Merge branch 'develop' of github.com:sleuthkit/autopsy into 8425-snap

2025-07-06 21:00:22 +00:00 · 2023-07-13 13:34:10 -04:00 · 2023-07-13 13:34:10 -04:00 · 4841936e32
commit 4841936e32
parent 569e6f27bb 4f86f7bb95
30 changed files with 554 additions and 1203 deletions
--- a/Core/ivy.xml
+++ b/Core/ivy.xml
@ -22,9 +22,9 @@
        <dependency conf="core->default" org="org.apache.commons" name="commons-dbcp2" rev="2.9.0"/>
-        <dependency conf="core->default" org="org.jsoup" name="jsoup" rev="1.14.3"/>
+        <dependency conf="core->default" org="org.jsoup" name="jsoup" rev="1.16.1"/>
-        <dependency conf="core->default" org="com.drewnoakes" name="metadata-extractor" rev="2.17.0"/>
+        <dependency conf="core->default" org="com.drewnoakes" name="metadata-extractor" rev="2.18.0"/>
        <dependency conf="core->default" org="com.ethteck.decodetect" name="decodetect-core" rev="0.3"/>
        <dependency conf="core->default" org="com.googlecode.libphonenumber" name="libphonenumber" rev="8.12.45" />
@ -33,7 +33,7 @@
        <dependency conf="core->default" org="org.jfree" name="jfreechart" rev="1.5.3"/>
        <!-- for yaml reading/writing -->
-        <dependency conf="core->default" org="org.yaml" name="snakeyaml" rev="1.30"/>
+        <dependency conf="core->default" org="org.yaml" name="snakeyaml" rev="2.0"/>
        <!-- map support for geolocation -->
        <dependency conf="core->default" org="org.jxmapviewer" name="jxmapviewer2" rev="2.6"/>
@ -77,8 +77,8 @@
        <override org="jakarta.ws.rs" module="jakarta.ws.rs-api" rev="2.1.5"/>
        <override org="org.slf4j" module="slf4j-api" rev="1.7.36"/>
-        <override org="com.google.guava" module="guava" rev="31.1-jre"/>
+        <override org="com.google.guava" module="guava" rev="32.0.1-jre"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
        <!-- changes to bouncy castle version may also be reflected in thirdparty/IcePDF 6.2.2 -->
        <override org="org.bouncycastle" module="bcprov-ext-jdk15on" rev="1.70"/>
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@ -17,7 +17,7 @@ file.reference.bcprov-ext-jdk15on-1.70.jar=release/modules/ext/bcprov-ext-jdk15o
 file.reference.bcprov-jdk15on-1.70.jar=release/modules/ext/bcprov-jdk15on-1.70.jar
 file.reference.bcutil-jdk15on-1.70.jar=release/modules/ext/bcutil-jdk15on-1.70.jar
 file.reference.c3p0-0.9.5.5.jar=release/modules/ext/c3p0-0.9.5.5.jar
-file.reference.checker-qual-3.12.0.jar=release/modules/ext/checker-qual-3.12.0.jar
+file.reference.checker-qual-3.33.0.jar=release/modules/ext/checker-qual-3.33.0.jar
 file.reference.commons-dbcp2-2.9.0.jar=release/modules/ext/commons-dbcp2-2.9.0.jar
 file.reference.commons-io-2.11.0.jar=release/modules/ext/commons-io-2.11.0.jar
 file.reference.commons-lang3-3.10.jar=release/modules/ext/commons-lang3-3.10.jar
@ -28,13 +28,13 @@ file.reference.curator-framework-5.2.1.jar=release/modules/ext/curator-framework
 file.reference.curator-recipes-5.2.1.jar=release/modules/ext/curator-recipes-5.2.1.jar
 file.reference.DatCon.jar=release/modules/ext/DatCon.jar
 file.reference.decodetect-core-0.3.jar=release/modules/ext/decodetect-core-0.3.jar
-file.reference.error_prone_annotations-2.11.0.jar=release/modules/ext/error_prone_annotations-2.11.0.jar
+file.reference.error_prone_annotations-2.18.0.jar=release/modules/ext/error_prone_annotations-2.18.0.jar
 file.reference.failureaccess-1.0.1.jar=release/modules/ext/failureaccess-1.0.1.jar
-file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
+file.reference.guava-32.0.1-jre.jar=release/modules/ext/guava-32.0.1-jre.jar
 file.reference.icepdf-core-6.2.2.jar=release/modules/ext/icepdf-core-6.2.2.jar
 file.reference.icepdf-viewer-6.2.2.jar=release/modules/ext/icepdf-viewer-6.2.2.jar
 file.reference.istack-commons-runtime-3.0.11.jar=release/modules/ext/istack-commons-runtime-3.0.11.jar
-file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
+file.reference.j2objc-annotations-2.8.jar=release/modules/ext/j2objc-annotations-2.8.jar
 file.reference.jackcess-4.0.1.jar=release/modules/ext/jackcess-4.0.1.jar
 file.reference.jackcess-encrypt-4.0.1.jar=release/modules/ext/jackcess-encrypt-4.0.1.jar
 file.reference.jai_core-1.1.3.jar=release/modules/ext/jai_core-1.1.3.jar
@ -49,7 +49,7 @@ file.reference.jaxb-runtime-2.3.3.jar=release/modules/ext/jaxb-runtime-2.3.3.jar
 file.reference.jdom-2.0.5.jar=release/modules/ext/jdom-2.0.5.jar
 file.reference.jfreechart-1.5.3.jar=release/modules/ext/jfreechart-1.5.3.jar
 file.reference.jgraphx-4.2.2.jar=release/modules/ext/jgraphx-4.2.2.jar
-file.reference.jsoup-1.14.3.jar=release/modules/ext/jsoup-1.14.3.jar
+file.reference.jsoup-1.16.1.jar=release/modules/ext/jsoup-1.16.1.jar
 file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
 file.reference.jutf7-1.0.0.jar=release/modules/ext/jutf7-1.0.0.jar
 file.reference.jxmapviewer2-2.6.jar=release/modules/ext/jxmapviewer2-2.6.jar
@ -59,7 +59,7 @@ file.reference.listenablefuture-1.0.jar=release/modules/ext/listenablefuture-1.0
 file.reference.logback-classic-1.2.10.jar=release/modules/ext/logback-classic-1.2.10.jar
 file.reference.logback-core-1.2.10.jar=release/modules/ext/logback-core-1.2.10.jar
 file.reference.mchange-commons-java-0.2.20.jar=release/modules/ext/mchange-commons-java-0.2.20.jar
-file.reference.metadata-extractor-2.17.0.jar=release/modules/ext/metadata-extractor-2.17.0.jar
+file.reference.metadata-extractor-2.18.0.jar=release/modules/ext/metadata-extractor-2.18.0.jar
 file.reference.netty-buffer-4.1.73.Final.jar=release/modules/ext/netty-buffer-4.1.73.Final.jar
 file.reference.netty-codec-4.1.73.Final.jar=release/modules/ext/netty-codec-4.1.73.Final.jar
 file.reference.netty-common-4.1.73.Final.jar=release/modules/ext/netty-common-4.1.73.Final.jar
@ -80,7 +80,8 @@ file.reference.sevenzipjbinding-AllPlatforms.jar=release/modules/ext/sevenzipjbi
 file.reference.sevenzipjbinding.jar=release/modules/ext/sevenzipjbinding.jar
 file.reference.sleuthkit-4.12.0.jar=release/modules/ext/sleuthkit-4.12.0.jar
 file.reference.sleuthkit-caseuco-4.12.0.jar=release/modules/ext/sleuthkit-caseuco-4.12.0.jar
-file.reference.snakeyaml-1.30.jar=release/modules/ext/snakeyaml-1.30.jar
+file.reference.slf4j-api-1.7.36.jar=release/modules/ext/slf4j-api-1.7.36.jar
 file.reference.snakeyaml-2.0.jar=release/modules/ext/snakeyaml-2.0.jar
 file.reference.SparseBitSet-1.1.jar=release/modules/ext/SparseBitSet-1.1.jar
 file.reference.spotbugs-annotations-4.6.0.jar=release/modules/ext/spotbugs-annotations-4.6.0.jar
 file.reference.sqlite-jdbc-3.42.0.0.jar=release/modules/ext/sqlite-jdbc-3.42.0.0.jar
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@ -445,8 +445,8 @@
                <binary-origin>release/modules/ext/c3p0-0.9.5.5.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/checker-qual-3.12.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/checker-qual-3.33.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/checker-qual-3.12.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/checker-qual-3.33.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/commons-dbcp2-2.9.0.jar</runtime-relative-path>
@ -489,16 +489,16 @@
                <binary-origin>release/modules/ext/decodetect-core-0.3.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/error_prone_annotations-2.11.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/error_prone_annotations-2.18.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/error_prone_annotations-2.11.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/error_prone_annotations-2.18.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/failureaccess-1.0.1.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/failureaccess-1.0.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
+                <runtime-relative-path>ext/guava-32.0.1-jre.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
+                <binary-origin>release/modules/ext/guava-32.0.1-jre.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/icepdf-core-6.2.2.jar</runtime-relative-path>
@ -513,8 +513,8 @@
                <binary-origin>release/modules/ext/istack-commons-runtime-3.0.11.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/j2objc-annotations-1.3.jar</runtime-relative-path>
+                <runtime-relative-path>ext/j2objc-annotations-2.8.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
+                <binary-origin>release/modules/ext/j2objc-annotations-2.8.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/jackcess-4.0.1.jar</runtime-relative-path>
@ -573,8 +573,8 @@
                <binary-origin>release/modules/ext/jgraphx-4.2.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jsoup-1.14.3.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jsoup-1.16.1.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jsoup-1.14.3.jar</binary-origin>
+                <binary-origin>release/modules/ext/jsoup-1.16.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/jsr305-3.0.2.jar</runtime-relative-path>
@ -613,8 +613,8 @@
                <binary-origin>release/modules/ext/mchange-commons-java-0.2.20.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/metadata-extractor-2.17.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/metadata-extractor-2.18.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/metadata-extractor-2.17.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/metadata-extractor-2.18.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/netty-buffer-4.1.73.Final.jar</runtime-relative-path>
@ -697,8 +697,12 @@
                <binary-origin>release/modules/ext/sleuthkit-caseuco-4.12.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/snakeyaml-1.30.jar</runtime-relative-path>
+                <runtime-relative-path>ext/slf4j-api-1.7.36.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/snakeyaml-1.30.jar</binary-origin>
+                <binary-origin>release/modules/ext/slf4j-api-1.7.36.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/snakeyaml-2.0.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/snakeyaml-2.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/SparseBitSet-1.1.jar</runtime-relative-path>
--- a/Core/src/org/sleuthkit/autopsy/casemodule/AutopsyContentProvider.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/AutopsyContentProvider.java
@ -0,0 +1,47 @@
 /*
 * Autopsy Forensic Browser
 *
 * Copyright 2023 Basis Technology Corp.
 * Contact: carrier <at> sleuthkit <dot> org
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.sleuthkit.autopsy.casemodule;
 import org.sleuthkit.datamodel.ContentStreamProvider;
 /**
 * Interface that modules can implement to provide their own The Sleuth Kit
 * ContentProvider implementations
 */
 public interface AutopsyContentProvider {
    /**
     * Attempts to create a ContentProvider given the specified args. Returns
     * null if arguments are invalid for this custom content provider.
     *
     * @param args The key value pair of arguments loaded from the .aut xml
     * file.
     * @return The created content provider or null if arguments are invalid.
     */
    ContentStreamProvider load();
    /**
     * Returns the uniquely identifying name of this FileContentProvider. This
     * name will be stored in the .AUT file and used for lookup when the case is
     * opened.
     *
     * @return The unique name.
     */
    String getName();
 }
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@ -41,7 +41,6 @@ import java.sql.SQLException;
 import java.sql.Statement;
 import java.text.SimpleDateFormat;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.HashSet;
@ -133,8 +132,6 @@ import org.sleuthkit.autopsy.events.AutopsyEventPublisher;
 import org.sleuthkit.autopsy.discovery.ui.OpenDiscoveryAction;
 import org.sleuthkit.autopsy.ingest.IngestJob;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.autopsy.ingest.IngestServices;
 import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
 import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchService;
 import org.sleuthkit.autopsy.keywordsearchservice.KeywordSearchServiceException;
 import org.sleuthkit.autopsy.machinesettings.UserMachinePreferences;
@ -143,18 +140,14 @@ import org.sleuthkit.autopsy.progress.ModalDialogProgressIndicator;
 import org.sleuthkit.autopsy.progress.ProgressIndicator;
 import org.sleuthkit.autopsy.timeline.OpenTimelineAction;
 import org.sleuthkit.autopsy.timeline.events.TimelineEventAddedEvent;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardArtifactTag;
 import org.sleuthkit.datamodel.CaseDbConnectionInfo;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentStreamProvider;
 import org.sleuthkit.datamodel.ContentTag;
 import org.sleuthkit.datamodel.DataSource;
 import org.sleuthkit.datamodel.FileSystem;
 import org.sleuthkit.datamodel.Host;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.OsAccount;
 import org.sleuthkit.datamodel.Person;
 import org.sleuthkit.datamodel.Report;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TimelineManager;
@ -2078,7 +2071,7 @@ public class Case {
        metadata = caseMetaData;
        sleuthkitEventListener = new SleuthkitEventListener();
    }
-
+   
    /**
     * Performs a case action that involves creating or opening a case. If the
     * case is a multi-user case, the action is done after acquiring a
@ -2742,10 +2735,18 @@ public class Case {
        progressIndicator.progress(Bundle.Case_progressMessage_openingCaseDatabase());
        try {
            String databaseName = metadata.getCaseDatabaseName();
            ContentStreamProvider contentProvider = loadContentProvider(metadata.getContentProviderName());
            if (CaseType.SINGLE_USER_CASE == metadata.getCaseType()) {
-                caseDb = SleuthkitCase.openCase(Paths.get(metadata.getCaseDirectory(), databaseName).toString());
+                // only prefix with metadata directory if databaseName is a relative path
                String fullDatabasePath = (new File(databaseName).isAbsolute())
                        ? databaseName
                        : Paths.get(metadata.getCaseDirectory(), databaseName).toString();
                caseDb = SleuthkitCase.openCase(fullDatabasePath, contentProvider);
            } else if (UserPreferences.getIsMultiUserModeEnabled()) {
-                caseDb = SleuthkitCase.openCase(databaseName, UserPreferences.getDatabaseConnectionInfo(), metadata.getCaseDirectory());
+                caseDb = SleuthkitCase.openCase(databaseName, UserPreferences.getDatabaseConnectionInfo(), metadata.getCaseDirectory(), contentProvider);
            } else {
                throw new CaseActionException(Bundle.Case_open_exception_multiUserCaseNotEnabled());
            }
@ -2758,6 +2759,36 @@ public class Case {
            throw new CaseActionException(Bundle.Case_exceptionMessage_couldNotOpenCaseDatabase(ex.getLocalizedMessage()), ex);
        }
    }
    /**
     * Attempts to load a content provider for the provided arguments. Returns
     * null if no content provider for the arguments can be identified.
     *
     * @param providerName The name of the content provider.
     * @param args The arguments.
     * @return The content provider or null if no content provider can be
     * provisioned for the arguments
     */
    private static ContentStreamProvider loadContentProvider(String providerName) {
        Collection<? extends AutopsyContentProvider> customContentProviders = Lookup.getDefault().lookupAll(AutopsyContentProvider.class);
        if (customContentProviders != null) {
            for (AutopsyContentProvider customProvider : customContentProviders) {
                // ensure the provider matches the name
                if (customProvider == null || !StringUtils.equalsIgnoreCase(providerName, customProvider.getName())) {
                    continue;
                }
                ContentStreamProvider contentProvider = customProvider.load();
                if (contentProvider != null) {
                    return contentProvider;
                }
            }
        }
        return null;
    }
    /**
     * Opens the case-level services: the files manager, tags manager and
--- a/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/CaseMetadata.java
@ -29,8 +29,16 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.stream.Collectors;
 import javax.xml.parsers.DocumentBuilder;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.parsers.ParserConfigurationException;
@ -42,10 +50,14 @@ import javax.xml.transform.TransformerException;
 import javax.xml.transform.TransformerFactory;
 import javax.xml.transform.dom.DOMSource;
 import javax.xml.transform.stream.StreamResult;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.openide.util.Lookup;
 import org.sleuthkit.autopsy.coreutils.Version;
 import org.sleuthkit.autopsy.coreutils.XMLUtil;
 import org.w3c.dom.Document;
 import org.w3c.dom.Element;
 import org.w3c.dom.Node;
 import org.w3c.dom.NodeList;
 import org.xml.sax.SAXException;
@ -103,13 +115,21 @@ public final class CaseMetadata {
    private static final String SCHEMA_VERSION_FIVE = "5.0";
    private final static String ORIGINAL_CASE_ELEMENT_NAME = "OriginalCase"; //NON-NLS  
    /*
     * Fields from schema version 6
     */
    private static final String SCHEMA_VERSION_SIX = "6.0";
    private final static String CONTENT_PROVIDER_ELEMENT_NAME = "ContentProvider";
    private final static String CONTENT_PROVIDER_NAME_ELEMENT_NAME = "Name";
    private final static String CONTENT_PROVIDER_ARG_DEFAULT_KEY = "DEFAULT";
    /*
     * Unread fields, regenerated on save.
     */
    private final static String MODIFIED_DATE_ELEMENT_NAME = "ModifiedDate"; //NON-NLS
    private final static String AUTOPSY_SAVED_BY_ELEMENT_NAME = "SavedByAutopsyVersion"; //NON-NLS
-    private final static String CURRENT_SCHEMA_VERSION = SCHEMA_VERSION_FIVE;
+    private final static String CURRENT_SCHEMA_VERSION = SCHEMA_VERSION_SIX;
    private final Path metadataFilePath;
    private Case.CaseType caseType;
@ -121,6 +141,7 @@ public final class CaseMetadata {
    private String createdDate;
    private String createdByVersion;
    private CaseMetadata originalMetadata = null; // For portable cases
    private String contentProviderName;
    /**
     * Gets the file extension used for case metadata files.
@ -176,6 +197,7 @@ public final class CaseMetadata {
        createdByVersion = Version.getVersion();
        createdDate = CaseMetadata.DATE_FORMAT.format(new Date());
        this.originalMetadata = originalMetadata;
        this.contentProviderName = originalMetadata == null ? null : originalMetadata.contentProviderName;
    }
    /**
@ -213,6 +235,14 @@ public final class CaseMetadata {
        return null;
    }
    /**
     * @return The custom provider name for content byte data or null if no
     * custom provider.
     */
    public String getContentProviderName() {
        return this.contentProviderName;
    }
    /**
     * Gets the full path to the case metadata file.
     *
@ -458,6 +488,15 @@ public final class CaseMetadata {
        Element caseElement = doc.createElement(CASE_ELEMENT_NAME);
        rootElement.appendChild(caseElement);
        Element contentProviderEl = doc.createElement(CONTENT_PROVIDER_ELEMENT_NAME);
        rootElement.appendChild(contentProviderEl);
        Element contentProviderNameEl = doc.createElement(CONTENT_PROVIDER_NAME_ELEMENT_NAME);
        if (this.contentProviderName != null) {
            contentProviderNameEl.setTextContent(this.contentProviderName);   
        }
        contentProviderEl.appendChild(contentProviderNameEl);
        /*
         * Create the children of the case element.
         */
@ -543,7 +582,15 @@ public final class CaseMetadata {
            } else {
                this.createdByVersion = getElementTextContent(rootElement, AUTOPSY_CREATED_BY_ELEMENT_NAME, true);
            }
-
+            
            Element contentProviderEl = getChildElOrNull(rootElement, CONTENT_PROVIDER_ELEMENT_NAME);
            if (contentProviderEl != null) {
                Element contentProviderNameEl = getChildElOrNull(contentProviderEl, CONTENT_PROVIDER_NAME_ELEMENT_NAME);
                this.contentProviderName = contentProviderNameEl != null ? contentProviderNameEl.getTextContent() : null;
            } else {
                this.contentProviderName = null;
            }
            /*
             * Get the content of the children of the case element.
             */
@ -614,7 +661,16 @@ public final class CaseMetadata {
            throw new CaseMetadataException(String.format("Error reading from case metadata file %s", metadataFilePath), ex);
        }
    }
-
+    
    private Element getChildElOrNull(Element parent, String childTag) {
        NodeList nl = parent.getElementsByTagName(childTag);
        if (nl != null && nl.getLength() > 0 && nl.item(0) instanceof Element) {
            return (Element) nl.item(0);
        } else {
            return null;
        }
    }
    /**
     * Gets the text content of an XML element.
     *
--- a/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/DefaultTableArtifactContentViewer.java
+++ b/Core/src/org/sleuthkit/autopsy/contentviewers/artifactviewers/DefaultTableArtifactContentViewer.java
@ -348,9 +348,8 @@ public class DefaultTableArtifactContentViewer extends AbstractArtifactDetailsPa
                        case JSON:
                            // Get the attribute's JSON value and convert to indented multiline display string
                            String jsonVal = attr.getValueString();
-                            JsonObject json = JsonParser.parseString(jsonVal).getAsJsonObject();
+                            JsonElement jsonEl = JsonParser.parseString(jsonVal);
-
+                            value = toJsonDisplayString(jsonEl, "");
                            value = toJsonDisplayString(json, "");
                            break;
                        case STRING:
@ -411,19 +410,43 @@ public class DefaultTableArtifactContentViewer extends AbstractArtifactDetailsPa
         * @return A multi-line display string.
         */
        private String toJsonDisplayString(JsonElement element, String startIndent) {
            if (element == null || element.isJsonNull()) {
                return "";
            } else if (element.isJsonPrimitive()) {
                return element.getAsString();
            } else if (element.isJsonObject()) {
                StringBuilder sb = new StringBuilder("");
                JsonObject obj = element.getAsJsonObject();
-            StringBuilder sb = new StringBuilder("");
+                for (Map.Entry<String, JsonElement> entry : obj.entrySet()) {
-            JsonObject obj = element.getAsJsonObject();
+                    appendJsonElementToString(entry.getKey(), entry.getValue(), startIndent, sb);
                }
-            for (Map.Entry<String, JsonElement> entry : obj.entrySet()) {
+                String returnString = sb.toString();
-                appendJsonElementToString(entry.getKey(), entry.getValue(), startIndent, sb);
+                if (startIndent.length() == 0 && returnString.startsWith(NEW_LINE)) {
                    returnString = returnString.substring(NEW_LINE.length());
                }
                return returnString;                
            } else if (element.isJsonArray()) {
                StringBuilder sb = new StringBuilder("");
                JsonArray jsonArray = element.getAsJsonArray();
                if (jsonArray.size() > 0) {
                    int count = 1;
                    for (JsonElement arrayMember : jsonArray) {
                        sb.append(NEW_LINE).append(String.format("%s%d", startIndent, count));
                        sb.append(toJsonDisplayString(arrayMember, startIndent.concat(INDENT_RIGHT)));
                        count++;
                    }
                }
                String returnString = sb.toString();
                if (startIndent.length() == 0 && returnString.startsWith(NEW_LINE)) {
                    returnString = returnString.substring(NEW_LINE.length());
                }
                return returnString;   
            } else {
                return "";
            }
            String returnString = sb.toString();
            if (startIndent.length() == 0 && returnString.startsWith(NEW_LINE)) {
                returnString = returnString.substring(NEW_LINE.length());
            }
            return returnString;
        }
        /**
--- a/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyTreeChildFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/AutopsyTreeChildFactory.java
@ -143,14 +143,16 @@ public final class AutopsyTreeChildFactory extends ChildFactory.Detachable<Objec
                // either way, add in reports node
                nodes.add(new Reports());
            } else {
                SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
                // data source by type view
                nodes = Arrays.asList(
                        new DataSourcesByType(),
-                        new Views(Case.getCurrentCaseThrows().getSleuthkitCase()),
+                        new Views(skCase),
                        new DataArtifacts(),
                        new AnalysisResults(),
-                        new OsAccounts(Case.getCurrentCaseThrows().getSleuthkitCase()),
+                        new OsAccounts(skCase),
                        new Tags(),
                        new ScoreContent(skCase),
                        new Reports()
                );
            }
--- a/Core/src/org/sleuthkit/autopsy/datamodel/DataSourceGroupingNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/DataSourceGroupingNode.java
@ -29,6 +29,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.datamodel.DataSource;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.LocalFilesDataSource;
 import org.sleuthkit.datamodel.SleuthkitCase;
 /**
 * Data source grouping node - an optional grouping node in the data tree view
@ -74,13 +75,15 @@ class DataSourceGroupingNode extends DisplayableItemNode {
        long dsObjId = dataSource.getId();
        try {
            SleuthkitCase skCase = Case.getCurrentCaseThrows().getSleuthkitCase();
            return new RootContentChildren(Arrays.asList(
                    new DataSources(dsObjId),
-                    new Views(Case.getCurrentCaseThrows().getSleuthkitCase(), dsObjId),
+                    new Views(skCase, dsObjId),
                    new DataArtifacts(dsObjId),
                    new AnalysisResults(dsObjId),
-                    new OsAccounts(Case.getCurrentCaseThrows().getSleuthkitCase(), dsObjId),
+                    new OsAccounts(skCase, dsObjId),
-                    new Tags(dsObjId)
+                    new Tags(dsObjId),
                    new ScoreContent(skCase, dsObjId)
            ));
        } catch (NoCurrentCaseException ex) {
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ScoreContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ScoreContent.java
@ -20,33 +20,46 @@ package org.sleuthkit.autopsy.datamodel;
 import java.beans.PropertyChangeEvent;
 import java.beans.PropertyChangeListener;
 import java.sql.SQLException;
 import java.text.MessageFormat;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Comparator;
 import java.util.EnumSet;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
 import java.util.Map.Entry;
 import java.util.Set;
 import java.util.concurrent.atomic.AtomicLong;
 import java.util.concurrent.atomic.AtomicReference;
 import java.util.logging.Level;
 import java.util.stream.Collectors;
 import java.util.stream.IntStream;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.lang3.tuple.Pair;
 import org.openide.nodes.AbstractNode;
 import org.openide.nodes.ChildFactory;
 import org.openide.nodes.Children;
 import org.openide.nodes.Node;
 import org.openide.nodes.Sheet;
 import org.openide.util.NbBundle;
 import org.openide.util.NbBundle.Messages;
 import org.openide.util.WeakListeners;
 import org.openide.util.lookup.Lookups;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.coreutils.TimeZoneUtils;
 import static org.sleuthkit.autopsy.datamodel.AbstractContentNode.NO_DESCR;
 import org.sleuthkit.autopsy.guiutils.RefreshThrottler;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent;
 import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardArtifact.Category;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.DerivedFile;
@ -110,6 +123,7 @@ public class ScoreContent implements AutopsyVisitableItem {
    /**
     * Constructor assuming no data source filtering.
     *
     * @param skCase The sleuthkit case.
     */
    public ScoreContent(SleuthkitCase skCase) {
@ -118,6 +132,7 @@ public class ScoreContent implements AutopsyVisitableItem {
    /**
     * Constructor.
     *
     * @param skCase The sleuthkit case.
     * @param dsObjId The data source object id to filter on if > 0.
     */
@ -153,11 +168,17 @@ public class ScoreContent implements AutopsyVisitableItem {
            Case.Events.BLACKBOARD_ARTIFACT_TAG_ADDED,
            Case.Events.BLACKBOARD_ARTIFACT_TAG_DELETED
    );
    private static final Set<String> CASE_EVENTS_OF_INTEREST_STRS = CASE_EVENTS_OF_INTEREST.stream()
            .map(evt -> evt.name())
            .collect(Collectors.toSet());
    private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.COMPLETED, IngestManager.IngestJobEvent.CANCELLED);
    private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(IngestModuleEvent.CONTENT_CHANGED);
    /**
-     * Returns a property change listener listening for possible updates to aggregate score updates for files.
+     * Returns a property change listener listening for possible updates to
     * aggregate score updates for files.
     *
     * @param onRefresh Action on refresh.
     * @param onRemove Action to remove listener (i.e. case close).
     * @return The property change listener.
@ -182,7 +203,7 @@ public class ScoreContent implements AutopsyVisitableItem {
                if (evt.getNewValue() == null && onRemove != null) {
                    onRemove.run();
                }
-            } else if (CASE_EVENTS_OF_INTEREST.contains(eventType)) {
+            } else if (CASE_EVENTS_OF_INTEREST_STRS.contains(eventType)) {
                // only refresh if there is a current case.
                try {
                    Case.getCurrentCaseThrows();
@ -199,34 +220,61 @@ public class ScoreContent implements AutopsyVisitableItem {
    }
    /**
-     * The sql where statement for the files.
+     * The sql where statement for the content.
     *
     * @param filter The filter type.
     * @param objIdAlias The alias for the object id of the content. Must be sql
     * safe.
     * @param dsIdAlias The alias for the data source id. Must be sql safe.
     * @param filteringDSObjId The data source object id to filter on if > 0.
     * @return The sql where statement.
     * @throws IllegalArgumentException
     */
    private static String getFilter(ScoreContent.ScoreContentFilter filter, String objIdAlias, String dsIdAlias, long filteringDSObjId) throws IllegalArgumentException {
        String aggregateScoreFilter = getScoreFilter(filter);
        String query = " " + objIdAlias + " IN (SELECT tsk_aggregate_score.obj_id FROM tsk_aggregate_score WHERE " + aggregateScoreFilter + ") ";
        if (filteringDSObjId > 0) {
            query += " AND " + dsIdAlias + " = " + filteringDSObjId;
        }
        return query;
    }
    private static String getScoreFilter(ScoreContentFilter filter) throws IllegalArgumentException {
        switch (filter) {
            case SUS_ITEM_FILTER:
                return " tsk_aggregate_score.significance = " + Significance.LIKELY_NOTABLE.getId()
                        + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
            case BAD_ITEM_FILTER:
                return " tsk_aggregate_score.significance = " + Significance.NOTABLE.getId()
                        + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
            default:
                throw new IllegalArgumentException(MessageFormat.format("Unsupported filter type to get suspect content: {0}", filter));
        }
    }
    /**
     * Returns a sql where statement for files.
     *
     * @param filter The filter type.
     * @param filteringDSObjId The data source object id to filter on if > 0.
     * @return The sql where statement.
-     * @throws IllegalArgumentException 
+     * @throws IllegalArgumentException
     */
-    static private String getFileFilter(ScoreContent.ScoreContentFilter filter, long filteringDSObjId) throws IllegalArgumentException {
+    private static String getFileFilter(ScoreContent.ScoreContentFilter filter, long filteringDsObjId) throws IllegalArgumentException {
-        String aggregateScoreFilter = "";
+        return getFilter(filter, "obj_id", "data_source_obj_id", filteringDsObjId);
-        switch (filter) {
+    }
            case SUS_ITEM_FILTER:
                aggregateScoreFilter = " tsk_aggregate_score.significance = " + Significance.LIKELY_NOTABLE.getId() + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
-                break;
+    /**
-            case BAD_ITEM_FILTER:
+     * Returns a sql where statement for files.
-                aggregateScoreFilter = " tsk_aggregate_score.significance = " + Significance.NOTABLE.getId() + " AND (tsk_aggregate_score.priority = " + Priority.NORMAL.getId() + " OR tsk_aggregate_score.priority = " + Priority.OVERRIDE.getId() + " )";
+     *
-                break;
+     * @param filter The filter type.
-
+     * @param filteringDSObjId The data source object id to filter on if > 0.
-            default:
+     * @return The sql where statement.
-                throw new IllegalArgumentException(MessageFormat.format("Unsupported filter type to get suspect content: {0}", filter));
+     * @throws IllegalArgumentException
-
+     */
-        }
+    private static String getDataArtifactFilter(ScoreContent.ScoreContentFilter filter, long filteringDsObjId) throws IllegalArgumentException {
-
+        return getFilter(filter, "artifacts.artifact_obj_id", "artifacts.data_source_obj_id", filteringDsObjId);
        String query = " obj_id IN (SELECT tsk_aggregate_score.obj_id FROM tsk_aggregate_score WHERE " + aggregateScoreFilter + ") ";
        if (filteringDSObjId > 0) {
            query += " AND data_source_obj_id = " + filteringDSObjId;
        }
        return query;
    }
    /**
@ -424,7 +472,34 @@ public class ScoreContent implements AutopsyVisitableItem {
             * @return
             */
            private static long calculateItems(SleuthkitCase sleuthkitCase, ScoreContent.ScoreContentFilter filter, long datasourceObjId) throws TskCoreException {
-                return sleuthkitCase.countFilesWhere(getFileFilter(filter, datasourceObjId));
+                AtomicLong retVal = new AtomicLong(0L);
                AtomicReference<SQLException> exRef = new AtomicReference(null);
                String query = " COUNT(tsk_aggregate_score.obj_id) AS count FROM tsk_aggregate_score WHERE\n"
                        + getScoreFilter(filter) + "\n"
                        + ((datasourceObjId > 0) ? "AND tsk_aggregate_score.data_source_obj_id = \n" + datasourceObjId : "")
                        + " AND tsk_aggregate_score.obj_id IN\n"
                        + " (SELECT tsk_files.obj_id AS obj_id FROM tsk_files UNION\n"
                        + "     SELECT blackboard_artifacts.artifact_obj_id AS obj_id FROM blackboard_artifacts WHERE blackboard_artifacts.artifact_type_id IN\n"
                        + "         (SELECT artifact_type_id FROM blackboard_artifact_types WHERE category_type = " + Category.DATA_ARTIFACT.getID() + ")) ";
                sleuthkitCase.getCaseDbAccessManager().select(query, (rs) -> {
                    try {
                        if (rs.next()) {
                            retVal.set(rs.getLong("count"));
                        }
                    } catch (SQLException ex) {
                        exRef.set(ex);
                    }
                });
                SQLException sqlEx = exRef.get();
                if (sqlEx != null) {
                    throw new TskCoreException(
                            MessageFormat.format("A sql exception occurred fetching results with query: SELECT {0}", query),
                            sqlEx);
                } else {
                    return retVal.get();
                }
            }
            @Override
@ -466,7 +541,7 @@ public class ScoreContent implements AutopsyVisitableItem {
        /**
         * Children showing files for a score filter.
         */
-        static class ScoreContentChildren extends BaseChildFactory<AbstractFile> implements RefreshThrottler.Refresher {
+        static class ScoreContentChildren extends BaseChildFactory<Content> implements RefreshThrottler.Refresher {
            private final RefreshThrottler refreshThrottler = new RefreshThrottler(this);
@ -515,15 +590,21 @@ public class ScoreContent implements AutopsyVisitableItem {
                return ScoreContent.isRefreshRequired(evt);
            }
-            private List<AbstractFile> runFsQuery() {
+            private List<Content> runFsQuery() {
-                List<AbstractFile> ret = new ArrayList<>();
+                List<Content> ret = new ArrayList<>();
-                String query = null;
+                String fileFilter = null;
                String dataArtifactFilter = null;
                try {
-                    query = getFileFilter(filter, datasourceObjId);
+                    fileFilter = getFileFilter(filter, datasourceObjId);
-                    ret = skCase.findAllFilesWhere(query);
+                    dataArtifactFilter = getDataArtifactFilter(filter, datasourceObjId);
                    ret.addAll(skCase.findAllFilesWhere(fileFilter));
                    ret.addAll(skCase.getBlackboard().getDataArtifactsWhere(dataArtifactFilter));
                } catch (TskCoreException | IllegalArgumentException e) {
-                    logger.log(Level.SEVERE, "Error getting files for the deleted content view using: " + StringUtils.defaultString(query, "<null>"), e); //NON-NLS
+                    logger.log(Level.SEVERE, MessageFormat.format(
                            "Error getting files for the deleted content view using file filter: {0} data artifact filter: {1}",
                            StringUtils.defaultString(fileFilter, "<null>"),
                            StringUtils.defaultString(dataArtifactFilter, "<null>")), e); //NON-NLS
                }
                return ret;
@ -531,66 +612,201 @@ public class ScoreContent implements AutopsyVisitableItem {
            }
            @Override
-            protected List<AbstractFile> makeKeys() {
+            protected List<Content> makeKeys() {
                return runFsQuery();
            }
            @Override
-            protected Node createNodeForKey(AbstractFile key) {
+            protected Node createNodeForKey(Content key) {
                return key.accept(new ContentVisitor.Default<AbstractNode>() {
                    public FileNode visit(AbstractFile f) {
-                        return new FileNode(f, false);
+                        return new ScoreFileNode(f, false);
                    }
                    public FileNode visit(FsContent f) {
-                        return new FileNode(f, false);
+                        return new ScoreFileNode(f, false);
                    }
                    @Override
                    public FileNode visit(LayoutFile f) {
-                        return new FileNode(f, false);
+                        return new ScoreFileNode(f, false);
                    }
                    @Override
                    public FileNode visit(File f) {
-                        return new FileNode(f, false);
+                        return new ScoreFileNode(f, false);
                    }
                    @Override
                    public FileNode visit(Directory f) {
-                        return new FileNode(f, false);
+                        return new ScoreFileNode(f, false);
                    }
                    @Override
                    public FileNode visit(VirtualDirectory f) {
-                        return new FileNode(f, false);
+                        return new ScoreFileNode(f, false);
                    }
                    @Override
                    public AbstractNode visit(SlackFile sf) {
-                        return new FileNode(sf, false);
+                        return new ScoreFileNode(sf, false);
                    }
                    @Override
                    public AbstractNode visit(LocalFile lf) {
-                        return new FileNode(lf, false);
+                        return new ScoreFileNode(lf, false);
                    }
                    @Override
                    public AbstractNode visit(DerivedFile df) {
-                        return new FileNode(df, false);
+                        return new ScoreFileNode(df, false);
                    }
-                    
+
                    @Override
                    public AbstractNode visit(BlackboardArtifact ba) {
                        return new ScoreArtifactNode(ba);
                    }
                    @Override
                    protected AbstractNode defaultVisit(Content di) {
                        if (di instanceof AbstractFile) {
                            return visit((AbstractFile) di);
                        } else {
-                            throw new UnsupportedOperationException("Not supported for this type of Displayable Item: " + di.toString());    
+                            throw new UnsupportedOperationException("Not supported for this type of Displayable Item: " + di.toString());
                        }
                    }
                });
            }
        }
    }
    private static final String SOURCE_PROP = "Source";
    private static final String TYPE_PROP = "Type";
    private static final String PATH_PROP = "Path";
    private static final String DATE_PROP = "Created Date";
    private static Sheet createScoreSheet(String type, String path, Long time) {
        Sheet sheet = new Sheet();
        Sheet.Set sheetSet = Sheet.createPropertiesSet();
        sheet.put(sheetSet);
        List<NodeProperty<?>> properties = new ArrayList<>();
        properties.add(new NodeProperty<>(
                SOURCE_PROP,
                SOURCE_PROP,
                NO_DESCR,
                StringUtils.defaultString(path)));
        properties.add(new NodeProperty<>(
                TYPE_PROP,
                TYPE_PROP,
                NO_DESCR,
                type));
        if (StringUtils.isNotBlank(path)) {
            properties.add(new NodeProperty<>(
                    PATH_PROP,
                    PATH_PROP,
                    NO_DESCR,
                    path));
        }
        if (time != null && time > 0) {
            properties.add(new NodeProperty<>(
                    DATE_PROP,
                    DATE_PROP,
                    NO_DESCR,
                    TimeZoneUtils.getFormattedTime(time)));
        }
        properties.forEach((property) -> {
            sheetSet.put(property);
        });
        return sheet;
    }
    public static class ScoreArtifactNode extends BlackboardArtifactNode {
        private static final Logger logger = Logger.getLogger(ScoreArtifactNode.class.getName());
        private static final List<BlackboardAttribute.Type> TIME_ATTRS = Arrays.asList(
                BlackboardAttribute.Type.TSK_DATETIME,
                BlackboardAttribute.Type.TSK_DATETIME_ACCESSED,
                BlackboardAttribute.Type.TSK_DATETIME_RCVD,
                BlackboardAttribute.Type.TSK_DATETIME_SENT,
                BlackboardAttribute.Type.TSK_DATETIME_CREATED,
                BlackboardAttribute.Type.TSK_DATETIME_MODIFIED,
                BlackboardAttribute.Type.TSK_DATETIME_START,
                BlackboardAttribute.Type.TSK_DATETIME_END,
                BlackboardAttribute.Type.TSK_DATETIME_DELETED,
                BlackboardAttribute.Type.TSK_DATETIME_PASSWORD_RESET,
                BlackboardAttribute.Type.TSK_DATETIME_PASSWORD_FAIL
        );
        private static final Map<Integer, Integer> TIME_ATTR_IMPORTANCE = IntStream.range(0, TIME_ATTRS.size())
                .mapToObj(idx -> Pair.of(TIME_ATTRS.get(idx).getTypeID(), idx))
                .collect(Collectors.toMap(Entry::getKey, Entry::getValue, (v1, v2) -> v1));
        public ScoreArtifactNode(BlackboardArtifact artifact) {
            super(artifact);
        }
        private Long getTime(BlackboardArtifact artifact) {
            try {
                BlackboardAttribute timeAttr = artifact.getAttributes().stream()
                        .filter((attr) -> TIME_ATTR_IMPORTANCE.keySet().contains(attr.getAttributeType().getTypeID()))
                        .sorted(Comparator.comparing(attr -> TIME_ATTR_IMPORTANCE.get(attr.getAttributeType().getTypeID())))
                        .findFirst()
                        .orElse(null);
                if (timeAttr != null) {
                    return timeAttr.getValueLong();
                } else {
                    return (artifact.getParent() instanceof AbstractFile) ? ((AbstractFile) artifact.getParent()).getCtime() : null;
                }
            } catch (TskCoreException ex) {
                logger.log(Level.WARNING, "An exception occurred while fetching time for artifact", ex);
                return null;
            }
        }
        @Override
        protected synchronized Sheet createSheet() {
            try {
                return createScoreSheet(
                        this.content.getType().getDisplayName(),
                        this.content.getUniquePath(),
                        getTime(this.content)
                );
            } catch (TskCoreException ex) {
                logger.log(Level.WARNING, "An error occurred while fetching sheet data for score artifact.", ex);
                return new Sheet();
            }
        }
    }
    @Messages("ScoreContent_ScoreFileNode_type=File")
    public static class ScoreFileNode extends FileNode {
        private static final Logger logger = Logger.getLogger(ScoreFileNode.class.getName());
        public ScoreFileNode(AbstractFile af, boolean directoryBrowseMode) {
            super(af, directoryBrowseMode);
        }
        @Override
        protected synchronized Sheet createSheet() {
            try {
                return createScoreSheet(
                        Bundle.ScoreContent_ScoreFileNode_type(),
                        this.content.getUniquePath(),
                        this.content.getCtime()
                );
            } catch (TskCoreException ex) {
                logger.log(Level.WARNING, "An error occurred while fetching sheet data for score file.", ex);
                return new Sheet();
            }
        }
    }
 }
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ViewsNode.java
@ -46,8 +46,7 @@ public class ViewsNode extends DisplayableItemNode {
                    // add it back in if we can filter the results to a more managable size. 
                    // new RecentFiles(sleuthkitCase),
                    new DeletedContent(sleuthkitCase, dsObjId),
-                    new FileSize(sleuthkitCase, dsObjId),
+                    new FileSize(sleuthkitCase, dsObjId))
                    new ScoreContent(sleuthkitCase, dsObjId))
                ),
                Lookups.singleton(NAME)
            );
--- a/Core/src/org/sleuthkit/autopsy/integrationtesting/OutputResults.java
+++ b/Core/src/org/sleuthkit/autopsy/integrationtesting/OutputResults.java
@ -114,7 +114,7 @@ class OutputResults {
    /**
     * Used by yaml serialization to properly represent objects.
     */
-    private static final Representer MAP_REPRESENTER = new Representer() {
+    private static final Representer MAP_REPRESENTER = new Representer(new DumperOptions()) {
        @Override
        protected MappingNode representJavaBean(Set<Property> properties, Object javaBean) {
            // don't show class name in yaml
--- a/CoreLibs/ivy.xml
+++ b/CoreLibs/ivy.xml
@ -74,7 +74,7 @@
        <!-- commmon -->
        <dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-lang3" rev="3.12.0"/>
        <dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-csv" rev="1.9.0"/>
-        <dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-text" rev="1.9"/>
+        <dependency conf="autopsy_core->default" org="org.apache.commons" name="commons-text" rev="1.10.0"/>
        <!-- keep old commons-lang because some deps may need it at runtime. 
        Note there is no namespace collision with ver 3 -->
@ -87,7 +87,7 @@
        <dependency conf="autopsy_core->default" org="net.htmlparser.jericho" name="jericho-html" rev="3.4"/>
-        <dependency conf="autopsy_core->default" org="com.fasterxml.jackson.dataformat" name="jackson-dataformat-csv" rev="2.13.2"/>
+        <dependency conf="autopsy_core->default" org="com.fasterxml.jackson.dataformat" name="jackson-dataformat-csv" rev="2.15.2"/>
        <!-- better image resizing -->
        <dependency conf="autopsy_core->default" org="org.imgscalr" name="imgscalr-lib" rev="4.2" />
@ -141,9 +141,9 @@
        <override org="org.slf4j" module="slf4j-api" rev="1.7.36"/>
        <override org="com.google.code.gson" module="gson" rev="2.9.0"/>
-        <override org="com.google.guava" module="guava" rev="31.1-jre"/>
+        <override org="com.google.guava" module="guava" rev="32.0.1-jre"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.15.2"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
        <!-- changes to bouncy castle version may also be reflected in thirdparty/IcePDF 6.2.2 -->
        <override org="org.bouncycastle" module="bcprov-jdk15on" rev="1.70"/>
--- a/CoreLibs/nbproject/project.properties
+++ b/CoreLibs/nbproject/project.properties
@ -22,7 +22,7 @@ file.reference.commons-io-2.11.0.jar=release/modules/ext/commons-io-2.11.0.jar
 file.reference.commons-lang-2.6.jar=release/modules/ext/commons-lang-2.6.jar
 file.reference.commons-lang3-3.12.0.jar=release/modules/ext/commons-lang3-3.12.0.jar
 file.reference.commons-logging-1.2.jar=release/modules/ext/commons-logging-1.2.jar
-file.reference.commons-text-1.9.jar=release/modules/ext/commons-text-1.9.jar
+file.reference.commons-text-1.10.0.jar=release/modules/ext/commons-text-1.10.0.jar
 file.reference.commons-validator-1.7.jar=release/modules/ext/commons-validator-1.7.jar
 file.reference.compiler-0.9.10.jar=release/modules/ext/compiler-0.9.10.jar
 file.reference.conscrypt-openjdk-uber-2.5.1.jar=release/modules/ext/conscrypt-openjdk-uber-2.5.1.jar
@ -61,7 +61,7 @@ file.reference.grpc-stub-1.44.1.jar=release/modules/ext/grpc-stub-1.44.1.jar
 file.reference.grpc-xds-1.44.1.jar=release/modules/ext/grpc-xds-1.44.1.jar
 file.reference.gson-2.9.0.jar=release/modules/ext/gson-2.9.0.jar
 file.reference.gst1-java-core-1.4.0.jar=release/modules/ext/gst1-java-core-1.4.0.jar
-file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
+file.reference.guava-32.0.1-jre.jar=release/modules/ext/guava-32.0.1-jre.jar
 file.reference.httpclient-4.5.13.jar=release/modules/ext/httpclient-4.5.13.jar
 file.reference.httpcore-4.4.15.jar=release/modules/ext/httpcore-4.4.15.jar
 file.reference.imageio-bmp-3.8.2.jar=release/modules/ext/imageio-bmp-3.8.2.jar
@ -80,10 +80,10 @@ file.reference.imageio-thumbsdb-3.8.2.jar=release/modules/ext/imageio-thumbsdb-3
 file.reference.imageio-tiff-3.8.2.jar=release/modules/ext/imageio-tiff-3.8.2.jar
 file.reference.imgscalr-lib-4.2.jar=release/modules/ext/imgscalr-lib-4.2.jar
 file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
-file.reference.jackson-annotations-2.13.2.jar=release/modules/ext/jackson-annotations-2.13.2.jar
+file.reference.jackson-annotations-2.15.2.jar=release/modules/ext/jackson-annotations-2.15.2.jar
-file.reference.jackson-core-2.13.2.jar=release/modules/ext/jackson-core-2.13.2.jar
+file.reference.jackson-core-2.15.2.jar=release/modules/ext/jackson-core-2.15.2.jar
-file.reference.jackson-databind-2.13.2.jar=release/modules/ext/jackson-databind-2.13.2.jar
+file.reference.jackson-databind-2.15.2.jar=release/modules/ext/jackson-databind-2.15.2.jar
-file.reference.jackson-dataformat-csv-2.13.2.jar=release/modules/ext/jackson-dataformat-csv-2.13.2.jar
+file.reference.jackson-dataformat-csv-2.15.2.jar=release/modules/ext/jackson-dataformat-csv-2.15.2.jar
 file.reference.javafx-base-17.0.7-linux.jar=release/modules/ext/javafx-base-17.0.7-linux.jar
 file.reference.javafx-base-17.0.7-mac.jar=release/modules/ext/javafx-base-17.0.7-mac.jar
 file.reference.javafx-base-17.0.7-win.jar=release/modules/ext/javafx-base-17.0.7-win.jar
--- a/CoreLibs/nbproject/project.xml
+++ b/CoreLibs/nbproject/project.xml
@ -684,8 +684,8 @@
                <binary-origin>release/modules/ext/commons-logging-1.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/commons-text-1.9.jar</runtime-relative-path>
+                <runtime-relative-path>ext/commons-text-1.10.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/commons-text-1.9.jar</binary-origin>
+                <binary-origin>release/modules/ext/commons-text-1.10.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/commons-validator-1.7.jar</runtime-relative-path>
@ -840,8 +840,8 @@
                <binary-origin>release/modules/ext/gst1-java-core-1.4.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
+                <runtime-relative-path>ext/guava-32.0.1-jre.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
+                <binary-origin>release/modules/ext/guava-32.0.1-jre.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/httpclient-4.5.13.jar</runtime-relative-path>
@ -916,20 +916,20 @@
                <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-annotations-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-annotations-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-annotations-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-annotations-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-core-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-core-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-core-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-core-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-databind-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-databind-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-databind-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-databind-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-dataformat-csv-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-dataformat-csv-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-dataformat-csv-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-dataformat-csv-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/javafx-base-17.0.7-linux.jar</runtime-relative-path>
--- a/KeywordSearch/ivy.xml
+++ b/KeywordSearch/ivy.xml
@ -31,9 +31,9 @@
        <dependency conf="autopsy->default" org="junit" name="junit" rev="4.13.2"/>
        <!-- Jetty -->
-		<dependency conf="start-solr->default" org="org.eclipse.jetty" name="jetty-start" rev="11.0.8"/>
+		<dependency conf="start-solr->default" org="org.eclipse.jetty" name="jetty-start" rev="11.0.15"/>
-        <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-server" rev="11.0.8"/>
+        <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-server" rev="11.0.15"/>
-        <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-deploy" rev="11.0.8"/>
+        <dependency conf="jetty-libs->default" org="org.eclipse.jetty" name="jetty-deploy" rev="11.0.15"/>
        <dependency conf="servlet->default" org="org.eclipse.jetty.orbit" name="javax.servlet" rev="3.0.0.v201112011016"/>
        <!-- logging -->
--- a/KeywordSearch/nbproject/project.properties
+++ b/KeywordSearch/nbproject/project.properties
@ -1,10 +1,7 @@
 file.reference.annotations-12.0.jar=release/modules/ext/annotations-12.0.jar
 file.reference.checker-qual-3.12.0.jar=release/modules/ext/checker-qual-3.12.0.jar
 file.reference.commons-io-2.8.0.jar=release/modules/ext/commons-io-2.8.0.jar
 file.reference.commons-lang-2.6.jar=release/modules/ext/commons-lang-2.6.jar
 file.reference.commons-math3-3.6.1.jar=release/modules/ext/commons-math3-3.6.1.jar
 file.reference.error_prone_annotations-2.11.0.jar=release/modules/ext/error_prone_annotations-2.11.0.jar
 file.reference.failureaccess-1.0.1.jar=release/modules/ext/failureaccess-1.0.1.jar
 file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
 file.reference.hamcrest-core-1.3.jar=release/modules/ext/hamcrest-core-1.3.jar
 file.reference.http2-client-9.4.44.v20210927.jar=release/modules/ext/http2-client-9.4.44.v20210927.jar
@ -15,7 +12,6 @@ file.reference.httpclient-4.5.13.jar=release/modules/ext/httpclient-4.5.13.jar
 file.reference.httpcore-4.4.14.jar=release/modules/ext/httpcore-4.4.14.jar
 file.reference.httpmime-4.5.13.jar=release/modules/ext/httpmime-4.5.13.jar
 file.reference.icu4j-70.1.jar=release/modules/ext/icu4j-70.1.jar
 file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
 file.reference.jcl-over-slf4j-1.7.24.jar=release/modules/ext/jcl-over-slf4j-1.7.24.jar
 file.reference.jetty-alpn-client-9.4.44.v20210927.jar=release/modules/ext/jetty-alpn-client-9.4.44.v20210927.jar
 file.reference.jetty-alpn-java-client-9.4.44.v20210927.jar=release/modules/ext/jetty-alpn-java-client-9.4.44.v20210927.jar
@ -25,12 +21,11 @@ file.reference.jetty-http-9.4.44.v20210927.jar=release/modules/ext/jetty-http-9.
 file.reference.jetty-io-9.4.44.v20210927.jar=release/modules/ext/jetty-io-9.4.44.v20210927.jar
 file.reference.jetty-util-9.4.44.v20210927.jar=release/modules/ext/jetty-util-9.4.44.v20210927.jar
 file.reference.jsonic-1.2.11.jar=release/modules/ext/jsonic-1.2.11.jar
 file.reference.jsr305-3.0.2.jar=release/modules/ext/jsr305-3.0.2.jar
 file.reference.junit-4.13.2.jar=release/modules/ext/junit-4.13.2.jar
 file.reference.language-detector-0.6.jar=release/modules/ext/language-detector-0.6.jar
 file.reference.listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar=release/modules/ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
 file.reference.logback-classic-1.2.10.jar=release/modules/ext/logback-classic-1.2.10.jar
 file.reference.logback-core-1.2.10.jar=release/modules/ext/logback-core-1.2.10.jar
 file.reference.lucene-core-8.11.2.jar=release/modules/ext/lucene-core-8.11.2.jar
 file.reference.netty-buffer-4.1.68.Final.jar=release/modules/ext/netty-buffer-4.1.68.Final.jar
 file.reference.netty-codec-4.1.68.Final.jar=release/modules/ext/netty-codec-4.1.68.Final.jar
 file.reference.netty-common-4.1.68.Final.jar=release/modules/ext/netty-common-4.1.68.Final.jar
@ -48,7 +43,6 @@ file.reference.stax2-api-4.2.1.jar=release/modules/ext/stax2-api-4.2.1.jar
 file.reference.woodstox-core-6.2.4.jar=release/modules/ext/woodstox-core-6.2.4.jar
 file.reference.zookeeper-3.8.0.jar=release/modules/ext/zookeeper-3.8.0.jar
 file.reference.zookeeper-jute-3.8.0.jar=release/modules/ext/zookeeper-jute-3.8.0.jar
 file.reference.lucene-core-8.11.2.jar=release/modules/ext/lucene-core-8.11.2.jar
 javac.source=17
 javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
--- a/KeywordSearch/nbproject/project.xml
+++ b/KeywordSearch/nbproject/project.xml
@ -238,10 +238,6 @@
                <runtime-relative-path>ext/annotations-12.0.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/annotations-12.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/checker-qual-3.12.0.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/checker-qual-3.12.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/commons-io-2.8.0.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/commons-io-2.8.0.jar</binary-origin>
@ -254,14 +250,6 @@
                <runtime-relative-path>ext/commons-math3-3.6.1.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/commons-math3-3.6.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/error_prone_annotations-2.11.0.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/error_prone_annotations-2.11.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/failureaccess-1.0.1.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/failureaccess-1.0.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
@ -302,10 +290,6 @@
                <runtime-relative-path>ext/icu4j-70.1.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/icu4j-70.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/j2objc-annotations-1.3.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/jcl-over-slf4j-1.7.24.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/jcl-over-slf4j-1.7.24.jar</binary-origin>
@ -342,10 +326,6 @@
                <runtime-relative-path>ext/jsonic-1.2.11.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/jsonic-1.2.11.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/jsr305-3.0.2.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/jsr305-3.0.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/junit-4.13.2.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/junit-4.13.2.jar</binary-origin>
@ -354,10 +334,6 @@
                <runtime-relative-path>ext/language-detector-0.6.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/language-detector-0.6.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/logback-classic-1.2.10.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/logback-classic-1.2.10.jar</binary-origin>
@ -366,6 +342,10 @@
                <runtime-relative-path>ext/logback-core-1.2.10.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/logback-core-1.2.10.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/lucene-core-8.11.2.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/lucene-core-8.11.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/netty-buffer-4.1.68.Final.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/netty-buffer-4.1.68.Final.jar</binary-origin>
@ -434,10 +414,6 @@
                <runtime-relative-path>ext/zookeeper-jute-3.8.0.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/zookeeper-jute-3.8.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/lucene-core-8.11.2.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/lucene-core-8.11.2.jar</binary-origin>
            </class-path-extension>
        </data>
    </configuration>
 </project>
--- a/Tika/ivy.xml
+++ b/Tika/ivy.xml
@ -7,14 +7,14 @@
        <dependency conf="tika->default" org="org.apache.tika" name="tika-parsers" rev="1.28.1"/>
        <dependency conf="tika->default" org="org.apache.poi" name="ooxml-schemas" rev="1.4"/>
-        <override org="org.jsoup" module="jsoup" rev="1.14.3"/>
+        <override org="org.jsoup" module="jsoup" rev="1.16.1"/>
        <override org="org.apache.poi" module="poi-ooxml-schemas" rev="4.1.2"/>
        <override org="org.slf4j" module="slf4j-api" rev="1.7.36"/>
        <override org="com.google.code.gson" module="gson" rev="2.9.0"/>
-        <override org="com.google.guava" module="guava" rev="31.1-jre"/>
+        <override org="com.google.guava" module="guava" rev="32.0.1-jre"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-databind" rev="2.15.2"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-annotations" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-annotations" rev="2.15.2"/>
        <!-- changes to bouncy castle version may also be reflected in thirdparty/IcePDF 6.2.2 -->
        <override org="org.bouncycastle" module="bcmail-jdk15on" rev="1.70"/>
--- a/Tika/nbproject/project.properties
+++ b/Tika/nbproject/project.properties
@ -9,7 +9,7 @@ file.reference.boilerpipe-1.1.0.jar=release/modules/ext/boilerpipe-1.1.0.jar
 file.reference.bzip2-0.9.1.jar=release/modules/ext/bzip2-0.9.1.jar
 file.reference.c3p0-0.9.5.5.jar=release/modules/ext/c3p0-0.9.5.5.jar
 file.reference.cdm-4.5.5.jar=release/modules/ext/cdm-4.5.5.jar
-file.reference.checker-qual-3.12.0.jar=release/modules/ext/checker-qual-3.12.0.jar
+file.reference.checker-qual-3.33.0.jar=release/modules/ext/checker-qual-3.33.0.jar
 file.reference.commons-codec-1.15.jar=release/modules/ext/commons-codec-1.15.jar
 file.reference.commons-collections4-4.4.jar=release/modules/ext/commons-collections4-4.4.jar
 file.reference.commons-compress-1.21.jar=release/modules/ext/commons-compress-1.21.jar
@ -28,13 +28,13 @@ file.reference.cxf-rt-transports-http-3.5.0.jar=release/modules/ext/cxf-rt-trans
 file.reference.dd-plist-1.23.jar=release/modules/ext/dd-plist-1.23.jar
 file.reference.dec-0.1.2.jar=release/modules/ext/dec-0.1.2.jar
 file.reference.ehcache-core-2.6.2.jar=release/modules/ext/ehcache-core-2.6.2.jar
-file.reference.error_prone_annotations-2.11.0.jar=release/modules/ext/error_prone_annotations-2.11.0.jar
+file.reference.error_prone_annotations-2.18.0.jar=release/modules/ext/error_prone_annotations-2.18.0.jar
 file.reference.failureaccess-1.0.1.jar=release/modules/ext/failureaccess-1.0.1.jar
 file.reference.fontbox-2.0.25.jar=release/modules/ext/fontbox-2.0.25.jar
 file.reference.geoapi-3.0.1.jar=release/modules/ext/geoapi-3.0.1.jar
 file.reference.grib-4.5.5.jar=release/modules/ext/grib-4.5.5.jar
 file.reference.gson-2.9.0.jar=release/modules/ext/gson-2.9.0.jar
-file.reference.guava-31.1-jre.jar=release/modules/ext/guava-31.1-jre.jar
+file.reference.guava-32.0.1-jre.jar=release/modules/ext/guava-32.0.1-jre.jar
 file.reference.HikariCP-java7-2.4.13.jar=release/modules/ext/HikariCP-java7-2.4.13.jar
 file.reference.httpclient-4.5.13.jar=release/modules/ext/httpclient-4.5.13.jar
 file.reference.httpcore-4.4.13.jar=release/modules/ext/httpcore-4.4.13.jar
@ -42,12 +42,12 @@ file.reference.httpmime-4.5.13.jar=release/modules/ext/httpmime-4.5.13.jar
 file.reference.httpservices-4.5.5.jar=release/modules/ext/httpservices-4.5.5.jar
 file.reference.isoparser-1.9.41.7.jar=release/modules/ext/isoparser-1.9.41.7.jar
 file.reference.istack-commons-runtime-3.0.12.jar=release/modules/ext/istack-commons-runtime-3.0.12.jar
-file.reference.j2objc-annotations-1.3.jar=release/modules/ext/j2objc-annotations-1.3.jar
+file.reference.j2objc-annotations-2.8.jar=release/modules/ext/j2objc-annotations-2.8.jar
 file.reference.jackcess-4.0.1.jar=release/modules/ext/jackcess-4.0.1.jar
 file.reference.jackcess-encrypt-4.0.1.jar=release/modules/ext/jackcess-encrypt-4.0.1.jar
-file.reference.jackson-annotations-2.13.2.jar=release/modules/ext/jackson-annotations-2.13.2.jar
+file.reference.jackson-annotations-2.15.2.jar=release/modules/ext/jackson-annotations-2.15.2.jar
-file.reference.jackson-core-2.13.2.jar=release/modules/ext/jackson-core-2.13.2.jar
+file.reference.jackson-core-2.15.2.jar=release/modules/ext/jackson-core-2.15.2.jar
-file.reference.jackson-databind-2.13.2.jar=release/modules/ext/jackson-databind-2.13.2.jar
+file.reference.jackson-databind-2.15.2.jar=release/modules/ext/jackson-databind-2.15.2.jar
 file.reference.jai-imageio-core-1.4.0.jar=release/modules/ext/jai-imageio-core-1.4.0.jar
 file.reference.jakarta.activation-1.2.2.jar=release/modules/ext/jakarta.activation-1.2.2.jar
 file.reference.jakarta.activation-api-1.2.2.jar=release/modules/ext/jakarta.activation-api-1.2.2.jar
--- a/Tika/nbproject/project.xml
+++ b/Tika/nbproject/project.xml
@ -400,8 +400,8 @@
                <binary-origin>release/modules/ext/cdm-4.5.5.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/checker-qual-3.12.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/checker-qual-3.33.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/checker-qual-3.12.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/checker-qual-3.33.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/commons-codec-1.15.jar</runtime-relative-path>
@ -476,8 +476,8 @@
                <binary-origin>release/modules/ext/ehcache-core-2.6.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/error_prone_annotations-2.11.0.jar</runtime-relative-path>
+                <runtime-relative-path>ext/error_prone_annotations-2.18.0.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/error_prone_annotations-2.11.0.jar</binary-origin>
+                <binary-origin>release/modules/ext/error_prone_annotations-2.18.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/failureaccess-1.0.1.jar</runtime-relative-path>
@ -500,8 +500,8 @@
                <binary-origin>release/modules/ext/gson-2.9.0.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/guava-31.1-jre.jar</runtime-relative-path>
+                <runtime-relative-path>ext/guava-32.0.1-jre.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/guava-31.1-jre.jar</binary-origin>
+                <binary-origin>release/modules/ext/guava-32.0.1-jre.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/HikariCP-java7-2.4.13.jar</runtime-relative-path>
@ -532,8 +532,8 @@
                <binary-origin>release/modules/ext/istack-commons-runtime-3.0.12.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/j2objc-annotations-1.3.jar</runtime-relative-path>
+                <runtime-relative-path>ext/j2objc-annotations-2.8.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/j2objc-annotations-1.3.jar</binary-origin>
+                <binary-origin>release/modules/ext/j2objc-annotations-2.8.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/jackcess-4.0.1.jar</runtime-relative-path>
@ -544,16 +544,16 @@
                <binary-origin>release/modules/ext/jackcess-encrypt-4.0.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-annotations-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-annotations-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-annotations-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-annotations-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-core-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-core-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-core-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-core-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-databind-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-databind-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-databind-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-databind-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/jai-imageio-core-1.4.0.jar</runtime-relative-path>
--- a/thirdparty/Volatility/AUTHORS-2.5.txt
+++ b/thirdparty/Volatility/AUTHORS-2.5.txt
@ -1,42 +0,0 @@
 ===============================================
 This file identifies core Volatility authors. 
 All lists are alphabetical. 
 ===============================================
 Volatility 2.4, 2.5:
 ------------
 Mike Auty
 Andrew Case
 Michael Hale Ligh
 Jamie Levy
 AAron Walters
 Volatility 2.0, 2.1, 2.2, 2.3:
 ------------
 Mike Auty
 Andrew Case
 Michael Cohen
 Brendan Dolan-Gavitt
 Michael Hale Ligh
 Jamie Levy
 AAron Walters
 Volatility 1.3:
 ------------
 AAron Walters <awalters@4tphi.net>
 Volatile Systems LLC
 Brendan Dolan-Gavitt <bdolangavitt@wesleyan.edu>
 Volatools Basic authors:
 ------------
 AAron Walters 
 Komoku, Inc.
 Nick L. Petroni, Jr.
 Komoku, Inc.
--- a/thirdparty/Volatility/CREDITS-2.5.txt
+++ b/thirdparty/Volatility/CREDITS-2.5.txt
@ -1,105 +0,0 @@
 ===============================================
 We would like to acknowledge individuals that 
 have made significant contributions, code, or 
 ideas toward the respective volatility releases. 
 All lists are alphabetical. 
 These lists exclude the core Volatility authors, 
 who are identified in AUTHORS.txt. 
 If you believe you've been left off, it is not 
 intentional. Please bring it to our attention!
 ===============================================
 Volatility 2.5: 
 Adam Bridge for adding a --count option (humanly readable byte stats) to imagecopy/raw2dmp
 Sebastien Bourdon-Richard for various patches and bug fixes
 Bruno Constanzo for various patches to enhance performance/optimization 
 Glenn P. Edwards, Jr for adding combined user/kernel scans, --case, and ascii/unicode options to yarascan
@f-s-p for converting some plugins to unfied output format
 Cem Gurkok for submitting the mac_threads plugin
 Takahiro Haruyama for noticing and fixing a bug in impscan
@masdif for contributing a fix for kernel 3.7+ in linux/module.c
 Wyatt Roersma for converting a large number of plugins to the unified output format
 Karl Vogel for pointing out an issue with IPv4 addresses on big endian systems
 Volatility 2.4:
 Steven Adair for assistance identifying a large memory PAE bug
 Sebastien Bourdon-Richard for his work on the VMware vmem/vmss split (with meta) AS 
 Justin Capella and Espen Olsen for their work on the Qemu ELF core dumps
 Cem Gurkok for help updating Mac OS X support for 10.9
 Matt McCormack for supplying a patch to rebase dumped PE files
 Stewart McIntyre for extending apihooks for detecting JMP FAR instructions
 Kevin Marker for contributing over 160 standard build Linux profiles 
 synack33 for creating various Mac OS X profiles, including initial ones for 10.10
 Raphaël Vinot for his patch to fix IPython within volshell
 Volatility 2.3:
 Cem Gurkok for his work on the privileges plugin for Windows
 Nir Izraeli for his work on the VMware snapshot address space (see also the vmsnparser project)
@osxmem of the volafox project (Mac OS X & BSD Memory Analysis Toolkit)
@osxreverser of reverse.put.as for his help with OSX memory analysis
 Carl Pulley for numerous bug reports, example patches, and plugin testing
 Andreas Schuster for his work on poison ivy plugins for Windows
 Joe Sylve for his work on the ARM address space and significant contributions to linux and mac capabilities
 Philippe Teuwen for his work on the virtual box address space
 Santiago Vicente for his work on the citadel plugins for Windows
 Volatility 2.2:
 ------------
 Joe Sylve
 Volatility 2.1:
 ------------
 --- 
 Volatility 2.0:
 ------------
 Frank Boldewin 
 Carl Pulley
 Andreas Schuster
 Bradley Schatz
 Volatility 1.3:
 ------------
 Harlan Carvey
 Michael Cohen
 David Collett
 Brendan Dolan-Gavitt 
 Andreas Schuster
 Matthieu Suiche
 We would also like to acknowledge those who have provided valuable
 feedback, bug reports, and testing:
 Jide Abu
 Joseph Ayo Akinyele
 Tommaso Assandri
 Richard Austin
 Cameron C Caffee
 Eoghan Casey
 Angelo Cavallini
 Andre' DiMino
 Jon Evans
 Robert Guess
 Christian Herndler
 jeremie0
 Eugene Libster
 Erik Ligda
 Robert Lowe
 Tony Martin
 Timothy Morgan
 Bryan D. Payne
 Golden G. Richard III
 Wyatt Roersma
 RB
 Sam F. Stover
 Marko Thure
--- a/thirdparty/Volatility/LEGAL-2.5.txt
+++ b/thirdparty/Volatility/LEGAL-2.5.txt
@ -1,20 +0,0 @@
 Volatility
 ===============
 License
 -------
 Copyright (C) 2007-2013 Volatility Foundation
 Volatility is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.
 Volatility is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
--- a/thirdparty/Volatility/LICENSE-2.5.txt
+++ b/thirdparty/Volatility/LICENSE-2.5.txt
@ -1,281 +0,0 @@
 		    GNU GENERAL PUBLIC LICENSE
 		       Version 2, June 1991
 Copyright (C) 1989, 1991 Free Software Foundation, Inc.
 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
 Everyone is permitted to copy and distribute verbatim copies
 of this license document, but changing it is not allowed.
 			    Preamble
  The licenses for most software are designed to take away your
 freedom to share and change it.  By contrast, the GNU General Public
 License is intended to guarantee your freedom to share and change free
 software--to make sure the software is free for all its users.  This
 General Public License applies to most of the Free Software
 Foundation's software and to any other program whose authors commit to
 using it.  (Some other Free Software Foundation software is covered by
 the GNU Library General Public License instead.)  You can apply it to
 your programs, too.
  When we speak of free software, we are referring to freedom, not
 price.  Our General Public Licenses are designed to make sure that you
 have the freedom to distribute copies of free software (and charge for
 this service if you wish), that you receive source code or can get it
 if you want it, that you can change the software or use pieces of it
 in new free programs; and that you know you can do these things.
  To protect your rights, we need to make restrictions that forbid
 anyone to deny you these rights or to ask you to surrender the rights.
 These restrictions translate to certain responsibilities for you if you
 distribute copies of the software, or if you modify it.
  For example, if you distribute copies of such a program, whether
 gratis or for a fee, you must give the recipients all the rights that
 you have.  You must make sure that they, too, receive or can get the
 source code.  And you must show them these terms so they know their
 rights.
  We protect your rights with two steps: (1) copyright the software, and
 (2) offer you this license which gives you legal permission to copy,
 distribute and/or modify the software.
  Also, for each author's protection and ours, we want to make certain
 that everyone understands that there is no warranty for this free
 software.  If the software is modified by someone else and passed on, we
 want its recipients to know that what they have is not the original, so
 that any problems introduced by others will not reflect on the original
 authors' reputations.
  Finally, any free program is threatened constantly by software
 patents.  We wish to avoid the danger that redistributors of a free
 program will individually obtain patent licenses, in effect making the
 program proprietary.  To prevent this, we have made it clear that any
 patent must be licensed for everyone's free use or not licensed at all.
  The precise terms and conditions for copying, distribution and
 modification follow.
 		    GNU GENERAL PUBLIC LICENSE
   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
  0. This License applies to any program or other work which contains
 a notice placed by the copyright holder saying it may be distributed
 under the terms of this General Public License.  The "Program", below,
 refers to any such program or work, and a "work based on the Program"
 means either the Program or any derivative work under copyright law:
 that is to say, a work containing the Program or a portion of it,
 either verbatim or with modifications and/or translated into another
 language.  (Hereinafter, translation is included without limitation in
 the term "modification".)  Each licensee is addressed as "you".
 Activities other than copying, distribution and modification are not
 covered by this License; they are outside its scope.  The act of
 running the Program is not restricted, and the output from the Program
 is covered only if its contents constitute a work based on the
 Program (independent of having been made by running the Program).
 Whether that is true depends on what the Program does.
  1. You may copy and distribute verbatim copies of the Program's
 source code as you receive it, in any medium, provided that you
 conspicuously and appropriately publish on each copy an appropriate
 copyright notice and disclaimer of warranty; keep intact all the
 notices that refer to this License and to the absence of any warranty;
 and give any other recipients of the Program a copy of this License
 along with the Program.
 You may charge a fee for the physical act of transferring a copy, and
 you may at your option offer warranty protection in exchange for a fee.
  2. You may modify your copy or copies of the Program or any portion
 of it, thus forming a work based on the Program, and copy and
 distribute such modifications or work under the terms of Section 1
 above, provided that you also meet all of these conditions:
    a) You must cause the modified files to carry prominent notices
    stating that you changed the files and the date of any change.
    b) You must cause any work that you distribute or publish, that in
    whole or in part contains or is derived from the Program or any
    part thereof, to be licensed as a whole at no charge to all third
    parties under the terms of this License.
    c) If the modified program normally reads commands interactively
    when run, you must cause it, when started running for such
    interactive use in the most ordinary way, to print or display an
    announcement including an appropriate copyright notice and a
    notice that there is no warranty (or else, saying that you provide
    a warranty) and that users may redistribute the program under
    these conditions, and telling the user how to view a copy of this
    License.  (Exception: if the Program itself is interactive but
    does not normally print such an announcement, your work based on
    the Program is not required to print an announcement.)
 These requirements apply to the modified work as a whole.  If
 identifiable sections of that work are not derived from the Program,
 and can be reasonably considered independent and separate works in
 themselves, then this License, and its terms, do not apply to those
 sections when you distribute them as separate works.  But when you
 distribute the same sections as part of a whole which is a work based
 on the Program, the distribution of the whole must be on the terms of
 this License, whose permissions for other licensees extend to the
 entire whole, and thus to each and every part regardless of who wrote it.
 Thus, it is not the intent of this section to claim rights or contest
 your rights to work written entirely by you; rather, the intent is to
 exercise the right to control the distribution of derivative or
 collective works based on the Program.
 In addition, mere aggregation of another work not based on the Program
 with the Program (or with a work based on the Program) on a volume of
 a storage or distribution medium does not bring the other work under
 the scope of this License.
  3. You may copy and distribute the Program (or a work based on it,
 under Section 2) in object code or executable form under the terms of
 Sections 1 and 2 above provided that you also do one of the following:
    a) Accompany it with the complete corresponding machine-readable
    source code, which must be distributed under the terms of Sections
    1 and 2 above on a medium customarily used for software interchange; or,
    b) Accompany it with a written offer, valid for at least three
    years, to give any third party, for a charge no more than your
    cost of physically performing source distribution, a complete
    machine-readable copy of the corresponding source code, to be
    distributed under the terms of Sections 1 and 2 above on a medium
    customarily used for software interchange; or,
    c) Accompany it with the information you received as to the offer
    to distribute corresponding source code.  (This alternative is
    allowed only for noncommercial distribution and only if you
    received the program in object code or executable form with such
    an offer, in accord with Subsection b above.)
 The source code for a work means the preferred form of the work for
 making modifications to it.  For an executable work, complete source
 code means all the source code for all modules it contains, plus any
 associated interface definition files, plus the scripts used to
 control compilation and installation of the executable.  However, as a
 special exception, the source code distributed need not include
 anything that is normally distributed (in either source or binary
 form) with the major components (compiler, kernel, and so on) of the
 operating system on which the executable runs, unless that component
 itself accompanies the executable.
 If distribution of executable or object code is made by offering
 access to copy from a designated place, then offering equivalent
 access to copy the source code from the same place counts as
 distribution of the source code, even though third parties are not
 compelled to copy the source along with the object code.
  4. You may not copy, modify, sublicense, or distribute the Program
 except as expressly provided under this License.  Any attempt
 otherwise to copy, modify, sublicense or distribute the Program is
 void, and will automatically terminate your rights under this License.
 However, parties who have received copies, or rights, from you under
 this License will not have their licenses terminated so long as such
 parties remain in full compliance.
  5. You are not required to accept this License, since you have not
 signed it.  However, nothing else grants you permission to modify or
 distribute the Program or its derivative works.  These actions are
 prohibited by law if you do not accept this License.  Therefore, by
 modifying or distributing the Program (or any work based on the
 Program), you indicate your acceptance of this License to do so, and
 all its terms and conditions for copying, distributing or modifying
 the Program or works based on it.
  6. Each time you redistribute the Program (or any work based on the
 Program), the recipient automatically receives a license from the
 original licensor to copy, distribute or modify the Program subject to
 these terms and conditions.  You may not impose any further
 restrictions on the recipients' exercise of the rights granted herein.
 You are not responsible for enforcing compliance by third parties to
 this License.
  7. If, as a consequence of a court judgment or allegation of patent
 infringement or for any other reason (not limited to patent issues),
 conditions are imposed on you (whether by court order, agreement or
 otherwise) that contradict the conditions of this License, they do not
 excuse you from the conditions of this License.  If you cannot
 distribute so as to satisfy simultaneously your obligations under this
 License and any other pertinent obligations, then as a consequence you
 may not distribute the Program at all.  For example, if a patent
 license would not permit royalty-free redistribution of the Program by
 all those who receive copies directly or indirectly through you, then
 the only way you could satisfy both it and this License would be to
 refrain entirely from distribution of the Program.
 If any portion of this section is held invalid or unenforceable under
 any particular circumstance, the balance of the section is intended to
 apply and the section as a whole is intended to apply in other
 circumstances.
 It is not the purpose of this section to induce you to infringe any
 patents or other property right claims or to contest validity of any
 such claims; this section has the sole purpose of protecting the
 integrity of the free software distribution system, which is
 implemented by public license practices.  Many people have made
 generous contributions to the wide range of software distributed
 through that system in reliance on consistent application of that
 system; it is up to the author/donor to decide if he or she is willing
 to distribute software through any other system and a licensee cannot
 impose that choice.
 This section is intended to make thoroughly clear what is believed to
 be a consequence of the rest of this License.
  8. If the distribution and/or use of the Program is restricted in
 certain countries either by patents or by copyrighted interfaces, the
 original copyright holder who places the Program under this License
 may add an explicit geographical distribution limitation excluding
 those countries, so that distribution is permitted only in or among
 countries not thus excluded.  In such case, this License incorporates
 the limitation as if written in the body of this License.
  9. The Free Software Foundation may publish revised and/or new versions
 of the General Public License from time to time.  Such new versions will
 be similar in spirit to the present version, but may differ in detail to
 address new problems or concerns.
 Each version is given a distinguishing version number.  If the Program
 specifies a version number of this License which applies to it and "any
 later version", you have the option of following the terms and conditions
 either of that version or of any later version published by the Free
 Software Foundation.  If the Program does not specify a version number of
 this License, you may choose any version ever published by the Free Software
 Foundation.
  10. If you wish to incorporate parts of the Program into other free
 programs whose distribution conditions are different, write to the author
 to ask for permission.  For software which is copyrighted by the Free
 Software Foundation, write to the Free Software Foundation; we sometimes
 make exceptions for this.  Our decision will be guided by the two goals
 of preserving the free status of all derivatives of our free software and
 of promoting the sharing and reuse of software generally.
 			    NO WARRANTY
  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
 FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
 OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
 PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
 OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
 TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
 PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
 REPAIR OR CORRECTION.
  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
 WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
 REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
 INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
 OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
 TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
 YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
 PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
 POSSIBILITY OF SUCH DAMAGES.
 		     END OF TERMS AND CONDITIONS
--- a/thirdparty/Volatility/README-2.5.txt
+++ b/thirdparty/Volatility/README-2.5.txt
@ -1,553 +0,0 @@
 ============================================================================
 Volatility Framework - Volatile memory extraction utility framework
 ============================================================================
 The Volatility Framework is a completely open collection of tools,
 implemented in Python under the GNU General Public License, for the
 extraction of digital artifacts from volatile memory (RAM) samples.
 The extraction techniques are performed completely independent of the
 system being investigated but offer visibilty into the runtime state
 of the system. The framework is intended to introduce people to the
 techniques and complexities associated with extracting digital artifacts
 from volatile memory samples and provide a platform for further work into
 this exciting area of research.
 The Volatility distribution is available from: 
 http://www.volatilityfoundation.org/#!releases/component_71401
 Volatility should run on any platform that supports 
 Python (http://www.python.org)
 Volatility supports investigations of the following memory images:
 Windows:
 * 32-bit Windows XP Service Pack 2 and 3
 * 32-bit Windows 2003 Server Service Pack 0, 1, 2
 * 32-bit Windows Vista Service Pack 0, 1, 2
 * 32-bit Windows 2008 Server Service Pack 1, 2 (there is no SP0)
 * 32-bit Windows 7 Service Pack 0, 1
 * 32-bit Windows 8, 8.1, and 8.1 Update 1
 * 32-bit Windows 10 (initial support)
 * 64-bit Windows XP Service Pack 1 and 2 (there is no SP0)
 * 64-bit Windows 2003 Server Service Pack 1 and 2 (there is no SP0)
 * 64-bit Windows Vista Service Pack 0, 1, 2
 * 64-bit Windows 2008 Server Service Pack 1 and 2 (there is no SP0)
 * 64-bit Windows 2008 R2 Server Service Pack 0 and 1
 * 64-bit Windows 7 Service Pack 0 and 1
 * 64-bit Windows 8, 8.1, and 8.1 Update 1
 * 64-bit Windows Server 2012 and 2012 R2 
 * 64-bit Windows 10 (initial support)
 Linux: 
 * 32-bit Linux kernels 2.6.11 to 4.2.3
 * 64-bit Linux kernels 2.6.11 to 4.2.3
 * OpenSuSE, Ubuntu, Debian, CentOS, Fedora, Mandriva, etc
 Mac OSX:
 * 32-bit 10.5.x Leopard (the only 64-bit 10.5 is Server, which isn't supported)
 * 32-bit 10.6.x Snow Leopard
 * 64-bit 10.6.x Snow Leopard
 * 32-bit 10.7.x Lion
 * 64-bit 10.7.x Lion
 * 64-bit 10.8.x Mountain Lion (there is no 32-bit version)
 * 64-bit 10.9.x Mavericks (there is no 32-bit version)
 * 64-bit 10.10.x Yosemite (there is no 32-bit version)
 * 64-bit 10.11.x El Capitan (there is no 32-bit version)
 Volatility does not provide memory sample acquisition
 capabilities. For acquisition, there are both free and commercial
 solutions available. If you would like suggestions about suitable 
 acquisition solutions, please contact us at:
 volatility (at) volatilityfoundation (dot) org
 Volatility supports a variety of sample file formats and the
 ability to convert between these formats:
  - Raw linear sample (dd)
  - Hibernation file
  - Crash dump file
  - VirtualBox ELF64 core dump
  - VMware saved state and snapshot files
  - EWF format (E01) 
  - LiME (Linux Memory Extractor) format
  - Mach-o file format 
  - QEMU virtual machine dumps
  - Firewire 
  - HPAK (FDPro)
 For a more detailed list of capabilities, see the following:
    https://github.com/volatilityfoundation/volatility/wiki
 Also see the community plugins repository:
    https://github.com/volatilityfoundation/community
 Example Data
 ============
 If you want to give Volatility a try, you can download exemplar
 memory images from the following url:
    https://github.com/volatilityfoundation/volatility/wiki/Memory-Samples
 Mailing Lists
 =============
 Mailing lists to support the users and developers of Volatility
 can be found at the following address:
    http://lists.volatilesystems.com/mailman/listinfo
 Contact
 =======
 For information or requests, contact:
 Volatility Foundation
 Web: http://www.volatilityfoundation.org
     http://volatility-labs.blogspot.com
     http://volatility.tumblr.com
 Email: volatility (at) volatilityfoundation (dot) org
 IRC: #volatility on freenode
 Twitter: @volatility 
 Requirements
 ============
 - Python 2.6 or later, but not 3.0. http://www.python.org
 Some plugins may have other requirements which can be found at: 
    https://github.com/volatilityfoundation/volatility/wiki/Installation
 Quick Start
 ===========
 1. Unpack the latest version of Volatility from
    volatilityfoundation.org
 2. To see available options, run "python vol.py -h" or "python vol.py --info"
   Example:
 $ python vol.py --info
 Volatility Foundation Volatility Framework 2.5
 Profiles
 --------
 VistaSP0x64                - A Profile for Windows Vista SP0 x64
 VistaSP0x86                - A Profile for Windows Vista SP0 x86
 VistaSP1x64                - A Profile for Windows Vista SP1 x64
 VistaSP1x86                - A Profile for Windows Vista SP1 x86
 VistaSP2x64                - A Profile for Windows Vista SP2 x64
 VistaSP2x86                - A Profile for Windows Vista SP2 x86
 Win10x64                   - A Profile for Windows 10 x64
 Win10x86                   - A Profile for Windows 10 x86
 Win2003SP0x86              - A Profile for Windows 2003 SP0 x86
 Win2003SP1x64              - A Profile for Windows 2003 SP1 x64
 Win2003SP1x86              - A Profile for Windows 2003 SP1 x86
 Win2003SP2x64              - A Profile for Windows 2003 SP2 x64
 Win2003SP2x86              - A Profile for Windows 2003 SP2 x86
 Win2008R2SP0x64            - A Profile for Windows 2008 R2 SP0 x64
 Win2008R2SP1x64            - A Profile for Windows 2008 R2 SP1 x64
 Win2008SP1x64              - A Profile for Windows 2008 SP1 x64
 Win2008SP1x86              - A Profile for Windows 2008 SP1 x86
 Win2008SP2x64              - A Profile for Windows 2008 SP2 x64
 Win2008SP2x86              - A Profile for Windows 2008 SP2 x86
 Win2012R2x64               - A Profile for Windows Server 2012 R2 x64
 Win2012x64                 - A Profile for Windows Server 2012 x64
 Win7SP0x64                 - A Profile for Windows 7 SP0 x64
 Win7SP0x86                 - A Profile for Windows 7 SP0 x86
 Win7SP1x64                 - A Profile for Windows 7 SP1 x64
 Win7SP1x86                 - A Profile for Windows 7 SP1 x86
 Win81U1x64                 - A Profile for Windows 8.1 Update 1 x64
 Win81U1x86                 - A Profile for Windows 8.1 Update 1 x86
 Win8SP0x64                 - A Profile for Windows 8 x64
 Win8SP0x86                 - A Profile for Windows 8 x86
 Win8SP1x64                 - A Profile for Windows 8.1 x64
 Win8SP1x86                 - A Profile for Windows 8.1 x86
 WinXPSP1x64                - A Profile for Windows XP SP1 x64
 WinXPSP2x64                - A Profile for Windows XP SP2 x64
 WinXPSP2x86                - A Profile for Windows XP SP2 x86
 WinXPSP3x86                - A Profile for Windows XP SP3 x86
 Address Spaces
 --------------
 AMD64PagedMemory              - Standard AMD 64-bit address space.
 ArmAddressSpace               - Address space for ARM processors       
 FileAddressSpace              - This is a direct file AS.
 HPAKAddressSpace              - This AS supports the HPAK format
 IA32PagedMemory               - Standard IA-32 paging address space.
 IA32PagedMemoryPae            - This class implements the IA-32 PAE paging address space. It is responsible
 LimeAddressSpace              - Address space for Lime
 MachOAddressSpace             - Address space for mach-o files to support atc-ny memory reader
 OSXPmemELF                    - This AS supports VirtualBox ELF64 coredump format
 QemuCoreDumpElf               - This AS supports Qemu ELF32 and ELF64 coredump format
 VMWareAddressSpace            - This AS supports VMware snapshot (VMSS) and saved state (VMSS) files
 VMWareMetaAddressSpace        - This AS supports the VMEM format with VMSN/VMSS metadata
 VirtualBoxCoreDumpElf64       - This AS supports VirtualBox ELF64 coredump format
 WindowsCrashDumpSpace32       - This AS supports windows Crash Dump format
 WindowsCrashDumpSpace64       - This AS supports windows Crash Dump format
 WindowsCrashDumpSpace64BitMap - This AS supports Windows BitMap Crash Dump format
 WindowsHiberFileSpace32       - This is a hibernate address space for windows hibernation files.
 Plugins
 -------
 amcache                    - Print AmCache information
 apihooks                   - Detect API hooks in process and kernel memory
 atoms                      - Print session and window station atom tables
 atomscan                   - Pool scanner for atom tables
 auditpol                   - Prints out the Audit Policies from HKLM\SECURITY\Policy\PolAdtEv
 bigpools                   - Dump the big page pools using BigPagePoolScanner
 bioskbd                    - Reads the keyboard buffer from Real Mode memory
 cachedump                  - Dumps cached domain hashes from memory
 callbacks                  - Print system-wide notification routines
 clipboard                  - Extract the contents of the windows clipboard
 cmdline                    - Display process command-line arguments
 cmdscan                    - Extract command history by scanning for _COMMAND_HISTORY
 connections                - Print list of open connections [Windows XP and 2003 Only]
 connscan                   - Pool scanner for tcp connections
 consoles                   - Extract command history by scanning for _CONSOLE_INFORMATION
 crashinfo                  - Dump crash-dump information
 deskscan                   - Poolscaner for tagDESKTOP (desktops)
 devicetree                 - Show device tree
 dlldump                    - Dump DLLs from a process address space
 dlllist                    - Print list of loaded dlls for each process
 driverirp                  - Driver IRP hook detection
 drivermodule               - Associate driver objects to kernel modules
 driverscan                 - Pool scanner for driver objects
 dumpcerts                  - Dump RSA private and public SSL keys
 dumpfiles                  - Extract memory mapped and cached files
 dumpregistry               - Dumps registry files out to disk
 envars                     - Display process environment variables
 eventhooks                 - Print details on windows event hooks
 evtlogs                    - Extract Windows Event Logs (XP/2003 only)
 filescan                   - Pool scanner for file objects
 gahti                      - Dump the USER handle type information
 gditimers                  - Print installed GDI timers and callbacks
 gdt                        - Display Global Descriptor Table
 getservicesids             - Get the names of services in the Registry and return Calculated SID
 getsids                    - Print the SIDs owning each process
 handles                    - Print list of open handles for each process
 hashdump                   - Dumps passwords hashes (LM/NTLM) from memory
 hibinfo                    - Dump hibernation file information
 hivedump                   - Prints out a hive
 hivelist                   - Print list of registry hives.
 hivescan                   - Pool scanner for registry hives
 hpakextract                - Extract physical memory from an HPAK file
 hpakinfo                   - Info on an HPAK file
 idt                        - Display Interrupt Descriptor Table
 iehistory                  - Reconstruct Internet Explorer cache / history
 imagecopy                  - Copies a physical address space out as a raw DD image
 imageinfo                  - Identify information for the image
 impscan                    - Scan for calls to imported functions
 joblinks                   - Print process job link information
 kdbgscan                   - Search for and dump potential KDBG values
 kpcrscan                   - Search for and dump potential KPCR values
 ldrmodules                 - Detect unlinked DLLs
 limeinfo                   - Dump Lime file format information
 linux_apihooks             - Checks for userland apihooks
 linux_arp                  - Print the ARP table
 linux_banner               - Prints the Linux banner information
 linux_bash                 - Recover bash history from bash process memory
 linux_bash_env             - Recover a process' dynamic environment variables
 linux_bash_hash            - Recover bash hash table from bash process memory
 linux_check_afinfo         - Verifies the operation function pointers of network protocols
 linux_check_creds          - Checks if any processes are sharing credential structures
 linux_check_evt_arm        - Checks the Exception Vector Table to look for syscall table hooking
 linux_check_fop            - Check file operation structures for rootkit modifications
 linux_check_idt            - Checks if the IDT has been altered
 linux_check_inline_kernel  - Check for inline kernel hooks
 linux_check_modules        - Compares module list to sysfs info, if available
 linux_check_syscall        - Checks if the system call table has been altered
 linux_check_syscall_arm    - Checks if the system call table has been altered
 linux_check_tty            - Checks tty devices for hooks
 linux_cpuinfo              - Prints info about each active processor
 linux_dentry_cache         - Gather files from the dentry cache
 linux_dmesg                - Gather dmesg buffer
 linux_dump_map             - Writes selected memory mappings to disk
 linux_dynamic_env          - Recover a process' dynamic environment variables
 linux_elfs                 - Find ELF binaries in process mappings
 linux_enumerate_files      - Lists files referenced by the filesystem cache
 linux_find_file            - Lists and recovers files from memory
 linux_getcwd               - Lists current working directory of each process
 linux_hidden_modules       - Carves memory to find hidden kernel modules
 linux_ifconfig             - Gathers active interfaces
 linux_info_regs            - It's like 'info registers' in GDB. It prints out all the
 linux_iomem                - Provides output similar to /proc/iomem
 linux_kernel_opened_files  - Lists files that are opened from within the kernel
 linux_keyboard_notifiers   - Parses the keyboard notifier call chain
 linux_ldrmodules           - Compares the output of proc maps with the list of libraries from libdl
 linux_library_list         - Lists libraries loaded into a process
 linux_librarydump          - Dumps shared libraries in process memory to disk
 linux_list_raw             - List applications with promiscuous sockets
 linux_lsmod                - Gather loaded kernel modules
 linux_lsof                 - Lists file descriptors and their path
 linux_malfind              - Looks for suspicious process mappings
 linux_memmap               - Dumps the memory map for linux tasks
 linux_moddump              - Extract loaded kernel modules
 linux_mount                - Gather mounted fs/devices
 linux_mount_cache          - Gather mounted fs/devices from kmem_cache
 linux_netfilter            - Lists Netfilter hooks
 linux_netscan              - Carves for network connection structures
 linux_netstat              - Lists open sockets
 linux_pidhashtable         - Enumerates processes through the PID hash table
 linux_pkt_queues           - Writes per-process packet queues out to disk
 linux_plthook              - Scan ELF binaries' PLT for hooks to non-NEEDED images
 linux_proc_maps            - Gathers process memory maps
 linux_proc_maps_rb         - Gathers process maps for linux through the mappings red-black tree
 linux_procdump             - Dumps a process's executable image to disk
 linux_process_hollow       - Checks for signs of process hollowing
 linux_psaux                - Gathers processes along with full command line and start time
 linux_psenv                - Gathers processes along with their static environment variables
 linux_pslist               - Gather active tasks by walking the task_struct->task list
 linux_pslist_cache         - Gather tasks from the kmem_cache
 linux_pstree               - Shows the parent/child relationship between processes
 linux_psxview              - Find hidden processes with various process listings
 linux_recover_filesystem   - Recovers the entire cached file system from memory
 linux_route_cache          - Recovers the routing cache from memory
 linux_sk_buff_cache        - Recovers packets from the sk_buff kmem_cache
 linux_slabinfo             - Mimics /proc/slabinfo on a running machine
 linux_strings              - Match physical offsets to virtual addresses (may take a while, VERY verbose)
 linux_threads              - Prints threads of processes
 linux_tmpfs                - Recovers tmpfs filesystems from memory
 linux_truecrypt_passphrase - Recovers cached Truecrypt passphrases
 linux_vma_cache            - Gather VMAs from the vm_area_struct cache
 linux_volshell             - Shell in the memory image
 linux_yarascan             - A shell in the Linux memory image
 lsadump                    - Dump (decrypted) LSA secrets from the registry
 mac_adium                  - Lists Adium messages
 mac_apihooks               - Checks for API hooks in processes
 mac_apihooks_kernel        - Checks to see if system call and kernel functions are hooked
 mac_arp                    - Prints the arp table
 mac_bash                   - Recover bash history from bash process memory
 mac_bash_env               - Recover bash's environment variables
 mac_bash_hash              - Recover bash hash table from bash process memory
 mac_calendar               - Gets calendar events from Calendar.app
 mac_check_mig_table        - Lists entires in the kernel's MIG table
 mac_check_syscall_shadow   - Looks for shadow system call tables
 mac_check_syscalls         - Checks to see if system call table entries are hooked
 mac_check_sysctl           - Checks for unknown sysctl handlers
 mac_check_trap_table       - Checks to see if mach trap table entries are hooked
 mac_compressed_swap        - Prints Mac OS X VM compressor stats and dumps all compressed pages
 mac_contacts               - Gets contact names from Contacts.app
 mac_dead_procs             - Prints terminated/de-allocated processes
 mac_dead_sockets           - Prints terminated/de-allocated network sockets
 mac_dead_vnodes            - Lists freed vnode structures
 mac_dmesg                  - Prints the kernel debug buffer
 mac_dump_file              - Dumps a specified file
 mac_dump_maps              - Dumps memory ranges of process(es), optionally including pages in compressed swap
 mac_dyld_maps              - Gets memory maps of processes from dyld data structures
 mac_find_aslr_shift        - Find the ASLR shift value for 10.8+ images
 mac_get_profile            - Automatically detect Mac profiles       
 mac_ifconfig               - Lists network interface information for all devices
 mac_ip_filters             - Reports any hooked IP filters
 mac_keychaindump           - Recovers possbile keychain keys. Use chainbreaker to open related keychain files
 mac_ldrmodules             - Compares the output of proc maps with the list of libraries from libdl
 mac_librarydump            - Dumps the executable of a process
 mac_list_files             - Lists files in the file cache
 mac_list_kauth_listeners   - Lists Kauth Scope listeners
 mac_list_kauth_scopes      - Lists Kauth Scopes and their status
 mac_list_raw               - List applications with promiscuous sockets
 mac_list_sessions          - Enumerates sessions
 mac_list_zones             - Prints active zones
 mac_lsmod                  - Lists loaded kernel modules
 mac_lsmod_iokit            - Lists loaded kernel modules through IOkit
 mac_lsmod_kext_map         - Lists loaded kernel modules
 mac_lsof                   - Lists per-process opened files
 mac_machine_info           - Prints machine information about the sample
 mac_malfind                - Looks for suspicious process mappings
 mac_memdump                - Dump addressable memory pages to a file
 mac_moddump                - Writes the specified kernel extension to disk
 mac_mount                  - Prints mounted device information
 mac_netstat                - Lists active per-process network connections
 mac_network_conns          - Lists network connections from kernel network structures
 mac_notesapp               - Finds contents of Notes messages
 mac_notifiers              - Detects rootkits that add hooks into I/O Kit (e.g. LogKext)
 mac_orphan_threads         - Lists threads that don't map back to known modules/processes
 mac_pgrp_hash_table        - Walks the process group hash table
 mac_pid_hash_table         - Walks the pid hash table
 mac_print_boot_cmdline     - Prints kernel boot arguments
 mac_proc_maps              - Gets memory maps of processes
 mac_procdump               - Dumps the executable of a process
 mac_psaux                  - Prints processes with arguments in user land (**argv)
 mac_psenv                  - Prints processes with environment in user land (**envp)
 mac_pslist                 - List Running Processes
 mac_pstree                 - Show parent/child relationship of processes
 mac_psxview                - Find hidden processes with various process listings
 mac_recover_filesystem     - Recover the cached filesystem
 mac_route                  - Prints the routing table
 mac_socket_filters         - Reports socket filters
 mac_strings                - Match physical offsets to virtual addresses (may take a while, VERY verbose)
 mac_tasks                  - List Active Tasks
 mac_threads                - List Process Threads
 mac_threads_simple         - Lists threads along with their start time and priority
 mac_trustedbsd             - Lists malicious trustedbsd policies
 mac_version                - Prints the Mac version
 mac_volshell               - Shell in the memory image
 mac_yarascan               - Scan memory for yara signatures
 machoinfo                  - Dump Mach-O file format information
 malfind                    - Find hidden and injected code
 mbrparser                  - Scans for and parses potential Master Boot Records (MBRs)
 memdump                    - Dump the addressable memory for a process
 memmap                     - Print the memory map
 messagehooks               - List desktop and thread window message hooks
 mftparser                  - Scans for and parses potential MFT entries
 moddump                    - Dump a kernel driver to an executable file sample
 modscan                    - Pool scanner for kernel modules
 modules                    - Print list of loaded modules
 multiscan                  - Scan for various objects at once
 mutantscan                 - Pool scanner for mutex objects
 netscan                    - Scan a Vista (or later) image for connections and sockets
 notepad                    - List currently displayed notepad text
 objtypescan                - Scan for Windows object type objects
 patcher                    - Patches memory based on page scans
 poolpeek                   - Configurable pool scanner plugin
 pooltracker                - Show a summary of pool tag usage
 printkey                   - Print a registry key, and its subkeys and values
 privs                      - Display process privileges
 procdump                   - Dump a process to an executable file sample
 pslist                     - Print all running processes by following the EPROCESS lists
 psscan                     - Pool scanner for process objects
 pstree                     - Print process list as a tree
 psxview                    - Find hidden processes with various process listings
 qemuinfo                   - Dump Qemu information
 raw2dmp                    - Converts a physical memory sample to a windbg crash dump
 screenshot                 - Save a pseudo-screenshot based on GDI windows
 servicediff                - List Windows services (ala Plugx)
 sessions                   - List details on _MM_SESSION_SPACE (user logon sessions)
 shellbags                  - Prints ShellBags info
 shimcache                  - Parses the Application Compatibility Shim Cache registry key
 shutdowntime               - Print ShutdownTime of machine from registry
 sockets                    - Print list of open sockets
 sockscan                   - Pool scanner for tcp socket objects
 ssdt                       - Display SSDT entries
 strings                    - Match physical offsets to virtual addresses (may take a while, VERY verbose)
 svcscan                    - Scan for Windows services
 symlinkscan                - Pool scanner for symlink objects
 thrdscan                   - Pool scanner for thread objects
 threads                    - Investigate _ETHREAD and _KTHREADs
 timeliner                  - Creates a timeline from various artifacts in memory
 timers                     - Print kernel timers and associated module DPCs
 truecryptmaster            - Recover TrueCrypt 7.1a Master Keys
 truecryptpassphrase        - TrueCrypt Cached Passphrase Finder
 truecryptsummary           - TrueCrypt Summary
 unloadedmodules            - Print list of unloaded modules
 userassist                 - Print userassist registry keys and information
 userhandles                - Dump the USER handle tables
 vaddump                    - Dumps out the vad sections to a file
 vadinfo                    - Dump the VAD info
 vadtree                    - Walk the VAD tree and display in tree format
 vadwalk                    - Walk the VAD tree
 vboxinfo                   - Dump virtualbox information
 verinfo                    - Prints out the version information from PE images
 vmwareinfo                 - Dump VMware VMSS/VMSN information
 volshell                   - Shell in the memory image
 win10cookie                - Find the ObHeaderCookie value for Windows 10
 windows                    - Print Desktop Windows (verbose details)
 wintree                    - Print Z-Order Desktop Windows Tree
 wndscan                    - Pool scanner for window stations
 yarascan                   - Scan process or kernel memory with Yara signatures
 3. To get more information on a Windows memory sample and to make sure Volatility
   supports that sample type, run 'python vol.py imageinfo -f <imagename>' or 'python vol.py kdbgscan -f <imagename>'
   Example:
    $ python vol.py imageinfo -f WIN-II7VOJTUNGL-20120324-193051.raw 
    Volatility Foundation Volatility Framework 2.5
    Determining profile based on KDBG search...
              Suggested Profile(s) : Win2008R2SP0x64, Win7SP1x64, Win7SP0x64, Win2008R2SP1x64 (Instantiated with Win7SP0x64)
                         AS Layer1 : AMD64PagedMemory (Kernel AS)
                         AS Layer2 : FileAddressSpace (/Path/to/WIN-II7VOJTUNGL-20120324-193051.raw)
                          PAE type : PAE
                               DTB : 0x187000L
                              KDBG : 0xf800016460a0
              Number of Processors : 1
         Image Type (Service Pack) : 1
                    KPCR for CPU 0 : 0xfffff80001647d00L
                 KUSER_SHARED_DATA : 0xfffff78000000000L
               Image date and time : 2012-03-24 19:30:53 UTC+0000
         Image local date and time : 2012-03-25 03:30:53 +0800
 4. Run some other plugins. -f is a required option for all plugins. Some
   also require/accept other options. Run "python vol.py <plugin> -h" for
   more information on a particular command.  A Command Reference wiki
   is also available on the Google Code site:
        https://github.com/volatilityfoundation/volatility/wiki
   as well as Basic Usage:
        https://github.com/volatilityfoundation/volatility/wiki/Volatility-Usage
 Licensing and Copyright
 =======================
 Copyright (C) 2007-2015 Volatility Foundation
 All Rights Reserved
 Volatility is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.
 Volatility is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.
 You should have received a copy of the GNU General Public License
 along with Volatility.  If not, see <http://www.gnu.org/licenses/>.
 Bugs and Support
 ================
 There is no support provided with Volatility. There is NO
 warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
 PURPOSE. 
 If you think you've found a bug, please report it at:
    https://github.com/volatilityfoundation/volatility/issues
 In order to help us solve your issues as quickly as possible,
 please include the following information when filing a bug:
 * The version of volatility you're using
 * The operating system used to run volatility
 * The version of python used to run volatility
 * The suspected operating system of the memory image
 * The complete command line you used to run volatility
 Depending on the operating system of the memory image, you may need to provide
 additional information, such as:
 For Windows:
 * The suspected Service Pack of the memory image
 For Linux:
 * The suspected kernel version of the memory image
 Other options for communicaton can be found at:
    https://github.com/volatilityfoundation/volatility/wiki
 Missing or Truncated Information
 ================================
 Volatility Foundation makes no claims about the validity or correctness of the
 output of Volatility. Many factors may contribute to the
 incorrectness of output from Volatility including, but not
 limited to, malicious modifications to the operating system,
 incomplete information due to swapping, and information corruption on
 image acquisition. 
 Command Reference 
 ====================
 The following url contains a reference of all commands supported by 
 Volatility.
    https://github.com/volatilityfoundation/volatility/wiki
--- a/thirdparty/Volatility/volatility-2.5.standalone.exe
+++ b/thirdparty/Volatility/volatility-2.5.standalone.exe
--- a/thunderbirdparser/ivy.xml
+++ b/thunderbirdparser/ivy.xml
@ -9,7 +9,7 @@
    <dependencies>
        <dependency conf="autopsy->default" org="org.apache.james" name="apache-mime4j-mbox-iterator" rev="0.8.4"/>
        <dependency conf="autopsy->default" org="com.googlecode.ez-vcard" name="ez-vcard" rev="0.11.3"/>
-        <override org="org.jsoup" module="jsoup" rev="1.14.3"/>
+        <override org="org.jsoup" module="jsoup" rev="1.16.1"/>
-        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.13.2"/>
+        <override org="com.fasterxml.jackson.core" module="jackson-core" rev="2.15.2"/>
    </dependencies>
 </ivy-module>
--- a/thunderbirdparser/nbproject/project.properties
+++ b/thunderbirdparser/nbproject/project.properties
@ -1,9 +1,9 @@
 file.reference.apache-mime4j-mbox-iterator-0.8.4.jar=release/modules/ext/apache-mime4j-mbox-iterator-0.8.4.jar
 file.reference.ez-vcard-0.11.3.jar=release/modules/ext/ez-vcard-0.11.3.jar
 file.reference.freemarker-2.3.31.jar=release/modules/ext/freemarker-2.3.31.jar
-file.reference.jackson-core-2.13.2.jar=release/modules/ext/jackson-core-2.13.2.jar
+file.reference.jackson-core-2.15.2.jar=release/modules/ext/jackson-core-2.15.2.jar
 file.reference.java-libpst-0.9.5-SNAPSHOT.jar=release/modules/ext/java-libpst-0.9.5-SNAPSHOT.jar
-file.reference.jsoup-1.14.3.jar=release/modules/ext/jsoup-1.14.3.jar
+file.reference.jsoup-1.16.1.jar=release/modules/ext/jsoup-1.16.1.jar
 file.reference.vinnie-2.0.2.jar=release/modules/ext/vinnie-2.0.2.jar
 javac.source=17
 javac.compilerargs=-Xlint -Xlint:-serial
--- a/thunderbirdparser/nbproject/project.xml
+++ b/thunderbirdparser/nbproject/project.xml
@ -90,16 +90,16 @@
                <binary-origin>release/modules/ext/freemarker-2.3.31.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jackson-core-2.13.2.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jackson-core-2.15.2.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jackson-core-2.13.2.jar</binary-origin>
+                <binary-origin>release/modules/ext/jackson-core-2.15.2.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/java-libpst-0.9.5-SNAPSHOT.jar</runtime-relative-path>
                <binary-origin>release/modules/ext/java-libpst-0.9.5-SNAPSHOT.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
-                <runtime-relative-path>ext/jsoup-1.14.3.jar</runtime-relative-path>
+                <runtime-relative-path>ext/jsoup-1.16.1.jar</runtime-relative-path>
-                <binary-origin>release/modules/ext/jsoup-1.14.3.jar</binary-origin>
+                <binary-origin>release/modules/ext/jsoup-1.16.1.jar</binary-origin>
            </class-path-extension>
            <class-path-extension>
                <runtime-relative-path>ext/vinnie-2.0.2.jar</runtime-relative-path>