 3 files changed, 20 insertions(+)
 create mode 100644 Core/src/org/sleuthkit/autopsy/images/sim_card.png

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
index e950d0e870..cd5c93e954 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@@ -158,6 +158,14 @@ public class ExtractedContent implements AutopsyVisitableItem {
             return filePath + "face.png"; //NON-NLS
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_WIFI_NETWORK.getTypeID()) {
             return filePath + "network-wifi.png"; //NON-NLS
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_WIFI_NETWORK_ADAPTER.getTypeID()) {
+            return filePath + "network-wifi.png"; //NON-NLS
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_SIM_ATTACHED.getTypeID()) {
+            return filePath + "sim_card.png"; //NON-NLS
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_BLUETOOTH_ADAPTER.getTypeID()) {
+            return filePath + "Bluetooth.png"; //NON-NLS
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID()) {
+            return filePath + "phone.png"; //NON-NLS
         }
         return filePath + "artifact-icon.png"; //NON-NLS
     }
diff --git a/Core/src/org/sleuthkit/autopsy/images/sim_card.png b/Core/src/org/sleuthkit/autopsy/images/sim_card.png
new file mode 100644
index 0000000000000000000000000000000000000000..1f326dffead6a9fa38f305230803313400df5250
GIT binary patch
literal 306
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`oCO|{#S9GG!XV7ZFl&wkP>{XE
z)7O>#5x1NOAD5~5xfMX6i=HlyAr`0C2JPl;HW1m<5WTE(f%<&OJ4@P{P6@TDX1NtK
zx=inq6q<NVdPzEKR>3ThgdE{Xb5bI$?(Q!CR&Bjh#Nzq%b+6YIBuKQeH#lE5F`l>Q
zy*fikXsYRo*H+Vl?rAK2zOr*Uce8?l+%btm1~!ZtnoG-=#Xs4&i?|v#SU<1X&B&nQ
z$#nmFKf||p$rlP%7r+0_XUm*r#r?%oaPo>X&-AsAbQpaO=qOxh`p;4ESnG|D9McQJ
zH!RYd{CDhEQCP=vdEGXalw6<L-x6}!eJU7T4!S$l<yYMVdXB-<)z4*}Q$iB};s|gJ

literal 0
HcmV?d00001

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
index 13a5078658..abce289459 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
@@ -274,6 +274,18 @@ class ReportHTML implements TableReportModule {
                 case TSK_WIFI_NETWORK:
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/network-wifi.png"); //NON-NLS
                     break;
+                case TSK_WIFI_NETWORK_ADAPTER:
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/network-wifi.png"); //NON-NLS
+                    break;
+                case TSK_SIM_ATTACHED:
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/sim_card.png"); //NON-NLS
+                    break;
+                case TSK_BLUETOOTH_ADAPTER:
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/Bluetooth.png"); //NON-NLS
+                    break;
+                case TSK_DEVICE_INFO:
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/phone.png"); //NON-NLS
+                    break;
                 default:
                     logger.log(Level.WARNING, "useDataTypeIcon: unhandled artifact type = {0}", dataType); //NON-NLS
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/star.png"); //NON-NLS

From 4668d151c120e7341a46bd4d6eb9fdf3abb3e355 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Mon, 3 Dec 2018 07:21:09 -0500
Subject: [PATCH 46/70] Adding missing settings panel

---
 .../dataSourceIntegrity/Bundle.properties     |   6 +-
 .../DataSourceIntegrityIngestModule.java      |   2 +-
 .../DataSourceIntegrityIngestSettings.java    |  96 ++++++++++++++
 ...ataSourceIntegrityIngestSettingsPanel.form |  83 ++++++++++++
 ...ataSourceIntegrityIngestSettingsPanel.java | 120 ++++++++++++++++++
 .../DataSourceIntegrityModuleFactory.java     |  14 +-
 6 files changed, 310 insertions(+), 11 deletions(-)
 create mode 100644 Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettings.java
 create mode 100644 Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form
 create mode 100644 Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java

diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
index fe77c40832..234b75cd78 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
@@ -13,7 +13,7 @@ EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Data Source Verification R
 EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
 EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
 EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
-IngestSettingsPanel.verifyHashesCheckbox.text=Verify existing data source hashes
 IngestSettingsPanel.computeHashesCheckbox.text=Calculate data source hashes if none are present
-IngestSettingsPanel.jLabel3.text=Ingest Settings
-IngestSettingsPanel.jLabel1.text=Note that this module will not run on logical files
+DataSourceIntegrityIngestSettingsPanel.jLabel1.text=Note that this module will not run on logical files
+DataSourceIntegrityIngestSettingsPanel.jLabel3.text=Ingest Settings
+DataSourceIntegrityIngestSettingsPanel.verifyHashesCheckbox.text=Verify existing data source hashes
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
index 8b93d00f8f..4432b327e4 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@@ -56,7 +56,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
     
     private IngestJobContext context;
     
-    DataSourceIntegrityIngestModule(IngestSettings settings) {
+    DataSourceIntegrityIngestModule(DataSourceIntegrityIngestSettings settings) {
         computeHashes = settings.shouldComputeHashes();
         verifyHashes = settings.shouldVerifyHashes();
     }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettings.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettings.java
new file mode 100644
index 0000000000..e5e4bf3d50
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettings.java
@@ -0,0 +1,96 @@
+/*
+ * Central Repository
+ *
+ * Copyright 2018 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.modules.dataSourceIntegrity;
+
+import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
+
+/**
+ * Ingest job settings for the E01 Verify module.
+ */
+final class DataSourceIntegrityIngestSettings implements IngestModuleIngestJobSettings {
+
+    private static final long serialVersionUID = 1L;
+
+    static final boolean DEFAULT_COMPUTE_HASHES = true;
+    static final boolean DEFAULT_VERIFY_HASHES = true;
+    
+    private boolean computeHashes;
+    private boolean verifyHashes;
+
+    /**
+     * Instantiate the ingest job settings with default values.
+     */
+    DataSourceIntegrityIngestSettings() {
+        this.computeHashes = DEFAULT_COMPUTE_HASHES;
+        this.verifyHashes = DEFAULT_VERIFY_HASHES;
+    }
+
+    /**
+     * Instantiate the ingest job settings.
+     * 
+     * @param computeHashes  Compute hashes if none are present
+     * @param verifyHashes   Verify hashes if any are present
+     */
+    DataSourceIntegrityIngestSettings(boolean computeHashes, boolean verifyHashes) {
+        this.computeHashes = computeHashes;
+        this.verifyHashes = verifyHashes;
+    }
+
+    @Override
+    public long getVersionNumber() {
+        return serialVersionUID;
+    }
+    
+    /**
+     * Should hashes be computed if none are present?
+     * 
+     * @return true if hashes should be computed, false otherwise
+     */
+    boolean shouldComputeHashes() {
+        return computeHashes;
+    }
+    
+    /**
+     * Set whether hashes should be computed.
+     * 
+     * @param computeHashes true if hashes should be computed
+     */
+    void setComputeHashes(boolean computeHashes) {
+        this.computeHashes = computeHashes;
+    }
+    
+    
+    /**
+     * Should hashes be verified if at least one is present?
+     * 
+     * @return true if hashes should be verified, false otherwise
+     */
+    boolean shouldVerifyHashes() {
+        return verifyHashes;
+    }    
+    
+    /**
+     * Set whether hashes should be verified.
+     * 
+     * @param verifyHashes true if hashes should be verified
+     */
+    void setVerifyHashes(boolean verifyHashes) {
+        this.verifyHashes = verifyHashes;
+    }
+}
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form
new file mode 100644
index 0000000000..1d1d8af13d
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form
@@ -0,0 +1,83 @@
+<?xml version="1.0" encoding="UTF-8" ?>
+
+<Form version="1.5" maxVersion="1.9" type="org.netbeans.modules.form.forminfo.JPanelFormInfo">
+  <AuxValues>
+    <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
+    <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_generateFQN" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_generateMnemonicsCode" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_i18nAutoMode" type="java.lang.Boolean" value="true"/>
+    <AuxValue name="FormSettings_layoutCodeTarget" type="java.lang.Integer" value="1"/>
+    <AuxValue name="FormSettings_listenerGenerationStyle" type="java.lang.Integer" value="0"/>
+    <AuxValue name="FormSettings_variablesLocal" type="java.lang.Boolean" value="false"/>
+    <AuxValue name="FormSettings_variablesModifier" type="java.lang.Integer" value="2"/>
+  </AuxValues>
+
+  <Layout>
+    <DimensionLayout dim="0">
+      <Group type="103" groupAlignment="0" attributes="0">
+          <Group type="102" alignment="0" attributes="0">
+              <EmptySpace min="-2" pref="20" max="-2" attributes="0"/>
+              <Group type="103" groupAlignment="0" attributes="0">
+                  <Component id="jLabel1" min="-2" max="-2" attributes="0"/>
+                  <Component id="verifyHashesCheckbox" min="-2" max="-2" attributes="0"/>
+                  <Component id="computeHashesCheckbox" min="-2" max="-2" attributes="0"/>
+                  <Component id="jLabel3" alignment="0" min="-2" max="-2" attributes="0"/>
+              </Group>
+              <EmptySpace pref="115" max="32767" attributes="0"/>
+          </Group>
+      </Group>
+    </DimensionLayout>
+    <DimensionLayout dim="1">
+      <Group type="103" groupAlignment="0" attributes="0">
+          <Group type="102" alignment="0" attributes="0">
+              <EmptySpace max="-2" attributes="0"/>
+              <Component id="jLabel3" min="-2" max="-2" attributes="0"/>
+              <EmptySpace type="unrelated" max="-2" attributes="0"/>
+              <Component id="computeHashesCheckbox" min="-2" max="-2" attributes="0"/>
+              <EmptySpace type="unrelated" max="-2" attributes="0"/>
+              <Component id="verifyHashesCheckbox" min="-2" max="-2" attributes="0"/>
+              <EmptySpace type="unrelated" max="-2" attributes="0"/>
+              <Component id="jLabel1" min="-2" max="-2" attributes="0"/>
+              <EmptySpace pref="198" max="32767" attributes="0"/>
+          </Group>
+      </Group>
+    </DimensionLayout>
+  </Layout>
+  <SubComponents>
+    <Component class="javax.swing.JCheckBox" name="computeHashesCheckbox">
+      <Properties>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/centralrepository/ingestmodule/Bundle.properties" key="DataSourceIntegrityIngestSettingsPanel.computeHashesCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+      <Events>
+        <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="computeHashesCheckboxActionPerformed"/>
+      </Events>
+    </Component>
+    <Component class="javax.swing.JCheckBox" name="verifyHashesCheckbox">
+      <Properties>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties" key="DataSourceIntegrityIngestSettingsPanel.verifyHashesCheckbox.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+    </Component>
+    <Component class="javax.swing.JLabel" name="jLabel3">
+      <Properties>
+        <Property name="font" type="java.awt.Font" editor="org.netbeans.beaninfo.editors.FontEditor">
+          <Font name="Tahoma" size="11" style="1"/>
+        </Property>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties" key="DataSourceIntegrityIngestSettingsPanel.jLabel3.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+    </Component>
+    <Component class="javax.swing.JLabel" name="jLabel1">
+      <Properties>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties" key="DataSourceIntegrityIngestSettingsPanel.jLabel1.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+    </Component>
+  </SubComponents>
+</Form>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
new file mode 100644
index 0000000000..079c9a8507
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
@@ -0,0 +1,120 @@
+/*
+ * Central Repository
+ *
+ * Copyright 2018 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.autopsy.modules.dataSourceIntegrity;
+
+import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettings;
+import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettingsPanel;
+
+/**
+ * Ingest job settings panel for the Correlation Engine module.
+ */
+@SuppressWarnings("PMD.SingularField") // UI widgets cause lots of false positives
+final class DataSourceIntegrityIngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
+
+    /**
+     * Creates new form IngestSettingsPanel
+     */
+    public DataSourceIntegrityIngestSettingsPanel(DataSourceIntegrityIngestSettings settings) {
+        initComponents();
+        customizeComponents(settings);
+    }
+
+    /**
+     * Update components with values from the ingest job settings.
+     *
+     * @param settings The ingest job settings.
+     */
+    private void customizeComponents(DataSourceIntegrityIngestSettings settings) {
+        computeHashesCheckbox.setSelected(settings.shouldComputeHashes());
+        verifyHashesCheckbox.setSelected(settings.shouldVerifyHashes());
+    }
+    
+    @Override
+    public IngestModuleIngestJobSettings getSettings() {
+        return new DataSourceIntegrityIngestSettings(computeHashesCheckbox.isSelected(), verifyHashesCheckbox.isSelected());
+    }
+
+    /**
+     * This method is called from within the constructor to initialize the form.
+     * WARNING: Do NOT modify this code. The content of this method is always
+     * regenerated by the Form Editor.
+     */
+    @SuppressWarnings("unchecked")
+    // <editor-fold defaultstate="collapsed" desc="Generated Code">//GEN-BEGIN:initComponents
+    private void initComponents() {
+
+        computeHashesCheckbox = new javax.swing.JCheckBox();
+        verifyHashesCheckbox = new javax.swing.JCheckBox();
+        jLabel3 = new javax.swing.JLabel();
+        jLabel1 = new javax.swing.JLabel();
+
+        org.openide.awt.Mnemonics.setLocalizedText(computeHashesCheckbox, org.openide.util.NbBundle.getMessage(DataSourceIntegrityIngestSettingsPanel.class, "DataSourceIntegrityIngestSettingsPanel.computeHashesCheckbox.text")); // NOI18N
+        computeHashesCheckbox.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                computeHashesCheckboxActionPerformed(evt);
+            }
+        });
+
+        org.openide.awt.Mnemonics.setLocalizedText(verifyHashesCheckbox, org.openide.util.NbBundle.getMessage(DataSourceIntegrityIngestSettingsPanel.class, "DataSourceIntegrityIngestSettingsPanel.verifyHashesCheckbox.text")); // NOI18N
+
+        jLabel3.setFont(new java.awt.Font("Tahoma", 1, 11)); // NOI18N
+        org.openide.awt.Mnemonics.setLocalizedText(jLabel3, org.openide.util.NbBundle.getMessage(DataSourceIntegrityIngestSettingsPanel.class, "DataSourceIntegrityIngestSettingsPanel.jLabel3.text")); // NOI18N
+
+        org.openide.awt.Mnemonics.setLocalizedText(jLabel1, org.openide.util.NbBundle.getMessage(DataSourceIntegrityIngestSettingsPanel.class, "DataSourceIntegrityIngestSettingsPanel.jLabel1.text")); // NOI18N
+
+        javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
+        this.setLayout(layout);
+        layout.setHorizontalGroup(
+            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+            .addGroup(layout.createSequentialGroup()
+                .addGap(20, 20, 20)
+                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                    .addComponent(jLabel1)
+                    .addComponent(verifyHashesCheckbox)
+                    .addComponent(computeHashesCheckbox)
+                    .addComponent(jLabel3))
+                .addContainerGap(115, Short.MAX_VALUE))
+        );
+        layout.setVerticalGroup(
+            layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+            .addGroup(layout.createSequentialGroup()
+                .addContainerGap()
+                .addComponent(jLabel3)
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+                .addComponent(computeHashesCheckbox)
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+                .addComponent(verifyHashesCheckbox)
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+                .addComponent(jLabel1)
+                .addContainerGap(198, Short.MAX_VALUE))
+        );
+    }// </editor-fold>//GEN-END:initComponents
+
+    private void computeHashesCheckboxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_computeHashesCheckboxActionPerformed
+        // TODO add your handling code here:
+    }//GEN-LAST:event_computeHashesCheckboxActionPerformed
+
+    // Variables declaration - do not modify//GEN-BEGIN:variables
+    private javax.swing.JCheckBox computeHashesCheckbox;
+    private javax.swing.JLabel jLabel1;
+    private javax.swing.JLabel jLabel3;
+    private javax.swing.JCheckBox verifyHashesCheckbox;
+    // End of variables declaration//GEN-END:variables
+
+}
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
index 7747ffc6b7..cb32d2788b 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
@@ -63,14 +63,14 @@ public class DataSourceIntegrityModuleFactory extends IngestModuleFactoryAdapter
 
     @Override
     public DataSourceIngestModule createDataSourceIngestModule(IngestModuleIngestJobSettings settings) {
-        if (settings instanceof IngestSettings) {
-            return new DataSourceIntegrityIngestModule((IngestSettings) settings);
+        if (settings instanceof DataSourceIntegrityIngestSettings) {
+            return new DataSourceIntegrityIngestModule((DataSourceIntegrityIngestSettings) settings);
         }
         /*
          * Compatibility check for older versions.
          */
         if (settings instanceof NoIngestModuleIngestJobSettings) {
-            return new DataSourceIntegrityIngestModule(new IngestSettings());
+            return new DataSourceIntegrityIngestModule(new DataSourceIntegrityIngestSettings());
         }
         
         throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
@@ -78,7 +78,7 @@ public class DataSourceIntegrityModuleFactory extends IngestModuleFactoryAdapter
     
     @Override
     public IngestModuleIngestJobSettings getDefaultIngestJobSettings() {
-        return new IngestSettings();
+        return new DataSourceIntegrityIngestSettings();
     }
 
     @Override
@@ -88,14 +88,14 @@ public class DataSourceIntegrityModuleFactory extends IngestModuleFactoryAdapter
 
     @Override
     public IngestModuleIngestJobSettingsPanel getIngestJobSettingsPanel(IngestModuleIngestJobSettings settings) {
-        if (settings instanceof IngestSettings) {
-            return new IngestSettingsPanel((IngestSettings) settings);
+        if (settings instanceof DataSourceIntegrityIngestSettings) {
+            return new DataSourceIntegrityIngestSettingsPanel((DataSourceIntegrityIngestSettings) settings);
         }
         /*
          * Compatibility check for older versions.
          */
         if (settings instanceof NoIngestModuleIngestJobSettings) {
-            return new IngestSettingsPanel(new IngestSettings());
+            return new DataSourceIntegrityIngestSettingsPanel(new DataSourceIntegrityIngestSettings());
         }
         
         throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");

From 31f1938a175d7c4c22978de1b366bb8e8ae84a45 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Mon, 3 Dec 2018 07:50:57 -0500
Subject: [PATCH 47/70] Resizing panel

---
 .../autopsy/modules/dataSourceIntegrity/Bundle.properties   | 2 +-
 .../DataSourceIntegrityIngestSettingsPanel.form             | 6 +++---
 .../DataSourceIntegrityIngestSettingsPanel.java             | 6 +++---
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
index 234b75cd78..d46727901e 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
@@ -13,7 +13,7 @@ EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Data Source Verification R
 EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
 EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
 EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
-IngestSettingsPanel.computeHashesCheckbox.text=Calculate data source hashes if none are present
+DataSourceIntegrityIngestSettingsPanel.computeHashesCheckbox.text=Calculate data source hashes if none are present
 DataSourceIntegrityIngestSettingsPanel.jLabel1.text=Note that this module will not run on logical files
 DataSourceIntegrityIngestSettingsPanel.jLabel3.text=Ingest Settings
 DataSourceIntegrityIngestSettingsPanel.verifyHashesCheckbox.text=Verify existing data source hashes
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form
index 1d1d8af13d..b9fc6f08b1 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.form
@@ -17,14 +17,14 @@
     <DimensionLayout dim="0">
       <Group type="103" groupAlignment="0" attributes="0">
           <Group type="102" alignment="0" attributes="0">
-              <EmptySpace min="-2" pref="20" max="-2" attributes="0"/>
+              <EmptySpace max="-2" attributes="0"/>
               <Group type="103" groupAlignment="0" attributes="0">
                   <Component id="jLabel1" min="-2" max="-2" attributes="0"/>
                   <Component id="verifyHashesCheckbox" min="-2" max="-2" attributes="0"/>
                   <Component id="computeHashesCheckbox" min="-2" max="-2" attributes="0"/>
                   <Component id="jLabel3" alignment="0" min="-2" max="-2" attributes="0"/>
               </Group>
-              <EmptySpace pref="115" max="32767" attributes="0"/>
+              <EmptySpace pref="47" max="32767" attributes="0"/>
           </Group>
       </Group>
     </DimensionLayout>
@@ -39,7 +39,7 @@
               <Component id="verifyHashesCheckbox" min="-2" max="-2" attributes="0"/>
               <EmptySpace type="unrelated" max="-2" attributes="0"/>
               <Component id="jLabel1" min="-2" max="-2" attributes="0"/>
-              <EmptySpace pref="198" max="32767" attributes="0"/>
+              <EmptySpace pref="53" max="32767" attributes="0"/>
           </Group>
       </Group>
     </DimensionLayout>
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
index 079c9a8507..706861207c 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
@@ -83,13 +83,13 @@ final class DataSourceIntegrityIngestSettingsPanel extends IngestModuleIngestJob
         layout.setHorizontalGroup(
             layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
             .addGroup(layout.createSequentialGroup()
-                .addGap(20, 20, 20)
+                .addContainerGap()
                 .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
                     .addComponent(jLabel1)
                     .addComponent(verifyHashesCheckbox)
                     .addComponent(computeHashesCheckbox)
                     .addComponent(jLabel3))
-                .addContainerGap(115, Short.MAX_VALUE))
+                .addContainerGap(47, Short.MAX_VALUE))
         );
         layout.setVerticalGroup(
             layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
@@ -102,7 +102,7 @@ final class DataSourceIntegrityIngestSettingsPanel extends IngestModuleIngestJob
                 .addComponent(verifyHashesCheckbox)
                 .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
                 .addComponent(jLabel1)
-                .addContainerGap(198, Short.MAX_VALUE))
+                .addContainerGap(53, Short.MAX_VALUE))
         );
     }// </editor-fold>//GEN-END:initComponents
 

From f2558b0220b974204e5d0a0f7be6ee9fa4fc0075 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Mon, 3 Dec 2018 13:30:59 -0500
Subject: [PATCH 48/70] Adding CASE-UCO report to Report section of the tree

---
 .../sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
index 38b9296c34..bde76ecb70 100755
--- a/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/case_uco/ReportCaseUco.java
@@ -3,9 +3,6 @@
  * Autopsy Forensic Browser
  * 
  * Copyright 2012-2018 Basis Technology Corp.
- * 
- * Copyright 2012 42six Solutions.
- * Contact: aebadirad <at> 42six <dot> com
  * Project Contact/Architect: carrier <at> sleuthkit <dot> org
  * 
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -85,7 +82,8 @@ class ReportCaseUco implements GeneralReportModule {
         "ReportCaseUco.initializing=Creating directories...",
         "ReportCaseUco.querying=Querying files...",
         "ReportCaseUco.ingestWarning=Warning, this report will be created before ingest services completed",
-        "ReportCaseUco.processing=Saving files in CASE-UCO format..."
+        "ReportCaseUco.processing=Saving files in CASE-UCO format...",
+        "ReportCaseUco.srcModuleName.text=CASE-UCO Report"
     })
     @Override
     @SuppressWarnings("deprecation")
@@ -187,6 +185,8 @@ class ReportCaseUco implements GeneralReportModule {
             // create the required CASE-UCO entries at the end of the output file
             finilizeJsonOutputFile(jsonGenerator);
             
+            Case.getCurrentCaseThrows().addReport(reportPath, Bundle.ReportCaseUco_srcModuleName_text(), "");
+            
             progressPanel.complete(ReportStatus.COMPLETE);
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, "Failed to get list of files from case database", ex); //NON-NLS

From 73f2cec18961e536821d4658f50350928f13d2c3 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Mon, 3 Dec 2018 13:58:29 -0500
Subject: [PATCH 49/70] Apply limit on number of nodes to display in results
 table.

---
 .../corecomponents/TableFilterChildren.java   | 71 +++++++++++++++----
 1 file changed, 57 insertions(+), 14 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java b/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java
index d5715845a3..799550b897 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java
@@ -18,9 +18,14 @@
  */
 package org.sleuthkit.autopsy.corecomponents;
 
+import javax.swing.JOptionPane;
+import javax.swing.SwingUtilities;
 import org.openide.nodes.Children;
 import org.openide.nodes.FilterNode;
 import org.openide.nodes.Node;
+import org.openide.util.NbBundle;
+import org.openide.windows.WindowManager;
+import org.sleuthkit.autopsy.core.UserPreferences;
 
 /**
  * A <code>Children</code> implementation for a 
@@ -31,17 +36,21 @@ import org.openide.nodes.Node;
  */
 class TableFilterChildren extends FilterNode.Children {
 
+    private int numberOfNodesCreated;
+    private static volatile boolean maxResultsDialogShown = false;
+
     /**
      * Creates a Children object for a TableFilterNode. A TableFilterNode
- creates at most one layer of child nodes for the node it wraps. It is
- designed to be used in the results view to ensure the individual viewers
- display only the first layer of child nodes.
+     * creates at most one layer of child nodes for the node it wraps. It is
+     * designed to be used in the results view to ensure the individual viewers
+     * display only the first layer of child nodes.
      *
-     * @param wrappedNode The node wrapped by the TableFilterNode.
+     * @param wrappedNode    The node wrapped by the TableFilterNode.
      * @param createChildren True if a children (child factory) object should be
-     * created for the wrapped node.
+     *                       created for the wrapped node.
      *
-     * @return A children (child factory) object for a node wrapped by a TableFilterNode.
+     * @return A children (child factory) object for a node wrapped by a
+     *         TableFilterNode.
      */
     public static Children createInstance(Node wrappedNode, boolean createChildren) {
 
@@ -53,21 +62,21 @@ class TableFilterChildren extends FilterNode.Children {
     }
 
     /**
-     * Constructs a children (child factory) implementation for a 
-     * <code>TableFilterNode</code>. A 
-     * <code>TableFilterNode</code> creates at most one layer of 
-     * child nodes for the node it wraps. It is designed to be used for nodes 
-     * displayed in Autopsy table views.
+     * Constructs a children (child factory) implementation for a
+     * <code>TableFilterNode</code>. A <code>TableFilterNode</code> creates at
+     * most one layer of child nodes for the node it wraps. It is designed to be
+     * used for nodes displayed in Autopsy table views.
      *
      * @param wrappedNode The node wrapped by the TableFilterNode.
      */
     TableFilterChildren(Node wrappedNode) {
         super(wrappedNode);
+        numberOfNodesCreated = 0;
     }
 
     /**
-     * Copies a TableFilterNode, with the create children 
- (child factory) flag set to false.
+     * Copies a TableFilterNode, with the create children (child factory) flag
+     * set to false.
      *
      * @param nodeToCopy The TableFilterNode to copy.
      *
@@ -87,7 +96,41 @@ class TableFilterChildren extends FilterNode.Children {
      * @return
      */
     @Override
+    @NbBundle.Messages({"# {0} - The results limit",
+        "TableFilterChildren.createNodes.limitReached.msg="
+        + "The limit on the number of results to display has been reached."
+        + " Only the first {0} results will be shown."
+        + " The limit can be modified in the View Options screen."})
     protected Node[] createNodes(Node key) {
-        return new Node[]{this.copyNode(key)};
+        int maxNodesToCreate = UserPreferences.getMaximumNumberOfResults();
+
+        if (maxNodesToCreate == 0 || numberOfNodesCreated < maxNodesToCreate) {
+            // We either haven't hit the limit yet, or we don't have a limit.
+
+            /**
+             * We only want to apply the limit to "our" nodes (i.e. not the
+             * wait node). If we don't do this the "Please wait..."
+             * node causes the number of results in the table to be off by one.
+             * Using the Bundle to get the value so that we are not tied to a
+             * particular locale.
+             */
+            if (!key.getDisplayName().equalsIgnoreCase(NbBundle.getMessage(Node.class, "LBL_WAIT"))) {
+                numberOfNodesCreated++;
+
+                // If we have a limit and the creation of this node reaches it,
+                // tell the user if they haven't already been told.
+                if (numberOfNodesCreated == maxNodesToCreate && !maxResultsDialogShown) {
+                    maxResultsDialogShown = true;
+
+                    SwingUtilities.invokeLater(()
+                            -> JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(),
+                                    Bundle.TableFilterChildren_createNodes_limitReached_msg(maxNodesToCreate))
+                    );
+                }
+            }
+            return new Node[]{this.copyNode(key)};
+        } else {
+            return new Node[]{};
+        }
     }
 }

From 3fd75203ec58b41277a642e4a3325e8484b9c524 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Mon, 3 Dec 2018 14:30:24 -0500
Subject: [PATCH 50/70] Updated DeletedContent to use results limit from
 UserPreferences. Also fixed a bug where deleted content was not handling
 virtual directories.

---
 .../autopsy/datamodel/DeletedContent.java     | 35 +++++--------------
 1 file changed, 9 insertions(+), 26 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DeletedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/DeletedContent.java
index 55384344bc..1566f870d4 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/DeletedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/DeletedContent.java
@@ -29,8 +29,6 @@ import java.util.Observable;
 import java.util.Observer;
 import java.util.Set;
 import java.util.logging.Level;
-import javax.swing.JOptionPane;
-import javax.swing.SwingUtilities;
 import org.openide.nodes.AbstractNode;
 import org.openide.nodes.ChildFactory;
 import org.openide.nodes.Children;
@@ -38,14 +36,11 @@ import org.openide.nodes.Node;
 import org.openide.nodes.Sheet;
 import org.openide.util.NbBundle;
 import org.openide.util.lookup.Lookups;
-import org.openide.windows.WindowManager;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.CasePreferences;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.core.UserPreferences;
 import org.sleuthkit.autopsy.coreutils.Logger;
-import static org.sleuthkit.autopsy.datamodel.Bundle.*;
-import org.sleuthkit.autopsy.deletedFiles.DeletedFilePreferences;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Content;
@@ -57,6 +52,7 @@ import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
+import org.sleuthkit.datamodel.VirtualDirectory;
 
 /**
  * deleted content view nodes
@@ -404,25 +400,8 @@ public class DeletedContent implements AutopsyVisitableItem {
             }
 
             @Override
-            @NbBundle.Messages({"# {0} - The deleted files threshold",
-                "DeletedContent.createKeys.maxObjects.msg="
-                + "There are more Deleted Files than can be displayed."
-                + " Only the first {0} Deleted Files will be shown."})
             protected boolean createKeys(List<AbstractFile> list) {
-                DeletedFilePreferences deletedPreferences = DeletedFilePreferences.getDefault();
-                List<AbstractFile> queryList = runFsQuery();
-                if (deletedPreferences.getShouldLimitDeletedFiles() && queryList.size() == deletedPreferences.getDeletedFilesLimit()) {
-                    queryList.remove(queryList.size() - 1);
-                    // only show the dialog once - not each time we refresh
-                    if (maxFilesDialogShown == false) {
-                        maxFilesDialogShown = true;
-                        SwingUtilities.invokeLater(()
-                                -> JOptionPane.showMessageDialog(WindowManager.getDefault().getMainWindow(),
-                                        DeletedContent_createKeys_maxObjects_msg(deletedPreferences.getDeletedFilesLimit() - 1))
-                        );
-                    }
-                } 
-                list.addAll(queryList);
+                list.addAll(runFsQuery());
                 return true;
             }
 
@@ -467,9 +446,8 @@ public class DeletedContent implements AutopsyVisitableItem {
                 if (Objects.equals(CasePreferences.getGroupItemsInTreeByDataSource(), true)) {
                     query += " AND data_source_obj_id = " + filteringDSObjId;
                 }
-                DeletedFilePreferences deletedPreferences = DeletedFilePreferences.getDefault();
-                if (deletedPreferences.getShouldLimitDeletedFiles()) {
-                    query += " LIMIT " + deletedPreferences.getDeletedFilesLimit(); //NON-NLS
+                if (UserPreferences.getMaximumNumberOfResults() != 0) {
+                    query += " LIMIT " + UserPreferences.getMaximumNumberOfResults(); //NON-NLS
                 }
                 return query;
             }
@@ -531,6 +509,11 @@ public class DeletedContent implements AutopsyVisitableItem {
                         return new FileNode(f, false);
                     }
 
+                    @Override
+                    public FileNode visit(VirtualDirectory f) {
+                        return new FileNode(f, false);
+                    }
+
                     @Override
                     protected AbstractNode defaultVisit(Content di) {
                         throw new UnsupportedOperationException("Not supported for this type of Displayable Item: " + di.toString());

From 641f3871070c2a388321619533591b92dcd83bfd Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dsmyda" <dsmyda@win-dsmyd-4990.basistech.net>
Date: Mon, 3 Dec 2018 14:47:08 -0500
Subject: [PATCH 51/70] Added special admin file and had it disable ability to
 add datasource when its present

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index eaaa8f9926..ca32f43a4b 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -1120,7 +1120,12 @@ public class Case {
                 /*
                  * Enable the case-specific actions.
                  */
-                CallableSystemAction.get(AddImageAction.class).setEnabled(true);
+                
+                //Deny ability to add a data source if the special admin access file is present.
+                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "child_lock");
+                if(!denyAddDataSourcePermissions.exists()) {
+                    CallableSystemAction.get(AddImageAction.class).setEnabled(true);
+                }
                 CallableSystemAction.get(CaseCloseAction.class).setEnabled(true);
                 CallableSystemAction.get(CasePropertiesAction.class).setEnabled(true);
                 CallableSystemAction.get(CaseDeleteAction.class).setEnabled(true);

From 8a3693f39d08a10253f5598ba949f3e973ab2d75 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dsmyda" <dsmyda@win-dsmyd-4990.basistech.net>
Date: Mon, 3 Dec 2018 14:50:46 -0500
Subject: [PATCH 52/70] Made the file name less fun

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index ca32f43a4b..96af6ac274 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -1122,7 +1122,7 @@ public class Case {
                  */
                 
                 //Deny ability to add a data source if the special admin access file is present.
-                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "child_lock");
+                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "adminAccess");
                 if(!denyAddDataSourcePermissions.exists()) {
                     CallableSystemAction.get(AddImageAction.class).setEnabled(true);
                 }

From 46c5d8889fd664e021748b03227a34ffd3906615 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Mon, 3 Dec 2018 14:50:49 -0500
Subject: [PATCH 53/70] No need to get file from database if is has been stored
 in the BlackboardArtifactNode lookup.

---
 .../autopsy/datamodel/KeywordHits.java          | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java b/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java
index 9e60fba7f8..c80069c7ef 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/KeywordHits.java
@@ -858,14 +858,17 @@ public class KeywordHits implements AutopsyVisitableItem {
         try {
             BlackboardArtifact art = skCase.getBlackboardArtifact(artifactId);
             BlackboardArtifactNode n = new BlackboardArtifactNode(art);
-            AbstractFile file;
-            try {
-                file = skCase.getAbstractFileById(art.getObjectID());
-            } catch (TskCoreException ex) {
-                logger.log(Level.SEVERE, "TskCoreException while constructing BlackboardArtifact Node from KeywordHitsKeywordChildren", ex); //NON-NLS
-                return n;
+            // The associated file should be available through the Lookup that
+            // gets created when the BlackboardArtifactNode is constructed.
+            AbstractFile file = n.getLookup().lookup(AbstractFile.class);
+            if (file == null) {
+                try {
+                    file = skCase.getAbstractFileById(art.getObjectID());
+                } catch (TskCoreException ex) {
+                    logger.log(Level.SEVERE, "TskCoreException while constructing BlackboardArtifact Node from KeywordHitsKeywordChildren", ex); //NON-NLS
+                    return n;
+                }
             }
-
             /*
              * It is possible to get a keyword hit on artifacts generated for
              * the underlying image in which case MAC times are not

From 0eeab71f8dff241e59524f86a7cc10426b000e82 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dsmyda" <dsmyda@win-dsmyd-4990.basistech.net>
Date: Mon, 3 Dec 2018 14:59:07 -0500
Subject: [PATCH 54/70] Made the admin file name more unique

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index 96af6ac274..aab5aafdeb 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -1122,7 +1122,7 @@ public class Case {
                  */
                 
                 //Deny ability to add a data source if the special admin access file is present.
-                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "adminAccess");
+                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "addDataSourceChildLock");
                 if(!denyAddDataSourcePermissions.exists()) {
                     CallableSystemAction.get(AddImageAction.class).setEnabled(true);
                 }

From ca9199f0e48745611b67bd0e2c4036f4676780b0 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Mon, 3 Dec 2018 16:12:59 -0500
Subject: [PATCH 55/70] Changed catalog url to use https instead of http.

---
 nbproject/platform.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nbproject/platform.properties b/nbproject/platform.properties
index 86a5375b54..898ac95983 100644
--- a/nbproject/platform.properties
+++ b/nbproject/platform.properties
@@ -7,7 +7,7 @@ nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version}
 harness.dir=${nbplatform.active.dir}/harness
 bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastSuccessfulBuild/artifact/nbbuild/netbeans/harness/tasks.jar
 # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL
-autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
+autoupdate.catalog.url=https://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
 cluster.path=\
     ${nbplatform.active.dir}/harness:\
     ${nbplatform.active.dir}/java:\

From 8837170d2a89c7df3225c5a58413eca19535a014 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Mon, 3 Dec 2018 17:17:21 -0500
Subject: [PATCH 56/70] Ignore creation of attributes without text.

---
 .../exif/ExifParserFileIngestModule.java      | 21 ++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index b0894cbdd9..3b6de236bc 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -76,7 +76,6 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
     private final IngestServices services = IngestServices.getInstance();
     private final AtomicInteger filesProcessed = new AtomicInteger(0);
     private volatile boolean filesToFire = false;
-    private final List<BlackboardArtifact> listOfFacesDetectedArtifacts = new ArrayList<>();
     private long jobId;
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
     private FileTypeDetector fileTypeDetector;
@@ -196,13 +195,25 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
             ExifIFD0Directory devDir = metadata.getFirstDirectoryOfType(ExifIFD0Directory.class);
             if (devDir != null) {
                 String model = devDir.getString(ExifIFD0Directory.TAG_MODEL);
-                if (model != null && !model.isEmpty()) {
-                    attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, ExifParserModuleFactory.getModuleName(), model));
+                if (model != null) {
+                    int testSize = model.length(); //DLG:
+                    model = model.trim();
+                    if (!model.isEmpty()) {
+                        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, ExifParserModuleFactory.getModuleName(), model));
+                    } else if (testSize > 0) {
+                        System.out.println(); //DLG: Put breakpoint here!
+                    }
                 }
 
                 String make = devDir.getString(ExifIFD0Directory.TAG_MAKE);
-                if (make != null && !make.isEmpty()) {
-                    attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, ExifParserModuleFactory.getModuleName(), make));
+                if (make != null) {
+                    int testSize = make.length(); //DLG:
+                    make = make.trim();
+                    if (!make.isEmpty()) {
+                        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, ExifParserModuleFactory.getModuleName(), make));
+                    }else if (testSize > 0) {
+                        System.out.println(); //DLG: Put breakpoint here!
+                    }
                 }
             }
 

From 5f2345441010bdca9a8cd994ce6d9d73233f3471 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Tue, 4 Dec 2018 08:42:01 -0500
Subject: [PATCH 57/70] Updating names

---
 .../dataSourceIntegrity/Bundle.properties     | 28 +++++++++----------
 .../dataSourceIntegrity/Bundle_ja.properties  | 28 +++++++++----------
 .../DataSourceIntegrityIngestModule.java      | 26 ++++++++---------
 ...ataSourceIntegrityIngestSettingsPanel.java |  2 +-
 .../DataSourceIntegrityModuleFactory.java     |  6 ++--
 5 files changed, 45 insertions(+), 45 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
index d46727901e..30624f41bb 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle.properties
@@ -1,18 +1,18 @@
 OpenIDE-Module-Name=ewfVerify
-EwfVerifyIngestModule.moduleName.text=Data Source Integrity
-EwfVerifyIngestModule.moduleDesc.text=Calculates and validates hashes of data sources.
-EwfVerifyIngestModule.process.errProcImg=Error processing {0}
-EwfVerifyIngestModule.process.skipNonEwf=Skipping non-disk image data source {0}
-EwfVerifyIngestModule.process.noStoredHash=Image {0} does not have stored hash.
-EwfVerifyIngestModule.process.startingImg=Starting {0}
-EwfVerifyIngestModule.process.errGetSizeOfImg=Error getting size of {0}. Image will not be processed.
-EwfVerifyIngestModule.process.errReadImgAtChunk=Error reading {0} at chunk {1}
-EwfVerifyIngestModule.shutDown.verified=\ verified
-EwfVerifyIngestModule.shutDown.notVerified=\ not verified
-EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>Data Source Verification Results for {0}</p>
-EwfVerifyIngestModule.shutDown.resultLi=<li>Result\:{0}</li>
-EwfVerifyIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0}</li>
-EwfVerifyIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0}</li>
+DataSourceIntegrityModuleFactory.moduleName.text=Data Source Integrity
+DataSourceIntegrityModuleFactory.moduleDesc.text=Calculates and validates hashes of data sources.
+DataSourceIntegrityIngestModule.process.errProcImg=Error processing {0}
+DataSourceIntegrityIngestModule.process.skipNonEwf=Skipping non-disk image data source {0}
+DataSourceIntegrityIngestModule.process.noStoredHash=Image {0} does not have stored hash.
+DataSourceIntegrityIngestModule.process.startingImg=Starting {0}
+DataSourceIntegrityIngestModule.process.errGetSizeOfImg=Error getting size of {0}. Image will not be processed.
+DataSourceIntegrityIngestModule.process.errReadImgAtChunk=Error reading {0} at chunk {1}
+DataSourceIntegrityIngestModule.shutDown.verified=\ verified 
+DataSourceIntegrityIngestModule.shutDown.notVerified=\ not verified 
+DataSourceIntegrityIngestModule.shutDown.verifyResultsHeader=<p>Data Source Verification Results for {0} </p>
+DataSourceIntegrityIngestModule.shutDown.resultLi=<li>Result\:{0} </li>
+DataSourceIntegrityIngestModule.shutDown.calcHashLi=<li>Calculated hash\: {0} </li>
+DataSourceIntegrityIngestModule.shutDown.storedHashLi=<li>Stored hash\: {0} </li>
 DataSourceIntegrityIngestSettingsPanel.computeHashesCheckbox.text=Calculate data source hashes if none are present
 DataSourceIntegrityIngestSettingsPanel.jLabel1.text=Note that this module will not run on logical files
 DataSourceIntegrityIngestSettingsPanel.jLabel3.text=Ingest Settings
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle_ja.properties b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle_ja.properties
index 1bd226b8db..e0028e2703 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle_ja.properties
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/Bundle_ja.properties
@@ -1,15 +1,15 @@
 OpenIDE-Module-Name=EWFVerify
-EwfVerifyIngestModule.process.errProcImg={0}\u3092\u51e6\u7406\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f
-EwfVerifyIngestModule.moduleName.text=E01\u8a8d\u8a3c\u30c4\u30fc\u30eb
-EwfVerifyIngestModule.moduleDesc.text=E01\u30d5\u30a1\u30a4\u30eb\u306e\u6574\u5408\u6027\u3092\u8a8d\u8a3c\u3057\u307e\u3059\u3002
-EwfVerifyIngestModule.process.skipNonEwf=E01\u30a4\u30e1\u30fc\u30b8\u3067\u306f\u306a\u3044{0}\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u3066\u3044\u307e\u3059
-EwfVerifyIngestModule.process.noStoredHash=\u30a4\u30e1\u30fc\u30b8{0}\u306f\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u30cf\u30c3\u30b7\u30e5\u304c\u3042\u308a\u307e\u305b\u3093\u3002
-EwfVerifyIngestModule.process.startingImg={0}\u3092\u958b\u59cb\u4e2d
-EwfVerifyIngestModule.process.errGetSizeOfImg={0}\u306e\u30b5\u30a4\u30ba\u306e\u53d6\u5f97\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f\u3002\u30a4\u30e1\u30fc\u30b8\u306f\u51e6\u7406\u3055\u308c\u307e\u305b\u3093\u3002
-EwfVerifyIngestModule.process.errReadImgAtChunk={0}\u306e\u30c1\u30e3\u30f3\u30af{1}\u306e\u8aad\u307f\u53d6\u308a\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f
-EwfVerifyIngestModule.shutDown.calcHashLi=<li>\u8a08\u7b97\u3055\u308c\u305f\u30cf\u30c3\u30b7\u30e5\u5024\uff1a{0}</li>
-EwfVerifyIngestModule.shutDown.notVerified=\u8a8d\u8a3c\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f
-EwfVerifyIngestModule.shutDown.resultLi=<li>\u7d50\u679c\uff1a{0}</li>
-EwfVerifyIngestModule.shutDown.storedHashLi=<li>\u4fdd\u5b58\u3055\u308c\u305f\u30cf\u30c3\u30b7\u30e5\uff1a {0}</li>
-EwfVerifyIngestModule.shutDown.verifyResultsHeader=<p>{0}\u306eEWF\u30d9\u30ea\u30d5\u30a3\u30b1\u30fc\u30b7\u30e7\u30f3\u7d50\u679c</p>
-EwfVerifyIngestModule.shutDown.verified=\u8a8d\u8a3c\u3055\u308c\u307e\u3057\u305f
\ No newline at end of file
+DataSourceIntegrityIngestModule.process.errProcImg={0}\u3092\u51e6\u7406\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f
+DataSourceIntegrityModuleFactory.moduleName.text=E01\u8a8d\u8a3c\u30c4\u30fc\u30eb
+DataSourceIntegrityModuleFactory.moduleDesc.text=E01\u30d5\u30a1\u30a4\u30eb\u306e\u6574\u5408\u6027\u3092\u8a8d\u8a3c\u3057\u307e\u3059\u3002
+DataSourceIntegrityIngestModule.process.skipNonEwf=E01\u30a4\u30e1\u30fc\u30b8\u3067\u306f\u306a\u3044{0}\u3092\u30b9\u30ad\u30c3\u30d7\u3057\u3066\u3044\u307e\u3059
+DataSourceIntegrityIngestModule.process.noStoredHash=\u30a4\u30e1\u30fc\u30b8{0}\u306f\u4fdd\u5b58\u3055\u308c\u3066\u3044\u308b\u30cf\u30c3\u30b7\u30e5\u304c\u3042\u308a\u307e\u305b\u3093\u3002
+DataSourceIntegrityIngestModule.process.startingImg={0}\u3092\u958b\u59cb\u4e2d
+DataSourceIntegrityIngestModule.process.errGetSizeOfImg={0}\u306e\u30b5\u30a4\u30ba\u306e\u53d6\u5f97\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f\u3002\u30a4\u30e1\u30fc\u30b8\u306f\u51e6\u7406\u3055\u308c\u307e\u305b\u3093\u3002
+DataSourceIntegrityIngestModule.process.errReadImgAtChunk={0}\u306e\u30c1\u30e3\u30f3\u30af{1}\u306e\u8aad\u307f\u53d6\u308a\u4e2d\u306b\u30a8\u30e9\u30fc\u304c\u767a\u751f\u3057\u307e\u3057\u305f
+DataSourceIntegrityIngestModule.shutDown.calcHashLi=<li>\u8a08\u7b97\u3055\u308c\u305f\u30cf\u30c3\u30b7\u30e5\u5024\uff1a{0}</li>
+DataSourceIntegrityIngestModule.shutDown.notVerified=\u8a8d\u8a3c\u3067\u304d\u307e\u305b\u3093\u3067\u3057\u305f
+DataSourceIntegrityIngestModule.shutDown.resultLi=<li>\u7d50\u679c\uff1a{0}</li>
+DataSourceIntegrityIngestModule.shutDown.storedHashLi=<li>\u4fdd\u5b58\u3055\u308c\u305f\u30cf\u30c3\u30b7\u30e5\uff1a {0}</li>
+DataSourceIntegrityIngestModule.shutDown.verifyResultsHeader=<p>{0}\u306eEWF\u30d9\u30ea\u30d5\u30a3\u30b1\u30fc\u30b7\u30e7\u30f3\u7d50\u679c</p>
+EwfVerifyIDataSourceIntegrityIngestModulengestModule.shutDown.verified=\u8a8d\u8a3c\u3055\u308c\u307e\u3057\u305f
\ No newline at end of file
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
index 4432b327e4..21dcf95d65 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@@ -82,17 +82,17 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
         "# {0} - hashName",
         "DataSourceIntegrityIngestModule.process.hashAlgorithmError=Error creating message digest for {0} algorithm",
         "# {0} - hashName",
-        "DataSourceIntegrityIngestModule.process.hashMatch=<li>{0} hash verified</li>",
+        "DataSourceIntegrityIngestModule.process.hashMatch=<li>{0} hash verified </li>",
         "# {0} - hashName",
-        "DataSourceIntegrityIngestModule.process.hashNonMatch=<li>{0} hash not verified</li>",
+        "DataSourceIntegrityIngestModule.process.hashNonMatch=<li>{0} hash not verified </li>",
         "# {0} - calculatedHashValue",
         "# {1} - storedHashValue",
-        "DataSourceIntegrityIngestModule.process.hashList=<ul><li>Calculated hash: {0}</li><li>Stored hash: {1}</li></ul>",
+        "DataSourceIntegrityIngestModule.process.hashList=<ul><li>Calculated hash: {0} </li><li>Stored hash: {1} </li></ul>",
         "# {0} - hashName",
         "# {1} - calculatedHashValue",
-        "DataSourceIntegrityIngestModule.process.calcHashWithType=<li>Calculated {0} hash: {1}</li>",
+        "DataSourceIntegrityIngestModule.process.calcHashWithType=<li>Calculated {0} hash: {1} </li>",
         "# {0} - imageName",
-        "DataSourceIntegrityIngestModule.process.calculateHashDone=<p>Data Source Hash Calculation Results for {0}</p>", 
+        "DataSourceIntegrityIngestModule.process.calculateHashDone=<p>Data Source Hash Calculation Results for {0} </p>", 
         "DataSourceIntegrityIngestModule.process.hashesCalculated= hashes calculated", 
         "# {0} - imageName",
         "DataSourceIntegrityIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
@@ -108,7 +108,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             logger.log(Level.INFO, "Skipping non-image {0}", imgName); //NON-NLS
             services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(),
                     NbBundle.getMessage(this.getClass(),
-                            "EwfVerifyIngestModule.process.skipNonEwf",
+                            "DataSourceIntegrityIngestModule.process.skipNonEwf",
                             imgName)));
             return ProcessResult.OK;
         }
@@ -120,7 +120,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             logger.log(Level.WARNING, "Size of image {0} was 0 when queried.", imgName); //NON-NLS
             services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(),
                     NbBundle.getMessage(this.getClass(),
-                            "EwfVerifyIngestModule.process.errGetSizeOfImg",
+                            "DataSourceIntegrityIngestModule.process.errGetSizeOfImg",
                             imgName)));
         }
         
@@ -204,7 +204,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
         }
         services.postMessage(IngestMessage.createMessage(MessageType.INFO, DataSourceIntegrityModuleFactory.getModuleName(),
         NbBundle.getMessage(this.getClass(),
-                "EwfVerifyIngestModule.process.startingImg",
+                "DataSourceIntegrityIngestModule.process.startingImg",
                 imgName)));
         
         // Set up the progress bar
@@ -221,7 +221,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
                 read = img.read(data, i * chunkSize, chunkSize);
             } catch (TskCoreException ex) {
                 String msg = NbBundle.getMessage(this.getClass(),
-                        "EwfVerifyIngestModule.process.errReadImgAtChunk", imgName, i);
+                        "DataSourceIntegrityIngestModule.process.errReadImgAtChunk", imgName, i);
                 services.postMessage(IngestMessage.createMessage(MessageType.ERROR, DataSourceIntegrityModuleFactory.getModuleName(), msg));
                 logger.log(Level.SEVERE, msg, ex);
                 return ProcessResult.ERROR;
@@ -251,7 +251,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             // Check that each hash matches
             boolean verified = true;
             String detailedResults = NbBundle
-                .getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verifyResultsHeader", imgName);
+                .getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.verifyResultsHeader", imgName);
             String hashResults = "";
             
             for (HashData hashData:hashDataList) {
@@ -268,13 +268,13 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             MessageType messageType;
             if (verified) {
                 messageType = MessageType.INFO;
-                verificationResultStr = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.verified");
+                verificationResultStr = NbBundle.getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.verified");
             } else {
                 messageType = MessageType.WARNING;
-                verificationResultStr = NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.notVerified");
+                verificationResultStr = NbBundle.getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.notVerified");
             }
             
-            detailedResults += NbBundle.getMessage(this.getClass(), "EwfVerifyIngestModule.shutDown.resultLi", verificationResultStr);
+            detailedResults += NbBundle.getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.resultLi", verificationResultStr);
             detailedResults += hashResults;
 
             services.postMessage(IngestMessage.createMessage(messageType, DataSourceIntegrityModuleFactory.getModuleName(), 
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
index 706861207c..30e3b11b05 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestSettingsPanel.java
@@ -28,7 +28,7 @@ import org.sleuthkit.autopsy.ingest.IngestModuleIngestJobSettingsPanel;
 final class DataSourceIntegrityIngestSettingsPanel extends IngestModuleIngestJobSettingsPanel {
 
     /**
-     * Creates new form IngestSettingsPanel
+     * Creates new form DataSourceIntegrityIngestSettingsPanel
      */
     public DataSourceIntegrityIngestSettingsPanel(DataSourceIntegrityIngestSettings settings) {
         initComponents();
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
index cb32d2788b..0773672e2b 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityModuleFactory.java
@@ -1,7 +1,7 @@
 /*
  * Autopsy Forensic Browser
  *
- * Copyright 2014 Basis Technology Corp.
+ * Copyright 2014-2018 Basis Technology Corp.
  * Contact: carrier <at> sleuthkit <dot> org
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -37,7 +37,7 @@ public class DataSourceIntegrityModuleFactory extends IngestModuleFactoryAdapter
 
     static String getModuleName() {
         return NbBundle.getMessage(DataSourceIntegrityIngestModule.class,
-                "EwfVerifyIngestModule.moduleName.text");
+                "DataSourceIntegrityModuleFactory.moduleName.text");
     }
 
     @Override
@@ -48,7 +48,7 @@ public class DataSourceIntegrityModuleFactory extends IngestModuleFactoryAdapter
     @Override
     public String getModuleDescription() {
         return NbBundle.getMessage(DataSourceIntegrityIngestModule.class,
-                "EwfVerifyIngestModule.moduleDesc.text");
+                "DataSourceIntegrityModuleFactory.moduleDesc.text");
     }
 
     @Override

From d0fbff0f8f104d8bf1938576a448e87f0da35989 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Tue, 4 Dec 2018 09:59:27 -0500
Subject: [PATCH 58/70] Took out test lines.

---
 .../autopsy/modules/exif/ExifParserFileIngestModule.java    | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index 3b6de236bc..a43c1e8f1e 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -196,23 +196,17 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
             if (devDir != null) {
                 String model = devDir.getString(ExifIFD0Directory.TAG_MODEL);
                 if (model != null) {
-                    int testSize = model.length(); //DLG:
                     model = model.trim();
                     if (!model.isEmpty()) {
                         attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, ExifParserModuleFactory.getModuleName(), model));
-                    } else if (testSize > 0) {
-                        System.out.println(); //DLG: Put breakpoint here!
                     }
                 }
 
                 String make = devDir.getString(ExifIFD0Directory.TAG_MAKE);
                 if (make != null) {
-                    int testSize = make.length(); //DLG:
                     make = make.trim();
                     if (!make.isEmpty()) {
                         attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, ExifParserModuleFactory.getModuleName(), make));
-                    }else if (testSize > 0) {
-                        System.out.println(); //DLG: Put breakpoint here!
                     }
                 }
             }

From 5deef17322c7f6dc615187d35ce641641314c78a Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Tue, 4 Dec 2018 10:21:32 -0500
Subject: [PATCH 59/70] New device info icon

---
 .../autopsy/datamodel/ExtractedContent.java       |   2 +-
 Core/src/org/sleuthkit/autopsy/images/devices.png | Bin 0 -> 342 bytes
 .../org/sleuthkit/autopsy/report/ReportHTML.java  |  10 +++++-----
 3 files changed, 6 insertions(+), 6 deletions(-)
 create mode 100644 Core/src/org/sleuthkit/autopsy/images/devices.png

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
index cd5c93e954..5f7f5b9d1c 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@@ -165,7 +165,7 @@ public class ExtractedContent implements AutopsyVisitableItem {
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_BLUETOOTH_ADAPTER.getTypeID()) {
             return filePath + "Bluetooth.png"; //NON-NLS
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID()) {
-            return filePath + "phone.png"; //NON-NLS
+            return filePath + "devices.png"; //NON-NLS
         }
         return filePath + "artifact-icon.png"; //NON-NLS
     }
diff --git a/Core/src/org/sleuthkit/autopsy/images/devices.png b/Core/src/org/sleuthkit/autopsy/images/devices.png
new file mode 100644
index 0000000000000000000000000000000000000000..bcb132a1a87fa8ea9f6f92eb38f0d9a2dd329ffa
GIT binary patch
literal 342
zcmeAS@N?(olHy`uVBq!ia0vp^0wB!61|;P_|4#%`oCO|{#S9GG!XV7ZFl&wkP>{XE
z)7O>#5f2NWw&YQNp*uh!+02lL66gHf+|;}hAeVu`xhOTUBsE2$JhLQ2!QIn0AVn{g
z9VmXr)5S5w;&k$#|NrfqcYYQ&Wn*ib&9kHN*U7y`+c$U`C}!L33~ytU?&aSguwiB+
z5IBZBnBi3QD{f6uPnuu<|Hqd!^eQGe2K^AQ+bkVXaB{=ueXZH^EQ{6JYO1QNn3<WK
znHSHz{P_Q5YeU{2Up`76eid5W$;I5Zzg|*e#>|T;|BN4Rk-aJE!^0C{GMQn9ga(Ta
z4-o8pIzwpBoOp>TOFNAnWM{Lm|Mq4DI&Cfs?}4c<g{m^QS{UsZd=0J?GHx?*Jkh|$
cv@Vl@;ra)Qp0KSO_JKU?>FVdQ&MBb@06eL7$^ZZW

literal 0
HcmV?d00001

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
index abce289459..5f3eaa470f 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
@@ -272,19 +272,19 @@ class ReportHTML implements TableReportModule {
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/accounts.png"); //NON-NLS
                     break;
                 case TSK_WIFI_NETWORK:
-                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/network-wifi.png"); //NON-NLS
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/network-wifi.png"); //NON-NLS
                     break;
                 case TSK_WIFI_NETWORK_ADAPTER:
-                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/network-wifi.png"); //NON-NLS
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/network-wifi.png"); //NON-NLS
                     break;
                 case TSK_SIM_ATTACHED:
-                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/sim_card.png"); //NON-NLS
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/sim_card.png"); //NON-NLS
                     break;
                 case TSK_BLUETOOTH_ADAPTER:
-                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/Bluetooth.png"); //NON-NLS
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/Bluetooth.png"); //NON-NLS
                     break;
                 case TSK_DEVICE_INFO:
-                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/phone.png"); //NON-NLS
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/devices.png"); //NON-NLS
                     break;
                 default:
                     logger.log(Level.WARNING, "useDataTypeIcon: unhandled artifact type = {0}", dataType); //NON-NLS

From ebc394cc04a12311efccdebabeebbc45447d0bde Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Tue, 4 Dec 2018 11:11:55 -0500
Subject: [PATCH 60/70] Change CR ingest module name back temporarily

---
 ...{CentralRepoIngestModule.java => IngestModule.java} | 10 +++++-----
 ...gestModuleFactory.java => IngestModuleFactory.java} |  6 +++---
 .../centralrepository/ingestmodule/IngestSettings.java |  2 +-
 .../autopsy/commonfilesearch/CommonAttributePanel.java |  4 ++--
 .../autopsy/ingest/IngestModuleFactoryLoader.java      |  4 ++--
 .../autopsy/commonfilessearch/InterCaseTestUtils.java  |  4 ++--
 6 files changed, 15 insertions(+), 15 deletions(-)
 rename Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/{CentralRepoIngestModule.java => IngestModule.java} (97%)
 rename Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/{CentralRepoIngestModuleFactory.java => IngestModuleFactory.java} (94%)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
similarity index 97%
rename from Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
rename to Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
index 261af7373f..bb1653b0ce 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
@@ -58,11 +58,11 @@ import org.sleuthkit.autopsy.healthmonitor.TimingMetric;
  */
 @Messages({"CentralRepoIngestModule.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
     "CentralRepoIngestModule.prevCaseComment.text=Previous Case: "})
-final class CentralRepoIngestModule implements FileIngestModule {
+final class IngestModule implements FileIngestModule {
 
     static final boolean DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS = true;
 
-    private final static Logger logger = Logger.getLogger(CentralRepoIngestModule.class.getName());
+    private final static Logger logger = Logger.getLogger(IngestModule.class.getName());
     private final IngestServices services = IngestServices.getInstance();
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
     private static final IngestModuleReferenceCounter warningMsgRefCounter = new IngestModuleReferenceCounter();
@@ -78,7 +78,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
      *
      * @param settings The ingest settings for the module instance.
      */
-    CentralRepoIngestModule(IngestSettings settings) {
+    IngestModule(IngestSettings settings) {
         flagTaggedNotableItems = settings.isFlagTaggedNotableItems();
     }
 
@@ -317,7 +317,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
     private void postCorrelatedBadFileToBlackboard(AbstractFile abstractFile, List<String> caseDisplayNames) {
 
         try {
-            String MODULE_NAME = CentralRepoIngestModuleFactory.getModuleName();
+            String MODULE_NAME = IngestModuleFactory.getModuleName();
             BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
             BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
                     Bundle.CentralRepoIngestModule_prevTaggedSet_text());
@@ -389,7 +389,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
 
         detailsSb.append("</table>"); //NON-NLS
 
-        services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(),
+        services.postMessage(IngestMessage.createDataMessage(IngestModuleFactory.getModuleName(),
                 Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name),
                 detailsSb.toString(),
                 name + md5Hash,
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
similarity index 94%
rename from Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
rename to Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
index 078c3a5ac9..8d3654384f 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
@@ -35,7 +35,7 @@ import org.sleuthkit.autopsy.ingest.NoIngestModuleIngestJobSettings;
 @ServiceProvider(service = org.sleuthkit.autopsy.ingest.IngestModuleFactory.class)
 @NbBundle.Messages({"CentralRepoIngestModuleFactory.ingestmodule.name=Correlation Engine",
                     "CentralRepoIngestModuleFactory.ingestmodule.desc=Saves properties to the central repository for later correlation"})
-public class CentralRepoIngestModuleFactory extends IngestModuleFactoryAdapter {
+public class IngestModuleFactory extends IngestModuleFactoryAdapter {
 
     /**
      * Get the name of the module.
@@ -69,13 +69,13 @@ public class CentralRepoIngestModuleFactory extends IngestModuleFactoryAdapter {
     @Override
     public FileIngestModule createFileIngestModule(IngestModuleIngestJobSettings settings) {
         if (settings instanceof IngestSettings) {
-            return new CentralRepoIngestModule((IngestSettings) settings);
+            return new IngestModule((IngestSettings) settings);
         }
         /*
          * Compatibility check for older versions.
          */
         if (settings instanceof NoIngestModuleIngestJobSettings) {
-            return new CentralRepoIngestModule(new IngestSettings());
+            return new IngestModule(new IngestSettings());
         }
         
         throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
index e591ad5a7e..32ab9e9f2d 100755
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
@@ -33,7 +33,7 @@ final class IngestSettings implements IngestModuleIngestJobSettings {
      * Instantiate the ingest job settings with default values.
      */
     IngestSettings() {
-        this.flagTaggedNotableItems = CentralRepoIngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
+        this.flagTaggedNotableItems = IngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
     }
 
     /**
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
index 1b59598d55..f73eaf020f 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
@@ -48,7 +48,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
-import org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory;
+import org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataResultViewer;
 import org.sleuthkit.autopsy.corecomponents.DataResultTopComponent;
 import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
@@ -706,7 +706,7 @@ final class CommonAttributePanel extends javax.swing.JDialog implements Observer
                 }
                 //if the eamdb is enabled and an instance is able to be retrieved check if each data source has been processed into the cr 
                 HashMap<DataSource, CorrelatedStatus> dataSourceCorrelationMap = new HashMap<>(); //keep track of the status of all data sources that have been ingested
-                String correlationEngineModuleName = CentralRepoIngestModuleFactory.getModuleName();
+                String correlationEngineModuleName = IngestModuleFactory.getModuleName();
                 SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
                 List<CorrelationDataSource> correlatedDataSources = EamDb.getInstance().getDataSources();
                 List<IngestJobInfo> ingestJobs = skCase.getIngestJobs();
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
index 3001036693..0611fdefd5 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
@@ -39,7 +39,7 @@ import org.sleuthkit.autopsy.modules.interestingitems.InterestingItemsIngestModu
 import org.sleuthkit.autopsy.modules.photoreccarver.PhotoRecCarverIngestModuleFactory;
 import org.sleuthkit.autopsy.modules.embeddedfileextractor.EmbeddedFileExtractorModuleFactory;
 import org.sleuthkit.autopsy.modules.encryptiondetection.EncryptionDetectionModuleFactory;
-import org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory;
+//import org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory;
 import org.sleuthkit.autopsy.modules.vmextractor.VMExtractorIngestModuleFactory;
 import org.sleuthkit.autopsy.python.JythonModuleLoader;
 
@@ -64,7 +64,7 @@ final class IngestModuleFactoryLoader {
             add("org.sleuthkit.autopsy.thunderbirdparser.EmailParserModuleFactory"); //NON-NLS
             add(EncryptionDetectionModuleFactory.class.getCanonicalName());
             add(InterestingItemsIngestModuleFactory.class.getCanonicalName());
-            add(CentralRepoIngestModuleFactory.class.getCanonicalName());
+            //add(IngestModuleFactory.class.getCanonicalName());
             add(PhotoRecCarverIngestModuleFactory.class.getCanonicalName());
             add(VMExtractorIngestModuleFactory.class.getCanonicalName());
             add(DataSourceIntegrityModuleFactory.class.getCanonicalName());
diff --git a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
index eac3ffd3d2..e2857baad7 100644
--- a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
+++ b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
@@ -184,7 +184,7 @@ class InterCaseTestUtils {
         final IngestModuleTemplate vmExtractorTemplate = IngestUtils.getIngestModuleTemplate(new VMExtractorIngestModuleFactory());
         final IngestModuleTemplate photoRecTemplate = IngestUtils.getIngestModuleTemplate(new PhotoRecCarverIngestModuleFactory());
         final IngestModuleTemplate dataSourceIntegrityTemplate = IngestUtils.getIngestModuleTemplate(new DataSourceIntegrityModuleFactory());
-        final IngestModuleTemplate eamDbTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory());
+        final IngestModuleTemplate eamDbTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory());
         final IngestModuleTemplate fileExtMismatchDetectorTemplate = IngestUtils.getIngestModuleTemplate(new FileExtMismatchDetectorModuleFactory());
         //TODO we need to figure out how to get ahold of these objects because they are required for properly filling the CR with test data
 //        final IngestModuleTemplate objectDetectorTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.experimental.objectdetection.ObjectDetectionModuleFactory());
@@ -220,7 +220,7 @@ class InterCaseTestUtils {
         kitchenSink.add(dataSourceIntegrityTemplate);
         kitchenSink.add(eamDbTemplate);
         kitchenSink.add(fileExtMismatchDetectorTemplate);
-        //TODO this list should probably be populated by way of loading the appropriate modules based on finding all of the @ServiceProvider(service = CentralRepoIngestModuleFactory.class) types
+        //TODO this list should probably be populated by way of loading the appropriate modules based on finding all of the @ServiceProvider(service = IngestModuleFactory.class) types
 //        kitchenSink.add(objectDetectorTemplate);
 //        kitchenSink.add(emailParserTemplate);
 //        kitchenSink.add(recentActivityTemplate);

From 80cec70c610c834382604ad73311ae5a738b0dbe Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Tue, 4 Dec 2018 11:21:27 -0500
Subject: [PATCH 61/70] Do CR name change again

---
 ...{IngestModule.java => CentralRepoIngestModule.java} | 10 +++++-----
 ...actory.java => CentralRepoIngestModuleFactory.java} |  6 +++---
 .../centralrepository/ingestmodule/IngestSettings.java |  4 ++--
 .../autopsy/commonfilesearch/CommonAttributePanel.java |  4 ++--
 .../autopsy/ingest/IngestModuleFactoryLoader.java      |  6 +++---
 .../autopsy/commonfilessearch/InterCaseTestUtils.java  |  4 ++--
 6 files changed, 17 insertions(+), 17 deletions(-)
 rename Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/{IngestModule.java => CentralRepoIngestModule.java} (97%)
 rename Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/{IngestModuleFactory.java => CentralRepoIngestModuleFactory.java} (94%)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
similarity index 97%
rename from Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
rename to Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
index 5c8bbf0392..97450a223a 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
@@ -58,12 +58,12 @@ import org.sleuthkit.autopsy.healthmonitor.TimingMetric;
  */
 @Messages({"CentralRepoIngestModule.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
     "CentralRepoIngestModule.prevCaseComment.text=Previous Case: "})
-final class IngestModule implements FileIngestModule {
+final class CentralRepoIngestModule implements FileIngestModule {
 
     static final boolean DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS = true;
     static final boolean DEFAULT_FLAG_PREVIOUS_DEVICES = true;
 
-    private final static Logger logger = Logger.getLogger(IngestModule.class.getName());
+    private final static Logger logger = Logger.getLogger(CentralRepoIngestModule.class.getName());
     private final IngestServices services = IngestServices.getInstance();
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
     private static final IngestModuleReferenceCounter warningMsgRefCounter = new IngestModuleReferenceCounter();
@@ -80,7 +80,7 @@ final class IngestModule implements FileIngestModule {
      *
      * @param settings The ingest settings for the module instance.
      */
-    IngestModule(IngestSettings settings) {
+    CentralRepoIngestModule(IngestSettings settings) {
         flagTaggedNotableItems = settings.isFlagTaggedNotableItems();
         flagPreviouslySeenDevices = settings.isFlagPreviousDevices();
     }
@@ -323,7 +323,7 @@ final class IngestModule implements FileIngestModule {
     private void postCorrelatedBadFileToBlackboard(AbstractFile abstractFile, List<String> caseDisplayNames) {
 
         try {
-            String MODULE_NAME = IngestModuleFactory.getModuleName();
+            String MODULE_NAME = CentralRepoIngestModuleFactory.getModuleName();
             BlackboardArtifact tifArtifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT);
             BlackboardAttribute att = new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME,
                     Bundle.CentralRepoIngestModule_prevTaggedSet_text());
@@ -395,7 +395,7 @@ final class IngestModule implements FileIngestModule {
 
         detailsSb.append("</table>"); //NON-NLS
 
-        services.postMessage(IngestMessage.createDataMessage(IngestModuleFactory.getModuleName(),
+        services.postMessage(IngestMessage.createDataMessage(CentralRepoIngestModuleFactory.getModuleName(),
                 Bundle.CentralRepoIngestModule_postToBB_knownBadMsg(name),
                 detailsSb.toString(),
                 name + md5Hash,
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
similarity index 94%
rename from Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
rename to Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
index 8d3654384f..078c3a5ac9 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestModuleFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModuleFactory.java
@@ -35,7 +35,7 @@ import org.sleuthkit.autopsy.ingest.NoIngestModuleIngestJobSettings;
 @ServiceProvider(service = org.sleuthkit.autopsy.ingest.IngestModuleFactory.class)
 @NbBundle.Messages({"CentralRepoIngestModuleFactory.ingestmodule.name=Correlation Engine",
                     "CentralRepoIngestModuleFactory.ingestmodule.desc=Saves properties to the central repository for later correlation"})
-public class IngestModuleFactory extends IngestModuleFactoryAdapter {
+public class CentralRepoIngestModuleFactory extends IngestModuleFactoryAdapter {
 
     /**
      * Get the name of the module.
@@ -69,13 +69,13 @@ public class IngestModuleFactory extends IngestModuleFactoryAdapter {
     @Override
     public FileIngestModule createFileIngestModule(IngestModuleIngestJobSettings settings) {
         if (settings instanceof IngestSettings) {
-            return new IngestModule((IngestSettings) settings);
+            return new CentralRepoIngestModule((IngestSettings) settings);
         }
         /*
          * Compatibility check for older versions.
          */
         if (settings instanceof NoIngestModuleIngestJobSettings) {
-            return new IngestModule(new IngestSettings());
+            return new CentralRepoIngestModule(new IngestSettings());
         }
         
         throw new IllegalArgumentException("Expected settings argument to be an instance of IngestSettings");
diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
index 5a0580adf4..74ad3537d8 100755
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/IngestSettings.java
@@ -34,8 +34,8 @@ final class IngestSettings implements IngestModuleIngestJobSettings {
      * Instantiate the ingest job settings with default values.
      */
     IngestSettings() {
-        this.flagTaggedNotableItems = IngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
-        this.flagPreviousDevices = IngestModule.DEFAULT_FLAG_PREVIOUS_DEVICES;
+        this.flagTaggedNotableItems = CentralRepoIngestModule.DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS;
+        this.flagPreviousDevices = CentralRepoIngestModule.DEFAULT_FLAG_PREVIOUS_DEVICES;
     }
 
     /**
diff --git a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
index f73eaf020f..1b59598d55 100644
--- a/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
+++ b/Core/src/org/sleuthkit/autopsy/commonfilesearch/CommonAttributePanel.java
@@ -48,7 +48,7 @@ import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationDataSource;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDb;
 import org.sleuthkit.autopsy.centralrepository.datamodel.EamDbException;
-import org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory;
+import org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataResultViewer;
 import org.sleuthkit.autopsy.corecomponents.DataResultTopComponent;
 import org.sleuthkit.autopsy.corecomponents.DataResultViewerTable;
@@ -706,7 +706,7 @@ final class CommonAttributePanel extends javax.swing.JDialog implements Observer
                 }
                 //if the eamdb is enabled and an instance is able to be retrieved check if each data source has been processed into the cr 
                 HashMap<DataSource, CorrelatedStatus> dataSourceCorrelationMap = new HashMap<>(); //keep track of the status of all data sources that have been ingested
-                String correlationEngineModuleName = IngestModuleFactory.getModuleName();
+                String correlationEngineModuleName = CentralRepoIngestModuleFactory.getModuleName();
                 SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
                 List<CorrelationDataSource> correlatedDataSources = EamDb.getInstance().getDataSources();
                 List<IngestJobInfo> ingestJobs = skCase.getIngestJobs();
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
index 0611fdefd5..672ffd6807 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestModuleFactoryLoader.java
@@ -39,7 +39,7 @@ import org.sleuthkit.autopsy.modules.interestingitems.InterestingItemsIngestModu
 import org.sleuthkit.autopsy.modules.photoreccarver.PhotoRecCarverIngestModuleFactory;
 import org.sleuthkit.autopsy.modules.embeddedfileextractor.EmbeddedFileExtractorModuleFactory;
 import org.sleuthkit.autopsy.modules.encryptiondetection.EncryptionDetectionModuleFactory;
-//import org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory;
+import org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory;
 import org.sleuthkit.autopsy.modules.vmextractor.VMExtractorIngestModuleFactory;
 import org.sleuthkit.autopsy.python.JythonModuleLoader;
 
@@ -64,7 +64,7 @@ final class IngestModuleFactoryLoader {
             add("org.sleuthkit.autopsy.thunderbirdparser.EmailParserModuleFactory"); //NON-NLS
             add(EncryptionDetectionModuleFactory.class.getCanonicalName());
             add(InterestingItemsIngestModuleFactory.class.getCanonicalName());
-            //add(IngestModuleFactory.class.getCanonicalName());
+            add(CentralRepoIngestModuleFactory.class.getCanonicalName());
             add(PhotoRecCarverIngestModuleFactory.class.getCanonicalName());
             add(VMExtractorIngestModuleFactory.class.getCanonicalName());
             add(DataSourceIntegrityModuleFactory.class.getCanonicalName());
@@ -79,7 +79,7 @@ final class IngestModuleFactoryLoader {
      * removed between invocations.
      *
      * @return A list of objects that implement the IngestModuleFactory
-     *         interface.
+     *    interface.
      */
     static List<IngestModuleFactory> getIngestModuleFactories() {
         // A hash set of display names and a hash map of class names to 
diff --git a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
index e2857baad7..eac3ffd3d2 100644
--- a/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
+++ b/Core/test/qa-functional/src/org/sleuthkit/autopsy/commonfilessearch/InterCaseTestUtils.java
@@ -184,7 +184,7 @@ class InterCaseTestUtils {
         final IngestModuleTemplate vmExtractorTemplate = IngestUtils.getIngestModuleTemplate(new VMExtractorIngestModuleFactory());
         final IngestModuleTemplate photoRecTemplate = IngestUtils.getIngestModuleTemplate(new PhotoRecCarverIngestModuleFactory());
         final IngestModuleTemplate dataSourceIntegrityTemplate = IngestUtils.getIngestModuleTemplate(new DataSourceIntegrityModuleFactory());
-        final IngestModuleTemplate eamDbTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.centralrepository.ingestmodule.IngestModuleFactory());
+        final IngestModuleTemplate eamDbTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.centralrepository.ingestmodule.CentralRepoIngestModuleFactory());
         final IngestModuleTemplate fileExtMismatchDetectorTemplate = IngestUtils.getIngestModuleTemplate(new FileExtMismatchDetectorModuleFactory());
         //TODO we need to figure out how to get ahold of these objects because they are required for properly filling the CR with test data
 //        final IngestModuleTemplate objectDetectorTemplate = IngestUtils.getIngestModuleTemplate(new org.sleuthkit.autopsy.experimental.objectdetection.ObjectDetectionModuleFactory());
@@ -220,7 +220,7 @@ class InterCaseTestUtils {
         kitchenSink.add(dataSourceIntegrityTemplate);
         kitchenSink.add(eamDbTemplate);
         kitchenSink.add(fileExtMismatchDetectorTemplate);
-        //TODO this list should probably be populated by way of loading the appropriate modules based on finding all of the @ServiceProvider(service = IngestModuleFactory.class) types
+        //TODO this list should probably be populated by way of loading the appropriate modules based on finding all of the @ServiceProvider(service = CentralRepoIngestModuleFactory.class) types
 //        kitchenSink.add(objectDetectorTemplate);
 //        kitchenSink.add(emailParserTemplate);
 //        kitchenSink.add(recentActivityTemplate);

From 683925bd1e77fb6c7e725095284651bcc368ff82 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dgrove" <dgrove@WIN-DGROV-4999.basistech.net>
Date: Tue, 4 Dec 2018 13:52:55 -0500
Subject: [PATCH 62/70] Using StringUtils.

---
 .../modules/exif/ExifParserFileIngestModule.java  | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
index a43c1e8f1e..b025a6fd60 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/exif/ExifParserFileIngestModule.java
@@ -37,6 +37,7 @@ import java.util.List;
 import java.util.TimeZone;
 import java.util.concurrent.atomic.AtomicInteger;
 import java.util.logging.Level;
+import org.apache.commons.lang3.StringUtils;
 import org.openide.util.NbBundle;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -195,19 +196,13 @@ public final class ExifParserFileIngestModule implements FileIngestModule {
             ExifIFD0Directory devDir = metadata.getFirstDirectoryOfType(ExifIFD0Directory.class);
             if (devDir != null) {
                 String model = devDir.getString(ExifIFD0Directory.TAG_MODEL);
-                if (model != null) {
-                    model = model.trim();
-                    if (!model.isEmpty()) {
-                        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, ExifParserModuleFactory.getModuleName(), model));
-                    }
+                if (StringUtils.isNotBlank(model)) {
+                    attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MODEL, ExifParserModuleFactory.getModuleName(), model));
                 }
 
                 String make = devDir.getString(ExifIFD0Directory.TAG_MAKE);
-                if (make != null) {
-                    make = make.trim();
-                    if (!make.isEmpty()) {
-                        attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, ExifParserModuleFactory.getModuleName(), make));
-                    }
+                if (StringUtils.isNotBlank(make)) {
+                    attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DEVICE_MAKE, ExifParserModuleFactory.getModuleName(), make));
                 }
             }
 

From d8c3f9f7cf13b9e3a2e9afe8a7290f858da5a813 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Tue, 4 Dec 2018 15:07:21 -0500
Subject: [PATCH 63/70] 4380 add examples and error messages for new
 correlation attr types

---
 .../OtherCasesSearchDialog.java               | 99 +++++++++++++------
 1 file changed, 68 insertions(+), 31 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java b/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java
index 6fe9ec8ce3..4320290ba8 100755
--- a/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java
+++ b/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java
@@ -56,19 +56,25 @@ import org.sleuthkit.autopsy.datamodel.EmptyNode;
     "OtherCasesSearchDialog.validation.invalidEmail=The supplied value is not a valid e-mail address.",
     "OtherCasesSearchDialog.validation.invalidDomain=The supplied value is not a valid domain.",
     "OtherCasesSearchDialog.validation.invalidPhone=The supplied value is not a valid phone number.",
+    "OtherCasesSearchDialog.validation.invalidSsid=The supplied value is not a valid wireless network.",
+    "OtherCasesSearchDialog.validation.invalidMac=The supplied value is not a valid MAC address.",
+    "OtherCasesSearchDialog.validation.invalidImei=The supplied value is not a valid IMEI number.",
+    "OtherCasesSearchDialog.validation.invalidImsi=The supplied value is not a valid IMSI number.",
+    "OtherCasesSearchDialog.validation.invalidIccid=The supplied value is not a valid ICCID number.",
     "OtherCasesSearchDialog.validation.genericMessage=The supplied value is not valid.",
     "# {0} - number of cases",
     "OtherCasesSearchDialog.caseLabel.text=The current Central Repository contains {0} case(s)."
 })
 /**
- * The Search Other Cases dialog allows users to search for specific
- * types of correlation properties in the Central Repository.
+ * The Search Other Cases dialog allows users to search for specific types of
+ * correlation properties in the Central Repository.
  */
 @SuppressWarnings("PMD.SingularField") // UI widgets cause lots of false positives
 final class OtherCasesSearchDialog extends javax.swing.JDialog {
+
     private static final Logger logger = Logger.getLogger(OtherCasesSearchDialog.class.getName());
     private static final long serialVersionUID = 1L;
-    
+
     private final List<CorrelationAttributeInstance.Type> correlationTypes;
     private CorrelationAttributeInstance.Type selectedCorrelationType;
     private TextPrompt correlationValueTextFieldPrompt;
@@ -82,20 +88,20 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
         initComponents();
         customizeComponents();
     }
-    
+
     /**
      * Perform the other cases search.
-     * 
-     * @param type The correlation type.
+     *
+     * @param type  The correlation type.
      * @param value The value to be matched.
      */
     private void search(CorrelationAttributeInstance.Type type, String value) {
         new SwingWorker<List<CorrelationAttributeInstance>, Void>() {
-            
+
             @Override
             protected List<CorrelationAttributeInstance> doInBackground() {
                 List<CorrelationAttributeInstance> correlationInstances = new ArrayList<>();
-                
+
                 try {
                     correlationInstances = EamDb.getInstance().getArtifactInstancesByTypeValue(type, value);
                 } catch (EamDbException ex) {
@@ -115,10 +121,10 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
                     DataResultViewerTable table = new DataResultViewerTable();
                     Collection<DataResultViewer> viewers = new ArrayList<>(1);
                     viewers.add(table);
-                    
+
                     OtherCasesSearchNode searchNode = new OtherCasesSearchNode(correlationInstances);
                     TableFilterNode tableFilterNode = new TableFilterNode(searchNode, true, searchNode.getName());
-                    
+
                     String resultsText = String.format("%s (%s; \"%s\")",
                             Bundle.OtherCasesSearchDialog_resultsTitle_text(), type.getDisplayName(), value);
                     final TopComponent searchResultWin;
@@ -235,7 +241,7 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
     private void searchButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_searchButtonActionPerformed
         CorrelationAttributeInstance.Type correlationType = selectedCorrelationType;
         String correlationValue = correlationValueTextField.getText().trim();
-        
+
         if (validateInputs(correlationType, correlationValue)) {
             search(correlationType, correlationValue);
             dispose();
@@ -254,23 +260,38 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
                 case CorrelationAttributeInstance.PHONE_TYPE_ID:
                     validationMessage = Bundle.OtherCasesSearchDialog_validation_invalidPhone();
                     break;
+                case CorrelationAttributeInstance.SSID_TYPE_ID:
+                    validationMessage = Bundle.OtherCasesSearchDialog_validation_invalidSsid();
+                    break;
+                case CorrelationAttributeInstance.MAC_TYPE_ID:
+                    validationMessage = Bundle.OtherCasesSearchDialog_validation_invalidMac();
+                    break;
+                case CorrelationAttributeInstance.IMEI_TYPE_ID:
+                    validationMessage = Bundle.OtherCasesSearchDialog_validation_invalidImei();
+                    break;
+                case CorrelationAttributeInstance.IMSI_TYPE_ID:
+                    validationMessage = Bundle.OtherCasesSearchDialog_validation_invalidImsi();
+                    break;
+                case CorrelationAttributeInstance.ICCID_TYPE_ID:
+                    validationMessage = Bundle.OtherCasesSearchDialog_validation_invalidIccid();
+                    break;
                 default:
                     validationMessage = Bundle.OtherCasesSearchDialog_validation_genericMessage();
                     break;
-                    
+
             }
             errorLabel.setText(validationMessage);
             searchButton.setEnabled(false);
             correlationValueTextField.grabFocus();
         }
     }//GEN-LAST:event_searchButtonActionPerformed
-    
+
     /**
      * Validate the supplied input.
-     * 
-     * @param type The correlation type.
+     *
+     * @param type  The correlation type.
      * @param value The value to be validated.
-     * 
+     *
      * @return True if the input is valid for the given type; otherwise false.
      */
     private boolean validateInputs(CorrelationAttributeInstance.Type type, String value) {
@@ -280,16 +301,16 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
             // No need to log this.
             return false;
         }
-        
+
         return true;
     }
-    
+
     /**
      * Further customize the components beyond the standard initialization.
      */
     private void customizeComponents() {
         searchButton.setEnabled(false);
-        
+
         /*
          * Add correlation types to the combo-box.
          */
@@ -307,7 +328,7 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
             correlationTypeComboBox.addItem(type.getDisplayName());
         }
         correlationTypeComboBox.setSelectedIndex(0);
-        
+
         correlationTypeComboBox.addItemListener(new ItemListener() {
             @Override
             public void itemStateChanged(ItemEvent e) {
@@ -316,9 +337,9 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
                 updateSearchButton();
             }
         });
-        
+
         updateSelectedType();
-        
+
         /*
          * Create listener for text input.
          */
@@ -338,17 +359,21 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
                 updateSearchButton();
             }
         });
-        
+
         updateCorrelationValueTextFieldPrompt();
     }
-    
+
     @Messages({
         "OtherCasesSearchDialog.correlationValueTextField.filesExample=Example: \"f0e1d2c3b4a5968778695a4b3c2d1e0f\"",
         "OtherCasesSearchDialog.correlationValueTextField.domainExample=Example: \"domain.com\"",
         "OtherCasesSearchDialog.correlationValueTextField.emailExample=Example: \"user@host.com\"",
         "OtherCasesSearchDialog.correlationValueTextField.phoneExample=Example: \"(800)123-4567\"",
         "OtherCasesSearchDialog.correlationValueTextField.usbExample=Example: \"4&1234567&0\"",
-        "OtherCasesSearchDialog.correlationValueTextField.ssidExample=Example: \"WirelessNetwork-5G\""
+        "OtherCasesSearchDialog.correlationValueTextField.ssidExample=Example: \"WirelessNetwork-5G\"",
+        "OtherCasesSearchDialog.correlationValueTextField.macExample=Example: \"0C-14-F2-01-AF-45\"",
+        "OtherCasesSearchDialog.correlationValueTextField.imeiExample=Example: \"351756061523999\"",
+        "OtherCasesSearchDialog.correlationValueTextField.imsiExample=Example: \"310150123456789\"",
+        "OtherCasesSearchDialog.correlationValueTextField.iccidExample=Example: \"89 91 19 1299 99 329451 0\""
     })
     /**
      * Update the text prompt of the name text field based on the input type
@@ -359,7 +384,7 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
          * Add text prompt to the text field.
          */
         String text;
-        switch(selectedCorrelationType.getId()) {
+        switch (selectedCorrelationType.getId()) {
             case CorrelationAttributeInstance.FILES_TYPE_ID:
                 text = Bundle.OtherCasesSearchDialog_correlationValueTextField_filesExample();
                 break;
@@ -378,22 +403,34 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
             case CorrelationAttributeInstance.SSID_TYPE_ID:
                 text = Bundle.OtherCasesSearchDialog_correlationValueTextField_ssidExample();
                 break;
+            case CorrelationAttributeInstance.MAC_TYPE_ID:
+                text = Bundle.OtherCasesSearchDialog_correlationValueTextField_macExample();
+                break;
+            case CorrelationAttributeInstance.IMEI_TYPE_ID:
+                text = Bundle.OtherCasesSearchDialog_correlationValueTextField_imeiExample();
+                break;
+            case CorrelationAttributeInstance.IMSI_TYPE_ID:
+                text = Bundle.OtherCasesSearchDialog_correlationValueTextField_imsiExample();
+                break;
+            case CorrelationAttributeInstance.ICCID_TYPE_ID:
+                text = Bundle.OtherCasesSearchDialog_correlationValueTextField_iccidExample();
+                break;
             default:
                 text = "";
                 break;
         }
         correlationValueTextFieldPrompt = new TextPrompt(text, correlationValueTextField);
-        
+
         /**
          * Sets the foreground color and transparency of the text prompt.
          */
         correlationValueTextFieldPrompt.setForeground(Color.LIGHT_GRAY);
         correlationValueTextFieldPrompt.changeAlpha(0.9f); // Mostly opaque
-        
+
         validate();
         repaint();
     }
-    
+
     /**
      * Update the 'selectedCorrelationType' value to match the selected type
      * from the combo-box.
@@ -406,7 +443,7 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
             }
         }
     }
-    
+
     /**
      * Enable or disable the Search button depending on whether or not text has
      * been provided for the correlation property value.
@@ -433,4 +470,4 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
     private javax.swing.JLabel errorLabel;
     private javax.swing.JButton searchButton;
     // End of variables declaration//GEN-END:variables
-}
\ No newline at end of file
+}

From 549f8a6589adcd2fe04b005fa2990809be593046 Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Tue, 4 Dec 2018 16:14:49 -0500
Subject: [PATCH 64/70] Update autoupdate.catalog.url

---
 ImageGallery/nbproject/platform.properties  | 2 +-
 ScalpelCarver/nbproject/platform.properties | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/ImageGallery/nbproject/platform.properties b/ImageGallery/nbproject/platform.properties
index 351256334b..0c717f4f53 100644
--- a/ImageGallery/nbproject/platform.properties
+++ b/ImageGallery/nbproject/platform.properties
@@ -7,7 +7,7 @@ nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version}
 harness.dir=${nbplatform.active.dir}/harness
 bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastSuccessfulBuild/artifact/nbbuild/netbeans/harness/tasks.jar
 # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL
-autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
+autoupdate.catalog.url=https://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
 cluster.path=\
     ${nbplatform.active.dir}/harness:\
     ${nbplatform.active.dir}/java:\
diff --git a/ScalpelCarver/nbproject/platform.properties b/ScalpelCarver/nbproject/platform.properties
index bff2a507cf..1562be66c8 100644
--- a/ScalpelCarver/nbproject/platform.properties
+++ b/ScalpelCarver/nbproject/platform.properties
@@ -8,7 +8,7 @@ nbplatform.active.dir=${suite.dir}/netbeans-plat/${netbeans-plat-version}
 harness.dir=${nbplatform.active.dir}/harness
 bootstrap.url=http://bits.netbeans.org/dev/nbms-and-javadoc/lastSuccessfulBuild/artifact/nbbuild/netbeans/harness/tasks.jar
 # Where we get the platform from. To see what versions are available, open URL in browser up to the .../updates part of the URL
-autoupdate.catalog.url=http://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
+autoupdate.catalog.url=https://updates.netbeans.org/netbeans/updates/${netbeans-plat-version}/uc/final/distribution/catalog.xml.gz
 cluster.path=\
     ${nbplatform.active.dir}/harness:\
     ${nbplatform.active.dir}/java:\

From 3f6ecd4402b8d7e3e01f58e01f6264fe1df9e459 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Wed, 5 Dec 2018 08:53:07 -0500
Subject: [PATCH 65/70] Changed device info icon

---
 .../org/sleuthkit/autopsy/images/devices.png    | Bin 342 -> 483 bytes
 1 file changed, 0 insertions(+), 0 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/images/devices.png b/Core/src/org/sleuthkit/autopsy/images/devices.png
index bcb132a1a87fa8ea9f6f92eb38f0d9a2dd329ffa..757488a9aed15e8e83085867193f279f3c1e5503 100644
GIT binary patch
delta 389
zcmV;00eb${0^<XaBo78+OGiWi{{a60|De66laV1H2n7uiC$Lak@sUX@e*s5HL_t(I
z%bk(GO9EjS$3J%-nb?w3(LpZN7zKAZ6dl*nUl9HWx8$D?1y0SixauM~1raTR(sCjs
z1RDJU#Y$Xkk|>b3DO2v=GkTWih41_Q@jQ<rgkWRmWf{0fURI^3m;C^Blw2w5`1PRD
zCO8wFZV?H0R~;wq2bUGoe{PE)@{*nn(zi4jGCOn2;@mj^nM}rmJB|ZTQcSxoPL90-
zolc9(i|n6vz+eEOkpBli_t6w8{E{2>+F0-PdH}etD-}_H9*ug9qr=p&KRw=2tyXbe
zmt-<26;VvPExtZ#yuYPb*j<-8y<Xjr&*w=b5@RE1z{*r)jc|0!Uxa=xy|?cnADo?f
z$iopTMg5`sygC2bzs?11TQ-IY&}=r#fE6SlOP~S7<MC~vG%0~$7{p?+|0OUCgF>O;
jy@C*8m|)Tsd=gmS2f2a-7>mvi00000NkvXXu0mjf5S*@}

delta 275
zcmV+u0qp+c1J(kNBqa%ONLh0L01FcU01FcV0GgZ_00007bV*G`2jUC_4l5bOPZHdb
zTPuG6%t=H+R5;6H{Qv(ygSqn)H3kNTn+&*t`pLaAx3EbtA!|OlSB3!_jSsL8u$h5@
zfq_9(;Fv;s`d+MZjAl-c|KrjqE_jeZQuq))vm01&$*{A&g=?NUb0&s-dU`qo0|P??
zqnXp=|C2j04fyo&8N=#TbBPKAhQEIq7?@+3(PaKJ<Fp;w6-*2aSTvIWm>4JoEDQ_`
z47uf)61<#W7?h=nGe8}i1PA*|1qKF&odgZQl|*qR9NL5dJ^)QH)Nui}G(pIK1_G{W
Z007tUIE+@cu)Y8Q002ovPDHLkV1l?hYJ~s*


From 39017768b1839f147f7da87efdbe246d056895be Mon Sep 17 00:00:00 2001
From: esaunders <esaunders@basistech.com>
Date: Wed, 5 Dec 2018 10:24:51 -0500
Subject: [PATCH 66/70] Updated message displayed when limit is reached.

---
 .../sleuthkit/autopsy/corecomponents/TableFilterChildren.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java b/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java
index 799550b897..1133101e88 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/TableFilterChildren.java
@@ -100,7 +100,7 @@ class TableFilterChildren extends FilterNode.Children {
         "TableFilterChildren.createNodes.limitReached.msg="
         + "The limit on the number of results to display has been reached."
         + " Only the first {0} results will be shown."
-        + " The limit can be modified in the View Options screen."})
+        + " The limit can be modified under Tools, Options, View."})
     protected Node[] createNodes(Node key) {
         int maxNodesToCreate = UserPreferences.getMaximumNumberOfResults();
 

From 1f67e0428bdf28060ca2b2b754f8f34ff56a0f99 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Wed, 5 Dec 2018 12:30:09 -0500
Subject: [PATCH 67/70] 4380 adjust behavior of error messages to reset when
 changes made

---
 .../OtherCasesSearchDialog.form               |  6 ++++++
 .../OtherCasesSearchDialog.java               | 21 +++++++++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.form b/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.form
index cd033f994d..30995524b2 100755
--- a/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.form
+++ b/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.form
@@ -91,6 +91,9 @@
           <ResourceString bundle="org/sleuthkit/autopsy/othercasessearch/Bundle.properties" key="OtherCasesSearchDialog.correlationValueTextField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
         </Property>
       </Properties>
+      <Events>
+        <EventHandler event="keyReleased" listener="java.awt.event.KeyListener" parameters="java.awt.event.KeyEvent" handler="valueFieldKeyReleaseListener"/>
+      </Events>
     </Component>
     <Component class="javax.swing.JButton" name="searchButton">
       <Properties>
@@ -116,6 +119,9 @@
           <StringArray count="0"/>
         </Property>
       </Properties>
+      <Events>
+        <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="correlationTypeComboBoxActionPerformed"/>
+      </Events>
       <AuxValues>
         <AuxValue name="JavaCodeGenerator_TypeParameters" type="java.lang.String" value="&lt;String&gt;"/>
       </AuxValues>
diff --git a/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java b/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java
index 4320290ba8..e7f2ae16b5 100755
--- a/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java
+++ b/Core/src/org/sleuthkit/autopsy/othercasessearch/OtherCasesSearchDialog.java
@@ -169,6 +169,11 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
         org.openide.awt.Mnemonics.setLocalizedText(correlationValueLabel, org.openide.util.NbBundle.getMessage(OtherCasesSearchDialog.class, "OtherCasesSearchDialog.correlationValueLabel.text")); // NOI18N
 
         correlationValueTextField.setText(org.openide.util.NbBundle.getMessage(OtherCasesSearchDialog.class, "OtherCasesSearchDialog.correlationValueTextField.text")); // NOI18N
+        correlationValueTextField.addKeyListener(new java.awt.event.KeyAdapter() {
+            public void keyReleased(java.awt.event.KeyEvent evt) {
+                valueFieldKeyReleaseListener(evt);
+            }
+        });
 
         org.openide.awt.Mnemonics.setLocalizedText(searchButton, org.openide.util.NbBundle.getMessage(OtherCasesSearchDialog.class, "OtherCasesSearchDialog.searchButton.text")); // NOI18N
         searchButton.addActionListener(new java.awt.event.ActionListener() {
@@ -177,6 +182,12 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
             }
         });
 
+        correlationTypeComboBox.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                correlationTypeComboBoxActionPerformed(evt);
+            }
+        });
+
         org.openide.awt.Mnemonics.setLocalizedText(correlationTypeLabel, org.openide.util.NbBundle.getMessage(OtherCasesSearchDialog.class, "OtherCasesSearchDialog.correlationTypeLabel.text")); // NOI18N
 
         errorLabel.setForeground(new java.awt.Color(255, 0, 0));
@@ -286,6 +297,16 @@ final class OtherCasesSearchDialog extends javax.swing.JDialog {
         }
     }//GEN-LAST:event_searchButtonActionPerformed
 
+    private void correlationTypeComboBoxActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_correlationTypeComboBoxActionPerformed
+        //make error message go away when combo box is selected
+        errorLabel.setText("");
+    }//GEN-LAST:event_correlationTypeComboBoxActionPerformed
+
+    private void valueFieldKeyReleaseListener(java.awt.event.KeyEvent evt) {//GEN-FIRST:event_valueFieldKeyReleaseListener
+        //make error message go away when the user enters anything in the value field
+        errorLabel.setText("");
+    }//GEN-LAST:event_valueFieldKeyReleaseListener
+
     /**
      * Validate the supplied input.
      *

From f8ab800593d29a68eba95ea74cdefd82406260b2 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dsmyda" <dsmyda@win-dsmyd-4990.basistech.net>
Date: Thu, 6 Dec 2018 14:06:51 -0500
Subject: [PATCH 68/70] Made the permissions file name even more boring

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index aab5aafdeb..e8b54b4daf 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -1122,7 +1122,7 @@ public class Case {
                  */
                 
                 //Deny ability to add a data source if the special admin access file is present.
-                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "addDataSourceChildLock");
+                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "_source");
                 if(!denyAddDataSourcePermissions.exists()) {
                     CallableSystemAction.get(AddImageAction.class).setEnabled(true);
                 }

From 75744e76ba5fc3e03e0bdc93d15d96695ffce288 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dsmyda" <dsmyda@win-dsmyd-4990.basistech.net>
Date: Thu, 6 Dec 2018 14:14:18 -0500
Subject: [PATCH 69/70] New name

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index e8b54b4daf..034812bfcd 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -1122,7 +1122,7 @@ public class Case {
                  */
                 
                 //Deny ability to add a data source if the special admin access file is present.
-                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "_source");
+                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "_dsp");
                 if(!denyAddDataSourcePermissions.exists()) {
                     CallableSystemAction.get(AddImageAction.class).setEnabled(true);
                 }

From b47a3fcbc69dacda84ca2a166eefa3574065ec65 Mon Sep 17 00:00:00 2001
From: "U-BASIS\\dsmyda" <dsmyda@win-dsmyd-4990.basistech.net>
Date: Thu, 6 Dec 2018 14:14:54 -0500
Subject: [PATCH 70/70] New new name

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index 034812bfcd..7f4ee150c1 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -1122,7 +1122,7 @@ public class Case {
                  */
                 
                 //Deny ability to add a data source if the special admin access file is present.
-                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "_dsp");
+                File denyAddDataSourcePermissions = new File(PlatformUtil.getUserConfigDirectory(), "_ndsp");
                 if(!denyAddDataSourcePermissions.exists()) {
                     CallableSystemAction.get(AddImageAction.class).setEnabled(true);
                 }