Allow events to be associated with data source

Core/src/org/sleuthkit/autopsy/timeline/explorernodes/EventNode.java

@@ -47,6 +47,7 @@ import org.sleuthkit.autopsy.timeline.ui.EventTypeUtils;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.timeline.TimelineEvent;
@@ -62,13 +63,13 @@ public class EventNode extends DisplayableItemNode {
 
     private final TimelineEvent event;
 
-    EventNode(TimelineEvent event, AbstractFile file, BlackboardArtifact artifact) {
+    EventNode(TimelineEvent event, Content file, BlackboardArtifact artifact) {
         super(Children.LEAF, Lookups.fixed(event, file, artifact));
         this.event = event;
         this.setIconBaseWithExtension(EventTypeUtils.getImagePath(event.getEventType())); // NON-NLS
     }
 
-    EventNode(TimelineEvent event, AbstractFile file) {
+    EventNode(TimelineEvent event, Content file) {
         super(Children.LEAF, Lookups.fixed(event, file));
         this.event = event;
         this.setIconBaseWithExtension(EventTypeUtils.getImagePath(event.getEventType())); // NON-NLS
@@ -227,7 +228,7 @@ public class EventNode extends DisplayableItemNode {
              */
         final TimelineEvent eventById = eventsModel.getEventById(eventID);
 
-            AbstractFile file = sleuthkitCase.getAbstractFileById(eventById.getFileID());
+            Content file = sleuthkitCase.getContentById(eventById.getFileObjID());
 
             if (eventById.getArtifactID().isPresent()) {
                 BlackboardArtifact blackboardArtifact = sleuthkitCase.getBlackboardArtifact(eventById.getArtifactID().get());

Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/EventNodeBase.java

@@ -298,7 +298,7 @@ public abstract class EventNodeBase<Type extends DetailViewEvent> extends StackP
                         try {
                             //TODO:push this to DB
                             for (TimelineEvent tle : eventsModel.getEventsById(tlEvent.getEventIDsWithHashHits())) {
-                                Set<String> hashSetNames = sleuthkitCase.getAbstractFileById(tle.getFileID()).getHashSetNames();
+                                Set<String> hashSetNames = sleuthkitCase.getContentById(tle.getFileObjID()).getHashSetNames();
                                 for (String hashSetName : hashSetNames) {
                                     hashSetCounts.merge(hashSetName, 1L, Long::sum);
                                 }

Core/src/org/sleuthkit/autopsy/timeline/ui/detailview/datamodel/SingleDetailsViewEvent.java

@@ -38,9 +38,9 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
 
     private final long eventID;
     /**
-     * The TSK object ID of the file this event is derived from.
+     * The TSK object ID of the file (could be data source) this event is derived from.
      */
-    private final long objID;
+    private final long fileObjId;
 
     /**
      * The TSK artifact ID of the file this event is derived from. Null, if this
@@ -51,7 +51,7 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
     /**
      * The TSK datasource ID of the datasource this event belongs to.
      */
-    private final long dataSourceID;
+    private final long dataSourceObjId;
 
     /**
      * The time of this event in second from the Unix epoch.
@@ -90,10 +90,25 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
      */
     private MultiEvent<?> parent = null;
 
-    public SingleDetailsViewEvent(long eventID, long dataSourceID, long objID, Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) {
+    /**
+     * 
+     * @param eventID
+     * @param dataSourceObjId
+     * @param fileObjId Object Id of file (could be a data source) that event is associated with
+     * @param artifactID
+     * @param time
+     * @param type
+     * @param fullDescription
+     * @param medDescription
+     * @param shortDescription
+     * @param known
+     * @param hashHit
+     * @param tagged 
+     */
+    public SingleDetailsViewEvent(long eventID, long dataSourceObjId, long fileObjId, Long artifactID, long time, EventType type, String fullDescription, String medDescription, String shortDescription, TskData.FileKnown known, boolean hashHit, boolean tagged) {
         this.eventID = eventID;
-        this.dataSourceID = dataSourceID;
-        this.objID = objID;
+        this.dataSourceObjId = dataSourceObjId;
+        this.fileObjId = fileObjId;
         this.artifactID = Long.valueOf(0).equals(artifactID) ? null : artifactID;
         this.time = time;
         this.type = type;
@@ -107,8 +122,8 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
 
     public SingleDetailsViewEvent(TimelineEvent singleEvent) {
         this(singleEvent.getEventID(),
-                singleEvent.getDataSourceID(),
-                singleEvent.getFileID(),
+                singleEvent.getDataSourceObjID(),
+                singleEvent.getFileObjID(),
                 singleEvent.getArtifactID().orElse(null),
                 singleEvent.getTime(),
                 singleEvent.getEventType(),
@@ -130,7 +145,7 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
      *         with the given parent.
      */
     public SingleDetailsViewEvent withParent(MultiEvent<?> newParent) {
-        SingleDetailsViewEvent singleEvent = new SingleDetailsViewEvent(eventID, dataSourceID, objID, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged);
+        SingleDetailsViewEvent singleEvent = new SingleDetailsViewEvent(eventID, dataSourceObjId, fileObjId, artifactID, time, type, descriptions.get(DescriptionLoD.FULL), descriptions.get(DescriptionLoD.MEDIUM), descriptions.get(DescriptionLoD.SHORT), known, hashHit, tagged);
         singleEvent.parent = newParent;
         return singleEvent;
     }
@@ -176,12 +191,12 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
     }
 
     /**
-     * Get the obj id of the file this event is derived from.
+     * Get the obj id of the file (which could be a data source) this event is derived from.
      *
      * @return the object id.
      */
     public long getFileID() {
-        return objID;
+        return fileObjId;
     }
 
     /**
@@ -250,8 +265,8 @@ public class SingleDetailsViewEvent implements DetailViewEvent {
      *
      * @return the datasource id.
      */
-    public long getDataSourceID() {
-        return dataSourceID;
+    public long getDataSourceObjID() {
+        return dataSourceObjId;
     }
 
     @Override

Core/src/org/sleuthkit/autopsy/timeline/ui/listvew/ListTimeline.java

@@ -90,6 +90,7 @@ import static org.sleuthkit.autopsy.timeline.ui.EventTypeUtils.getImagePath;
 import org.sleuthkit.autopsy.timeline.ui.listvew.datamodel.CombinedEvent;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
+import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.DescriptionLoD;
@@ -457,13 +458,13 @@ class ListTimeline extends BorderPane {
                 SortedSet<String> tagNames = new TreeSet<>();
                 try {
                     //get file tags
-                    AbstractFile abstractFileById = sleuthkitCase.getAbstractFileById(getEvent().getFileID());
-                    tagsManager.getContentTagsByContent(abstractFileById).stream()
+                    Content file = sleuthkitCase.getContentById(getEvent().getFileObjID());
+                    tagsManager.getContentTagsByContent(file).stream()
                             .map(tag -> tag.getName().getDisplayName())
                             .forEach(tagNames::add);
 
                 } catch (TskCoreException ex) {
-                    logger.log(Level.SEVERE, "Failed to lookup tags for obj id " + getEvent().getFileID(), ex); //NON-NLS
+                    logger.log(Level.SEVERE, "Failed to lookup tags for obj id " + getEvent().getFileObjID(), ex); //NON-NLS
                     Platform.runLater(() -> {
                         Notifications.create()
                                 .owner(getScene().getWindow())
@@ -527,12 +528,12 @@ class ListTimeline extends BorderPane {
                  */
                 setGraphic(new ImageView(HASH_HIT));
                 try {
-                    Set<String> hashSetNames = new TreeSet<>(sleuthkitCase.getAbstractFileById(getEvent().getFileID()).getHashSetNames());
+                    Set<String> hashSetNames = new TreeSet<>(sleuthkitCase.getContentById(getEvent().getFileObjID()).getHashSetNames());
                     Tooltip tooltip = new Tooltip(Bundle.ListTimeline_hashHitTooltip_text(String.join("\n", hashSetNames))); //NON-NLS
                     tooltip.setGraphic(new ImageView(HASH_HIT));
                     setTooltip(tooltip);
                 } catch (TskCoreException ex) {
-                    logger.log(Level.SEVERE, "Failed to lookup hash set names for obj id " + getEvent().getFileID(), ex); //NON-NLS
+                    logger.log(Level.SEVERE, "Failed to lookup hash set names for obj id " + getEvent().getFileObjID(), ex); //NON-NLS
                     Platform.runLater(() -> {
                         Notifications.create()
                                 .owner(getScene().getWindow())