diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index 80e8cfd4d4..c7ceb01a4a 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -78,7 +78,7 @@ file.reference.javax.ws.rs-api-2.0.1.jar=release/modules/ext/javax.ws.rs-api-2.0
file.reference.cxf-core-3.0.16.jar=release/modules/ext/cxf-core-3.0.16.jar
file.reference.cxf-rt-frontend-jaxrs-3.0.16.jar=release/modules/ext/cxf-rt-frontend-jaxrs-3.0.16.jar
file.reference.cxf-rt-transports-http-3.0.16.jar=release/modules/ext/cxf-rt-transports-http-3.0.16.jar
-file.reference.sleuthkit-postgresql-4.8.0.jar=release/modules/ext/sleuthkit-postgresql-4.8.0.jar
+file.reference.sleuthkit-postgresql-4.9.0.jar=release/modules/ext/sleuthkit-postgresql-4.9.0.jar
file.reference.curator-client-2.8.0.jar=release/modules/ext/curator-client-2.8.0.jar
file.reference.curator-framework-2.8.0.jar=release/modules/ext/curator-framework-2.8.0.jar
file.reference.curator-recipes-2.8.0.jar=release/modules/ext/curator-recipes-2.8.0.jar
diff --git a/Core/nbproject/project.xml b/Core/nbproject/project.xml
index 02d37221a7..4aa97960f3 100644
--- a/Core/nbproject/project.xml
+++ b/Core/nbproject/project.xml
@@ -532,8 +532,8 @@
release/modules/ext/google-http-client-1.29.0.jar
- ext/sleuthkit-postgresql-4.8.0.jar
- release/modules/ext/sleuthkit-postgresql-4.8.0.jar
+ ext/sleuthkit-postgresql-4.9.0.jar
+ release/modules/ext/sleuthkit-postgresql-4.9.0.jar
ext/bcpkix-jdk15on-1.60.jar
diff --git a/Core/src/org/sleuthkit/autopsy/communications/relationships/CorrelationCaseChildNodeFactory.java b/Core/src/org/sleuthkit/autopsy/communications/relationships/CorrelationCaseChildNodeFactory.java
index 67e0366a9b..588e474303 100755
--- a/Core/src/org/sleuthkit/autopsy/communications/relationships/CorrelationCaseChildNodeFactory.java
+++ b/Core/src/org/sleuthkit/autopsy/communications/relationships/CorrelationCaseChildNodeFactory.java
@@ -28,6 +28,7 @@ import org.openide.nodes.ChildFactory;
import org.openide.nodes.Children;
import org.openide.nodes.Node;
import org.openide.nodes.Sheet;
+import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoAccount;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationCase;
@@ -45,7 +46,6 @@ final class CorrelationCaseChildNodeFactory extends ChildFactory correlationTypeMap;
private final Set accounts;
/**
@@ -108,22 +108,15 @@ final class CorrelationCaseChildNodeFactory extends ChildFactory();
- List correcationTypeList = CentralRepository.getInstance().getDefinedCorrelationTypes();
- correcationTypeList.forEach((type) -> {
- correlationTypeMap.put(type.getId(), type);
- });
- }
-
- if (Account.Type.EMAIL.equals(accountType)) {
- return correlationTypeMap.get(CorrelationAttributeInstance.EMAIL_TYPE_ID);
- } else if (Account.Type.PHONE.equals(accountType)) {
- return correlationTypeMap.get(CorrelationAttributeInstance.PHONE_TYPE_ID);
- } else {
- return null;
+ private CorrelationAttributeInstance.Type getCorrelationType(Account.Type accountType) throws CentralRepoException {
+ String accountTypeStr = accountType.getTypeName();
+ if (Account.Type.DEVICE.getTypeName().equalsIgnoreCase(accountTypeStr) == false) {
+ CentralRepoAccount.CentralRepoAccountType crAccountType = CentralRepository.getInstance().getAccountTypeByName(accountTypeStr);
+ int corrTypeId = crAccountType.getCorrelationTypeId();
+ return CentralRepository.getInstance().getCorrelationTypeById(corrTypeId);
}
+
+ return null;
}
/**
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
index 18deff87f4..35666d6973 100755
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Bundle.properties-MERGED
@@ -1,22 +1,16 @@
cannotBuildXmlParser=Unable to build XML parser:
cannotLoadSEUQA=Unable to load Search Engine URL Query Analyzer settings file, SEUQAMappings.xml:
cannotParseXml=Unable to parse XML file:
-Chrome.getBookmark.errMsg.errAnalyzeFile={0}: Error while trying to analyze file: {1}
ChromeCacheExtract_adding_artifacts_msg=Chrome Cache: Adding %d artifacts for analysis.
ChromeCacheExtract_adding_extracted_files_msg=Chrome Cache: Adding %d extracted files for analysis.
ChromeCacheExtract_loading_files_msg=Chrome Cache: Loading files from %s.
ChromeCacheExtractor.moduleName=ChromeCacheExtractor
-# {0} - module name
-# {1} - row number
-# {2} - table length
-# {3} - cache path
ChromeCacheExtractor.progressMsg={0}: Extracting cache entry {1} of {2} entries from {3}
DataSourceUsage_AndroidMedia=Android Media Card
DataSourceUsage_DJU_Drone_DAT=DJI Internal SD Card
DataSourceUsage_FlashDrive=Flash Drive
DataSourceUsageAnalyzer.customVolume.label=OS Drive ({0})
DataSourceUsageAnalyzer.parentModuleName=Recent Activity
-Extract.dbConn.errMsg.failedToQueryDb={0}: Failed to query database.
Extract.indexError.message=Failed to index artifact for keyword search.
Extract.noOpenCase.errMsg=No open case available.
ExtractEdge_getHistory_containerFileNotFound=Error while trying to analyze Edge history
@@ -25,11 +19,6 @@ ExtractEdge_process_errMsg_errGettingWebCacheFiles=Error trying to retrieving Ed
ExtractEdge_process_errMsg_spartanFail=Failure processing Microsoft Edge spartan.edb file
ExtractEdge_process_errMsg_unableFindESEViewer=Unable to find ESEDatabaseViewer
ExtractEdge_process_errMsg_webcacheFail=Failure processing Microsoft Edge WebCacheV01.dat file
-ExtractIE.getBookmark.ere.noSpace=RecentActivity
-ExtractIE.getBookmark.errMsg.errPostingBookmarks=Error posting Internet Explorer Bookmark artifacts.
-ExtractIE.getCookie.errMsg.errPostingCookies=Error posting Internet Explorer Cookie artifacts.
-ExtractIE.getHistory.errMsg.errPostingHistory=Error posting Internet Explorer History artifacts.
-Extractor.errPostingArtifacts=Error posting {0} artifacts to the blackboard.
ExtractOs.androidOs.label=Android
ExtractOs.androidVolume.label=OS Drive (Android)
ExtractOs.debianLinuxOs.label=Linux (Debian)
@@ -96,7 +85,7 @@ Chrome.getLogin.errMsg.errAnalyzingFiles={0}: Error while trying to analyze file
Chrome.getAutofill.errMsg.errGettingFiles=Error when trying to get Chrome Web Data files.
Chrome.getAutofill.errMsg.errAnalyzingFiles={0}: Error while trying to analyze file:{1}
ExtractIE.moduleName.text=Internet Explorer
-ExtractIE.getBookmark.errMsg.errGettingBookmarks=Error getting Internet Explorer Bookmarks.
+ExtractIE.getBookmark.errMsg.errGettingBookmarks={0}: Error getting Internet Explorer Bookmarks.
ExtractIE.parentModuleName.noSpace=RecentActivity
ExtractIE.parentModuleName=Recent Activity
ExtractIE.getURLFromIEBmkFile.errMsg={0}: Error parsing IE bookmark File {1}
@@ -196,6 +185,14 @@ RecentDocumentsByLnk.getRecDoc.errMsg.errGetLnkFiles={0}: Error getting lnk File
RecentDocumentsByLnk.getRecDoc.errParsingFile={0}: Error parsing Recent File {1}
RecentDocumentsByLnk.parentModuleName.noSpace=RecentActivity
RecentDocumentsByLnk.parentModuleName=Recent Activity
+Recently_Used_Artifacts_Adobe=Recently opened according to Adobe MRU
+Recently_Used_Artifacts_Applets=Recently opened according to Applets registry key
+Recently_Used_Artifacts_ArcHistory=Recently opened by 7Zip
+Recently_Used_Artifacts_Mediaplayer=Recently opened according to Media Player MRU
+Recently_Used_Artifacts_Mmc=Recently opened according to Windows Management Console MRU
+Recently_Used_Artifacts_Office_Trustrecords=Stored in TrustRecords because Office security exception was granted
+Recently_Used_Artifacts_Officedocs=Recently opened according to Office MRU
+Recently_Used_Artifacts_Winrar=Recently opened according to WinRAR MRU
RegRipperFullNotFound=Full version RegRipper executable not found.
RegRipperNotFound=Autopsy RegRipper executable not found.
SearchEngineURLQueryAnalyzer.init.exception.msg=Unable to find {0}.
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index 82b4a05b07..7a04ceb4c0 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -81,6 +81,7 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
import org.sleuthkit.datamodel.BlackboardAttribute;
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_ASSOCIATED_ARTIFACT;
+import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT;
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_ACCESSED;
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_CREATED;
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME_MODIFIED;
@@ -103,7 +104,15 @@ import org.sleuthkit.datamodel.TskDataException;
"Progress_Message_Analyze_Registry=Analyzing Registry Files",
"Shellbag_Artifact_Display_Name=Shell Bags",
"Shellbag_Key_Attribute_Display_Name=Key",
- "Shellbag_Last_Write_Attribute_Display_Name=Last Write"
+ "Shellbag_Last_Write_Attribute_Display_Name=Last Write",
+ "Recently_Used_Artifacts_Office_Trustrecords=Stored in TrustRecords because Office security exception was granted",
+ "Recently_Used_Artifacts_ArcHistory=Recently opened by 7Zip",
+ "Recently_Used_Artifacts_Applets=Recently opened according to Applets registry key",
+ "Recently_Used_Artifacts_Mmc=Recently opened according to Windows Management Console MRU",
+ "Recently_Used_Artifacts_Winrar=Recently opened according to WinRAR MRU",
+ "Recently_Used_Artifacts_Officedocs=Recently opened according to Office MRU",
+ "Recently_Used_Artifacts_Adobe=Recently opened according to Adobe MRU",
+ "Recently_Used_Artifacts_Mediaplayer=Recently opened according to Media Player MRU"
})
class ExtractRegistry extends Extract {
@@ -1197,21 +1206,21 @@ class ExtractRegistry extends Extract {
line = line.trim();
if (line.matches("^adoberdr v.*")) {
- parseAdobeMRUList(regFile, reader);
+ parseAdobeMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Adobe());
} else if (line.matches("^mpmru v.*")) {
- parseMediaPlayerMRUList(regFile, reader);
+ parseMediaPlayerMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Mediaplayer());
} else if (line.matches("^trustrecords v.*")) {
- parseTrustrecordsMRUList(regFile, reader);
+ parseOfficeTrustRecords(regFile, reader, Bundle.Recently_Used_Artifacts_Office_Trustrecords());
} else if (line.matches("^ArcHistory:")) {
- parseArchHistoryMRUList(regFile, reader);
+ parse7ZipMRU(regFile, reader, Bundle.Recently_Used_Artifacts_ArcHistory());
} else if (line.matches("^applets v.*")) {
- parseGenericMRUList(regFile, reader);
+ parseGenericMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Applets());
} else if (line.matches("^mmc v.*")) {
- parseGenericMRUList(regFile, reader);
+ parseGenericMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Mmc());
} else if (line.matches("^winrar v.*")) {
- parseWinRARMRUList(regFile, reader);
+ parseWinRARMRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Winrar());
} else if (line.matches("^officedocs2010 v.*")) {
- parseOfficeDocs2010MRUList(regFile, reader);
+ parseOfficeDocs2010MRUList(regFile, reader, Bundle.Recently_Used_Artifacts_Officedocs());
}
line = reader.readLine();
}
@@ -1219,15 +1228,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts from adobemru records
+ * Create recently used artifacts from adobemru Regripper Plugin records
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseAdobeMRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parseAdobeMRUList(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
List bbartifacts = new ArrayList<>();
String line = reader.readLine();
SimpleDateFormat adobePluginDateFormat = new SimpleDateFormat("yyyyMMddHHmmssZ", US);
@@ -1265,6 +1276,7 @@ class ExtractRegistry extends Extract {
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, getName(), adobeUsedTime));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if(bba != null) {
bbartifacts.add(bba);
@@ -1285,15 +1297,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts to parse the mpmru records
+ * Create recently used artifacts to parse the Media Player MRU regripper (mpmru) records
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseMediaPlayerMRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parseMediaPlayerMRUList(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
List bbartifacts = new ArrayList<>();
String line = reader.readLine();
while (!line.contains(SECTION_DIVIDER)) {
@@ -1309,6 +1323,7 @@ class ExtractRegistry extends Extract {
String fileName = tokens[1];
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if(bba != null) {
bbartifacts.add(bba);
@@ -1332,15 +1347,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts to parse the regripper output
+ * Create recently used artifacts to parse the regripper plugin output, this format is used in several diffent plugins
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseGenericMRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parseGenericMRUList(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
List bbartifacts = new ArrayList<>();
String line = reader.readLine();
while (!line.contains(SECTION_DIVIDER)) {
@@ -1356,6 +1373,7 @@ class ExtractRegistry extends Extract {
String fileName = tokens[1];
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if(bba != null) {
bbartifacts.add(bba);
@@ -1375,15 +1393,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts to parse the WinRAR output
+ * Create recently used artifacts to parse the WinRAR Regripper plugin output
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseWinRARMRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parseWinRARMRUList(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
List bbartifacts = new ArrayList<>();
String line = reader.readLine();
while (!line.contains(SECTION_DIVIDER)) {
@@ -1400,6 +1420,7 @@ class ExtractRegistry extends Extract {
String fileName = tokens[1];
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if(bba != null) {
bbartifacts.add(bba);
@@ -1420,15 +1441,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts to parse the runmru ArcHistory records
+ * Create recently used artifacts to parse the runmru ArcHistory (7Zip) regripper plugin records
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseArchHistoryMRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parse7ZipMRU(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
List bbartifacts = new ArrayList<>();
String line = reader.readLine();
line = line.trim();
@@ -1439,6 +1462,7 @@ class ExtractRegistry extends Extract {
String fileName = line;
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if (bba != null) {
bbartifacts.add(bba);
@@ -1457,15 +1481,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts to parse the Office Documents 2010 records
+ * Create recently used artifacts to parse the Office Documents 2010 records Regripper Plugin output
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseOfficeDocs2010MRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parseOfficeDocs2010MRUList(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
List bbartifacts = new ArrayList<>();
String line = reader.readLine();
line = line.trim();
@@ -1485,6 +1511,7 @@ class ExtractRegistry extends Extract {
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, getName(), docDate));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if(bba != null) {
bbartifacts.add(bba);
@@ -1502,15 +1529,17 @@ class ExtractRegistry extends Extract {
}
/**
- * Create recently used artifacts to parse the trustrecords records
+ * Create recently used artifacts to parse the Office trust records (trustrecords) Regipper plugin records
*
* @param regFile registry file the artifact is associated with
*
* @param reader buffered reader to parse adobemru records
*
+ * @param comment string that will populate attribute TSK_COMMENT
+ *
* @throws FileNotFound and IOException
*/
- private void parseTrustrecordsMRUList(AbstractFile regFile, BufferedReader reader) throws FileNotFoundException, IOException {
+ private void parseOfficeTrustRecords(AbstractFile regFile, BufferedReader reader, String comment) throws FileNotFoundException, IOException {
String userProfile = regFile.getParentPath();
userProfile = userProfile.substring(0, userProfile.length() - 1);
List bbartifacts = new ArrayList<>();
@@ -1543,6 +1572,7 @@ class ExtractRegistry extends Extract {
Collection attributes = new ArrayList<>();
attributes.add(new BlackboardAttribute(TSK_PATH, getName(), fileName));
attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME, getName(), usedTime));
+ attributes.add(new BlackboardAttribute(TSK_COMMENT, getName(), comment));
BlackboardArtifact bba = createArtifactWithAttributes(ARTIFACT_TYPE.TSK_RECENT_OBJECT, regFile, attributes);
if(bba != null) {
bbartifacts.add(bba);
diff --git a/TSKVersion.xml b/TSKVersion.xml
index 561c00581d..38e614169a 100644
--- a/TSKVersion.xml
+++ b/TSKVersion.xml
@@ -1,3 +1,3 @@
-
+
diff --git a/docs/doxygen-user/geolocation.dox b/docs/doxygen-user/geolocation.dox
index a4c78351cf..70ca212a41 100644
--- a/docs/doxygen-user/geolocation.dox
+++ b/docs/doxygen-user/geolocation.dox
@@ -28,9 +28,19 @@ You can also right click on a waypoint to bring up a similar menu to what you'd
\subsection geo_filter Filtering
-The filters are displayed on the left side of the screen. The top filter lets you filter the waypoints based on timestamp. If enabled, you will only see waypoints with a timestamp within N days of the most recent waypoint (not the current date). When using this filter you can also choose whether you want to see waypoints with no timestamp. The second filter allows you to show waypoints only for the selected data sources.
+The filters are displayed on the left side of the screen. The top filter lets you filter the waypoints based on timestamp. If enabled, you will only see waypoints with a timestamp within N days of the most recent waypoint (not the current date). When using this filter you can also choose whether you want to see waypoints with no timestamp.
-\image html geo_filter_panel.png
+\image html geo_filter_time.png
+
+The second filter allows you to show waypoints only for the selected data sources. Note that only data sources that contain geolocation data are displayed here.
+
+\image html geo_filter_datasource.png
+
+The last filter allows you to only show certain types of waypoints. The number next to the type indicates how many waypoint of that type are in your case.
+
+\image html geo_filter_type.png
+
+Once you are done setting up your filters, click the "Apply" button at the top of the filter panel.
If desired, the filter panel can be hidden by clicking on the vertical "Filters" tab on the top right edge of the filter panel. Clicking on that tab a second time will restore the filters panel.
diff --git a/docs/doxygen-user/images/geo_filter_datasource.png b/docs/doxygen-user/images/geo_filter_datasource.png
new file mode 100644
index 0000000000..0ac4004d58
Binary files /dev/null and b/docs/doxygen-user/images/geo_filter_datasource.png differ
diff --git a/docs/doxygen-user/images/geo_filter_panel.png b/docs/doxygen-user/images/geo_filter_panel.png
deleted file mode 100644
index bac9ee702e..0000000000
Binary files a/docs/doxygen-user/images/geo_filter_panel.png and /dev/null differ
diff --git a/docs/doxygen-user/images/geo_filter_time.png b/docs/doxygen-user/images/geo_filter_time.png
new file mode 100644
index 0000000000..96d3728307
Binary files /dev/null and b/docs/doxygen-user/images/geo_filter_time.png differ
diff --git a/docs/doxygen-user/images/geo_filter_type.png b/docs/doxygen-user/images/geo_filter_type.png
new file mode 100644
index 0000000000..5e99ad253c
Binary files /dev/null and b/docs/doxygen-user/images/geo_filter_type.png differ
diff --git a/docs/doxygen-user/images/geo_main.png b/docs/doxygen-user/images/geo_main.png
index cf7f49ca68..43addca633 100644
Binary files a/docs/doxygen-user/images/geo_main.png and b/docs/doxygen-user/images/geo_main.png differ
diff --git a/docs/doxygen/modReport.dox b/docs/doxygen/modReport.dox
index 5799314acf..563a151c43 100644
--- a/docs/doxygen/modReport.dox
+++ b/docs/doxygen/modReport.dox
@@ -3,63 +3,18 @@
\section report_summary Overview
Report modules allow Autopsy users to create different report types. Autopsy comes with modules to generate HTML and Excel artifact reports, a tab delimited File report, a Keyhole Markup Language (KML) report for Google Earth data, and a body file for timeline creation. You can make additional modules to create custom output formats.
-There are three types of reporting modules that differ in how the data is organized.
-- Table report modules organize the data into tables. If your output is in table format, this type of module will be easier to make because Autopsy does a lot of the organizing work for you.
-- File report modules are also table-based, but they specifically deal with reporting on the Files in the case, not artifacts.
-- General report modules are free form and you are allowed to organize the output however you want.
-
-Table report modules require their subclasses to override methods to start and end tables, and add rows to those tables. These methods are provided data, generated from a default configuration panel, for the module to report on. Because of this, when creating a table report module one only needs to focus on how to display the data, not how to find it.
-
-File report modules are similar to table report modules, but only require their sub-classes to start and end a single table, and add rows to that table. The methods are given an AbstractFile and a list of FileReportDataTypes, which specify what information about the file should be added to the report. The data can be extracted from the file by calling the FileReportDataTypes getValue method with the file as it's argument.
-
-On the other hand, general report modules have a single method to generate the report. This method gives the module freedom to find and process any data it so chooses. General modules also have the ability to provide a configuration panel, allowing the user to choose from various displayed settings. The report module may then use the user's selection to generate a more specific report.
+All custom report modules will be general report modules. General report modules have a single method to generate the report. This method gives the module freedom to find and process any data it so chooses. General modules also have the ability to provide a configuration panel, allowing the user to choose from various displayed settings. The report module may then use the user's selection to generate a more specific report.
General modules are also given the responsibility of updating their report's progress bar and processing label in the UI. A progress panel is given to every general report module. It contains basic API to start, stop, and add to the progress bar, as well as update the processing label. The module is also expected to check the progress bar's status occasionally to see if the user has manually canceled the report.
\section report_create_module Creating a Report Module
-To create a report module, start off by creating a new Java or Python (Jython) class and implementing (Java) or inheriting (Jython) the appropriate interface:
-- org.sleuthkit.autopsy.report.TableReportModule
-- org.sleuthkit.autopsy.report.FileReportModule
-- org.sleuthkit.autopsy.report.GeneralReportModule
-
-All three of these interfaces extend the org.sleuthkit.autopsy.report.ReportModule interface that defines the following methods:
+To create a report module, start off by creating a new Java or Python (Jython) class and implementing (Java) or inheriting (Jython) from org.sleuthkit.autopsy.report.GeneralReportModule. You'll need to override multiple methods including the following:
- org.sleuthkit.autopsy.report.ReportModule.getName()
- org.sleuthkit.autopsy.report.ReportModule.getDescription()
- org.sleuthkit.autopsy.report.ReportModule.getRelativeFilePath()
-
-These methods will be called by Autopsy when it is presenting the reporting UI to a user.
-
-\subsection report_create_module_table Creating A Table Report Module
-If you implement TableReportModule, you should override the methods:
-- org.sleuthkit.autopsy.report.TableReportModule.startReport(String path)
-- org.sleuthkit.autopsy.report.TableReportModule.endReport()
-- org.sleuthkit.autopsy.report.TableReportModule.startDataType(String title)
-- org.sleuthkit.autopsy.report.TableReportModule.endDataType()
-- org.sleuthkit.autopsy.report.TableReportModule.startSet(String setName)
-- org.sleuthkit.autopsy.report.TableReportModule.endSet()
-- org.sleuthkit.autopsy.report.TableReportModule.addSetIndex(List sets)
-- org.sleuthkit.autopsy.report.TableReportModule.addSetElement(String elementName)
-- org.sleuthkit.autopsy.report.TableReportModule.startTable(List titles)
-- org.sleuthkit.autopsy.report.TableReportModule.endTable()
-- org.sleuthkit.autopsy.report.TableReportModule.addRow(List row)
-- org.sleuthkit.autopsy.report.TableReportModule.dateToString(long date)
-
-When generating table module reports, Autopsy will iterate through a list of user selected data, and call methods such as addRow(List row) for every "row" of data it finds, or startTable(List titles) for every new category it finds. Developers are guaranteed that every start of a data type, set, or table will be followed by an appropriate end. The focus for a table report module should be to take the given information and display it in a user friendly format. See org.sleuthkit.autopsy.report.ReportExcel for an example.
-
-\subsection report_create_module_file Creating a File Report Module
-If you implement FileReportModule, the overriden methods will be:
-- org.sleuthkit.autopsy.report.FileReportModule.startReport(String path)
-- org.sleuthkit.autopsy.report.FileReportModule.endReport()
-- org.sleuthkit.autopsy.report.FileReportModule.startTable(List headers)
-- org.sleuthkit.autopsy.report.FileReportModule.endTable()
-- org.sleuthkit.autopsy.report.FileReportModule.addRow(AbstractFile toAdd, List columns)
-
-As when generating table module reports, Autopsy will iterate through a list of user selected data (which are represented by FileReportDataTypes), and call addRow(AbstractFile toAdd, List columns) for every abstract file in the case. Developers are guaranteed that the order of method calls will be startReport(), startTable(List headers), addRow(AbstractFile toAdd, List columns), AbstractFile toAdd, List columns),..., endTable(), endReport().
-
-\subsection report_create_module_general Creating a General Report Module
-
-If you implement GeneralReportModule, the overridden methods will be:
- org.sleuthkit.autopsy.report.GeneralReportModule.generateReport(String reportPath, ReportProgressPanel progressPanel)
+
+If your report module requires configuration, you'll need to override:
- org.sleuthkit.autopsy.report.GeneralReportModule.getConfigurationPanel()
For general report modules, Autopsy will simply call the generateReport(String reportPath, ReportProgressPanel progressPanel) method and leave it up to the module to aquire and report data in its desired format. The only requirements are that the module saves to the given report path and updates the org.sleuthkit.autopsy.report.ReportProgressPanel as the report progresses.
@@ -90,22 +45,14 @@ if (null == searchService) {
\subsection report_create_module_layer Installing your Report Module
-Report modules developed using Java must be registered in a layer.xml file. This file allows Autopsy to find the report module.
+Adding a service provider annotation allows Autopsy to find your report module.
-An example entry in a layer.xml is shown below:
\code
-
-
-
-
-
-
-
+@ServiceProvider(service = GeneralReportModule.class)
+public class SampleReportModule implements GeneralReportModule {
\endcode
-In the above example, "org-sleuthkit-autopsy-report-ReportHTML" should be replaced with the package path to your report module.
-
-It is also important to remember to include a getDefault() method in your report module. As shown in the code above, the instance to each report module is accessed via it's getDefault() method.
+It is also important to remember to include a getDefault() method in your report module. As shown in the code above, the instance to each report module is accessed via its getDefault() method.
For example:
\code
diff --git a/unix_setup.sh b/unix_setup.sh
index badf2a1505..dc92f38236 100644
--- a/unix_setup.sh
+++ b/unix_setup.sh
@@ -5,7 +5,7 @@
# NOTE: update_sleuthkit_version.pl updates this value and relies
# on it keeping the same name and whitespace. Don't change it.
-TSK_VERSION=4.8.0
+TSK_VERSION=4.9.0
# In the beginning...