From ac9e9b4b561fdad4054bc572de88c89e3b153986 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Tue, 6 Jun 2017 14:02:24 -0400
Subject: [PATCH 1/4] 1895 - add timeline action to context menu for ad hoc
 searches

---
 .../autopsy/datamodel/KeyValueNode.java       | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java
index a04f7a0b51..b19af8d733 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java
@@ -18,13 +18,18 @@
  */
 package org.sleuthkit.autopsy.datamodel;
 
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.List;
 import java.util.Map;
+import javax.swing.Action;
 import org.openide.nodes.AbstractNode;
 import org.openide.nodes.Children;
 import org.openide.nodes.Sheet;
 import org.openide.util.Lookup;
 import org.openide.util.NbBundle;
 import org.openide.util.lookup.Lookups;
+import org.sleuthkit.autopsy.timeline.actions.ViewFileInTimelineAction;
 import org.sleuthkit.datamodel.AbstractFile;
 
 /**
@@ -93,4 +98,26 @@ public class KeyValueNode extends AbstractNode {
 
         return s;
     }
+
+    /**
+     * Right click action for the nodes that we want to pass to the directory
+     * table and the output view.
+     *
+     * @param popup
+     *
+     * @return actions
+     */
+    @Override
+    public Action[] getActions(boolean popup) {
+        List<Action> actions = new ArrayList<>();
+        actions.addAll(Arrays.asList(super.getActions(popup)));
+        //if this artifact has associated content, add the action to view the content in the timeline
+        AbstractFile file = getLookup().lookup(AbstractFile.class);
+        if (null != file) {
+            actions.add(ViewFileInTimelineAction.createViewSourceFileAction(file));
+        }
+        actions.add(null); // creates a menu separator
+
+        return actions.toArray(new Action[actions.size()]);
+    }
 }

From a0c4e40f67de394053bf46364d979058b337b879 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Tue, 6 Jun 2017 14:03:09 -0400
Subject: [PATCH 2/4] 1895 create context menu for results of type other than
 File

---
 .../KeywordSearchFilterNode.java              | 46 ++++++++++++++++---
 1 file changed, 39 insertions(+), 7 deletions(-)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
index 47b36de0be..66bdcc31d7 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
@@ -19,6 +19,7 @@
 package org.sleuthkit.autopsy.keywordsearch;
 
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.HashSet;
 import java.util.List;
@@ -42,7 +43,12 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.DerivedFile;
+import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.File;
+import org.sleuthkit.datamodel.LayoutFile;
+import org.sleuthkit.datamodel.LocalFile;
+import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.VirtualDirectory;
 
 /**
  *
@@ -92,7 +98,7 @@ class KeywordSearchFilterNode extends FilterNode {
     public Action[] getActions(boolean popup) {
 
         List<Action> actions = new ArrayList<>();
-
+        actions.addAll(Arrays.asList(super.getActions(popup)));
         Content content = this.getOriginal().getLookup().lookup(Content.class);
         actions.addAll(content.accept(new GetPopupActionsContentVisitor()));
 
@@ -111,6 +117,32 @@ class KeywordSearchFilterNode extends FilterNode {
             return getFileActions();
         }
 
+        @Override
+        public List<Action> visit(Directory d) {
+            return getFileActions();
+        }
+
+        @Override
+        public List<Action> visit(LayoutFile lf) {
+            // layout files do not have times
+            return getFileActions();
+        }
+
+        @Override
+        public List<Action> visit(LocalFile lf) {
+            return getFileActions();
+        }
+
+        @Override
+        public List<Action> visit(SlackFile f) {
+            return getFileActions();
+        }
+
+        @Override
+        public List<Action> visit(VirtualDirectory dir) {
+            return getFileActions();
+        }
+
         private List<Action> getFileActions() {
             List<Action> actionsList = new ArrayList<>();
             actionsList.add(new NewWindowViewAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.viewInNewWinActionLbl"), KeywordSearchFilterNode.this));
@@ -120,20 +152,20 @@ class KeywordSearchFilterNode extends FilterNode {
             actionsList.add(new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal()));
             actionsList.add(null); // creates a menu separator
             actionsList.add(AddContentTagAction.getInstance());
-        
-            final Collection<AbstractFile> selectedFilesList =
-                    new HashSet<>(Utilities.actionsGlobalContext().lookupAll(AbstractFile.class));
-            if(selectedFilesList.size() == 1) {
+
+            final Collection<AbstractFile> selectedFilesList
+                    = new HashSet<>(Utilities.actionsGlobalContext().lookupAll(AbstractFile.class));
+            if (selectedFilesList.size() == 1) {
                 actionsList.add(DeleteFileContentTagAction.getInstance());
             }
-            
+
             actionsList.addAll(ContextMenuExtensionPoint.getActions());
             return actionsList;
         }
 
         @Override
         protected List<Action> defaultVisit(Content c) {
-            return new ArrayList<>();
+           return getFileActions();
         }
     }
 }

From cc028339912146f1f3a6f5022375c330bd591bca Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Tue, 6 Jun 2017 15:21:51 -0400
Subject: [PATCH 3/4] 1895 minor formating and copyright adjustments to
 KeyValueNode and KeywordSearchFilterNode

---
 Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java      | 2 +-
 .../autopsy/keywordsearch/KeywordSearchFilterNode.java          | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java
index b19af8d733..0331bbbb1b 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/KeyValueNode.java
@@ -1,7 +1,7 @@
 /*
  * Autopsy Forensic Browser
  *
- * Copyright 2011-2014 Basis Technology Corp.
+ * Copyright 2011-2017 Basis Technology Corp.
  * Contact: carrier <at> sleuthkit <dot> org
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
index 66bdcc31d7..f90888b000 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
@@ -165,7 +165,7 @@ class KeywordSearchFilterNode extends FilterNode {
 
         @Override
         protected List<Action> defaultVisit(Content c) {
-           return getFileActions();
+            return getFileActions();
         }
     }
 }

From ed9176563ab3d218bc6ca6d8075b78845b6abfa4 Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Thu, 8 Jun 2017 13:36:09 -0400
Subject: [PATCH 4/4] 1895 find MD5 matches now disabled for non-relevant
 files, works for carved files

---
 .../hashdatabase/HashDbSearchAction.java      | 21 ++++++++++++++-
 .../KeywordSearchFilterNode.java              | 26 +++++++++++--------
 2 files changed, 35 insertions(+), 12 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
index 3d567b75ca..ceecbe1d22 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbSearchAction.java
@@ -29,6 +29,9 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
+import org.sleuthkit.datamodel.LayoutFile;
+import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.VirtualDirectory;
 
 /**
  * Searches for FsContent Files with the same MD5 hash as the given Node's
@@ -90,6 +93,22 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
         protected AbstractFile defaultVisit(Content cntnt) {
             return null;
         }
+
+        @Override
+        public AbstractFile visit(LayoutFile lf) {
+            // layout files do not have times
+            return lf;
+        }
+
+        @Override
+        public AbstractFile visit(SlackFile f) {
+            return f;
+        }
+
+        @Override
+        public AbstractFile visit(VirtualDirectory dir) {
+            return ContentUtils.isDotDirectory(dir) ? null : dir;
+        }
     }
 
     /**
@@ -100,7 +119,7 @@ public class HashDbSearchAction extends CallableSystemAction implements HashSear
     @Override
     public void performAction() {
         // Make sure at least 1 file has an md5 hash
-        if (HashDbSearcher.countFilesMd5Hashed() > 0) {
+        if (file != null && HashDbSearcher.countFilesMd5Hashed() > 0) {
             doSearch();
         } else {
             JOptionPane.showMessageDialog(null,
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
index f90888b000..7674ee5e34 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchFilterNode.java
@@ -48,6 +48,7 @@ import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.LocalFile;
 import org.sleuthkit.datamodel.SlackFile;
+import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.datamodel.VirtualDirectory;
 
 /**
@@ -109,47 +110,50 @@ class KeywordSearchFilterNode extends FilterNode {
 
         @Override
         public List<Action> visit(File f) {
-            return getFileActions();
+            return getFileActions(true);
         }
 
         @Override
         public List<Action> visit(DerivedFile f) {
-            return getFileActions();
+            return getFileActions(true);
         }
 
         @Override
         public List<Action> visit(Directory d) {
-            return getFileActions();
+            return getFileActions(false);
         }
 
         @Override
         public List<Action> visit(LayoutFile lf) {
-            // layout files do not have times
-            return getFileActions();
+            //we want hashsearch enabled on carved files but not unallocated blocks
+            boolean enableHashSearch = (lf.getType() == TskData.TSK_DB_FILES_TYPE_ENUM.CARVED);
+            return getFileActions(enableHashSearch);
         }
 
         @Override
         public List<Action> visit(LocalFile lf) {
-            return getFileActions();
+            return getFileActions(true);
         }
 
         @Override
         public List<Action> visit(SlackFile f) {
-            return getFileActions();
+            return getFileActions(false);
         }
 
         @Override
         public List<Action> visit(VirtualDirectory dir) {
-            return getFileActions();
+            return getFileActions(false);
         }
 
-        private List<Action> getFileActions() {
+        private List<Action> getFileActions(boolean enableHashSearch) {
             List<Action> actionsList = new ArrayList<>();
             actionsList.add(new NewWindowViewAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.viewInNewWinActionLbl"), KeywordSearchFilterNode.this));
             actionsList.add(new ExternalViewerAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.openExternViewActLbl"), getOriginal()));
             actionsList.add(null);
             actionsList.add(ExtractAction.getInstance());
-            actionsList.add(new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal()));
+            Action hashSearchAction = new HashSearchAction(NbBundle.getMessage(this.getClass(), "KeywordSearchFilterNode.getFileActions.searchSameMd5"), getOriginal());
+            hashSearchAction.setEnabled(enableHashSearch);
+            actionsList.add(hashSearchAction);
             actionsList.add(null); // creates a menu separator
             actionsList.add(AddContentTagAction.getInstance());
 
@@ -165,7 +169,7 @@ class KeywordSearchFilterNode extends FilterNode {
 
         @Override
         protected List<Action> defaultVisit(Content c) {
-            return getFileActions();
+            return getFileActions(false);
         }
     }
 }