From 83f271dda71d9310c1d2ca7166a62c079cef969e Mon Sep 17 00:00:00 2001
From: Alex Ebadirad <aebadirad@42six.com>
Date: Mon, 26 Mar 2012 11:06:11 -0700
Subject: [PATCH 1/4] Fixes to nulls in report column, recent doc display
 modified, moved progress bar down below buttons in report filter, removed
 artifact id column from hashset table, report window once again resizable,
 now a new report gets generated each time, clearing out the old one. Added a
 non-linked table of contents with number of hits at the top of the html
 report.

Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
---
 .../autopsy/report/reportFilter.form          | 64 +++++++++------
 .../autopsy/report/reportFilter.java          | 53 ++++++------
 .../sleuthkit/autopsy/report/reportHTML.java  | 80 ++++++++++++++-----
 .../autopsy/report/reportPanelAction.java     |  2 +-
 4 files changed, 129 insertions(+), 70 deletions(-)
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilter.form b/Report/src/org/sleuthkit/autopsy/report/reportFilter.form
index d6a44ab924..8ce061c777 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportFilter.form
+++ b/Report/src/org/sleuthkit/autopsy/report/reportFilter.form
@@ -16,6 +16,11 @@
       </Properties>
     </Component>
   </NonVisualComponents>
+  <Properties>
+    <Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
+      <Dimension value="[250, 193]"/>
+    </Property>
+  </Properties>
   <AuxValues>
     <AuxValue name="FormSettings_autoResourcing" type="java.lang.Integer" value="1"/>
     <AuxValue name="FormSettings_autoSetComponentName" type="java.lang.Boolean" value="false"/>
@@ -32,42 +37,48 @@
     <DimensionLayout dim="0">
       <Group type="103" groupAlignment="0" attributes="0">
           <Group type="102" attributes="0">
-              <EmptySpace min="-2" pref="38" max="-2" attributes="0"/>
+              <EmptySpace max="-2" attributes="0"/>
               <Group type="103" groupAlignment="0" attributes="0">
-                  <Group type="102" attributes="0">
+                  <Group type="102" alignment="0" attributes="0">
                       <Group type="103" groupAlignment="0" attributes="0">
-                          <Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
                           <Group type="102" alignment="0" attributes="0">
                               <Group type="103" groupAlignment="0" attributes="0">
-                                  <Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
-                                  <Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
-                              </Group>
-                              <EmptySpace max="-2" attributes="0"/>
-                              <Group type="103" groupAlignment="0" attributes="0">
-                                  <Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
-                                  <Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
+                                  <Component id="jCheckBox3" alignment="0" min="-2" max="-2" attributes="0"/>
+                                  <Group type="102" alignment="0" attributes="0">
+                                      <Group type="103" groupAlignment="0" attributes="0">
+                                          <Component id="jCheckBox2" alignment="0" min="-2" max="-2" attributes="0"/>
+                                          <Component id="jCheckBox1" alignment="0" min="-2" max="-2" attributes="0"/>
+                                      </Group>
+                                      <EmptySpace max="-2" attributes="0"/>
+                                      <Group type="103" groupAlignment="0" attributes="0">
+                                          <Component id="jCheckBox5" min="-2" max="-2" attributes="0"/>
+                                          <Component id="jCheckBox4" alignment="0" min="-2" max="-2" attributes="0"/>
+                                      </Group>
+                                  </Group>
                               </Group>
+                              <EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
+                          </Group>
+                          <Group type="102" alignment="0" attributes="0">
+                              <Component id="jButton1" min="-2" max="-2" attributes="0"/>
+                              <EmptySpace max="32767" attributes="0"/>
+                              <Component id="cancelButton" min="-2" max="-2" attributes="0"/>
+                              <EmptySpace min="-2" pref="156" max="-2" attributes="0"/>
                           </Group>
                       </Group>
-                      <EmptySpace min="-2" pref="69" max="-2" attributes="0"/>
+                      <EmptySpace min="-2" max="-2" attributes="0"/>
                   </Group>
                   <Group type="102" alignment="0" attributes="0">
-                      <Component id="jButton1" min="-2" max="-2" attributes="0"/>
-                      <EmptySpace pref="15" max="32767" attributes="0"/>
-                      <Component id="cancelButton" min="-2" max="-2" attributes="0"/>
-                      <EmptySpace type="unrelated" max="-2" attributes="0"/>
-                      <Component id="progBar" min="-2" max="-2" attributes="0"/>
-                      <EmptySpace min="-2" pref="42" max="-2" attributes="0"/>
+                      <Component id="progBar" min="-2" pref="231" max="-2" attributes="0"/>
+                      <EmptySpace pref="109" max="32767" attributes="0"/>
                   </Group>
               </Group>
-              <EmptySpace max="-2" attributes="0"/>
           </Group>
       </Group>
     </DimensionLayout>
     <DimensionLayout dim="1">
       <Group type="103" groupAlignment="0" attributes="0">
           <Group type="102" alignment="0" attributes="0">
-              <EmptySpace min="-2" pref="24" max="-2" attributes="0"/>
+              <EmptySpace max="-2" attributes="0"/>
               <Group type="103" groupAlignment="3" attributes="0">
                   <Component id="jCheckBox1" alignment="3" min="-2" max="-2" attributes="0"/>
                   <Component id="jCheckBox4" alignment="3" min="-2" max="-2" attributes="0"/>
@@ -80,14 +91,13 @@
               <EmptySpace type="separate" max="-2" attributes="0"/>
               <Component id="jCheckBox3" min="-2" max="-2" attributes="0"/>
               <EmptySpace type="separate" max="-2" attributes="0"/>
-              <Group type="103" groupAlignment="0" attributes="0">
-                  <Group type="103" groupAlignment="3" attributes="0">
-                      <Component id="jButton1" alignment="3" max="32767" attributes="1"/>
-                      <Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
-                  </Group>
-                  <Component id="progBar" min="-2" max="-2" attributes="1"/>
+              <Group type="103" groupAlignment="3" attributes="0">
+                  <Component id="jButton1" alignment="3" max="32767" attributes="1"/>
+                  <Component id="cancelButton" alignment="3" max="32767" attributes="1"/>
               </Group>
               <EmptySpace max="-2" attributes="0"/>
+              <Component id="progBar" pref="17" max="32767" attributes="1"/>
+              <EmptySpace max="-2" attributes="0"/>
           </Group>
       </Group>
     </DimensionLayout>
@@ -152,11 +162,13 @@
     </Component>
     <Component class="javax.swing.JProgressBar" name="progBar">
       <Properties>
+        <Property name="doubleBuffered" type="boolean" value="true"/>
         <Property name="enabled" type="boolean" value="false"/>
         <Property name="name" type="java.lang.String" value="" noResource="true"/>
         <Property name="preferredSize" type="java.awt.Dimension" editor="org.netbeans.beaninfo.editors.DimensionEditor">
-          <Dimension value="[146, 23]"/>
+          <Dimension value="[146, 15]"/>
         </Property>
+        <Property name="stringPainted" type="boolean" value="true"/>
       </Properties>
     </Component>
     <Component class="javax.swing.JButton" name="cancelButton">
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportFilter.java b/Report/src/org/sleuthkit/autopsy/report/reportFilter.java
index 0af6be7cbb..0e5ad341e4 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportFilter.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportFilter.java
@@ -57,6 +57,8 @@ public class reportFilter extends javax.swing.JPanel {
         jButton2.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.actionCommand")); // NOI18N
         jButton2.setLabel(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jButton2.label")); // NOI18N
 
+        setPreferredSize(new java.awt.Dimension(250, 193));
+
         jCheckBox1.setSelected(true);
         jCheckBox1.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.jCheckBox1.text")); // NOI18N
         jCheckBox1.addActionListener(new java.awt.event.ActionListener() {
@@ -89,9 +91,11 @@ public class reportFilter extends javax.swing.JPanel {
             }
         });
 
+        progBar.setDoubleBuffered(true);
         progBar.setEnabled(false);
         progBar.setName(""); // NOI18N
-        progBar.setPreferredSize(new java.awt.Dimension(146, 23));
+        progBar.setPreferredSize(new java.awt.Dimension(146, 15));
+        progBar.setStringPainted(true);
 
         cancelButton.setText(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.text")); // NOI18N
         cancelButton.setActionCommand(org.openide.util.NbBundle.getMessage(reportFilter.class, "reportFilter.cancelButton.actionCommand")); // NOI18N
@@ -107,33 +111,36 @@ public class reportFilter extends javax.swing.JPanel {
         layout.setHorizontalGroup(
             layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
             .addGroup(layout.createSequentialGroup()
-                .addGap(38, 38, 38)
+                .addContainerGap()
                 .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
                     .addGroup(layout.createSequentialGroup()
                         .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-                            .addComponent(jCheckBox3)
                             .addGroup(layout.createSequentialGroup()
                                 .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-                                    .addComponent(jCheckBox2)
-                                    .addComponent(jCheckBox1))
-                                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
-                                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-                                    .addComponent(jCheckBox5)
-                                    .addComponent(jCheckBox4))))
-                        .addGap(69, 69, 69))
+                                    .addComponent(jCheckBox3)
+                                    .addGroup(layout.createSequentialGroup()
+                                        .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                                            .addComponent(jCheckBox2)
+                                            .addComponent(jCheckBox1))
+                                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                                        .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                                            .addComponent(jCheckBox5)
+                                            .addComponent(jCheckBox4))))
+                                .addGap(69, 69, 69))
+                            .addGroup(layout.createSequentialGroup()
+                                .addComponent(jButton1)
+                                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+                                .addComponent(cancelButton)
+                                .addGap(156, 156, 156)))
+                        .addContainerGap())
                     .addGroup(layout.createSequentialGroup()
-                        .addComponent(jButton1)
-                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED, 15, Short.MAX_VALUE)
-                        .addComponent(cancelButton)
-                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
-                        .addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)
-                        .addGap(42, 42, 42)))
-                .addContainerGap())
+                        .addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, 231, javax.swing.GroupLayout.PREFERRED_SIZE)
+                        .addContainerGap(109, Short.MAX_VALUE))))
         );
         layout.setVerticalGroup(
             layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
             .addGroup(layout.createSequentialGroup()
-                .addGap(24, 24, 24)
+                .addContainerGap()
                 .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
                     .addComponent(jCheckBox1)
                     .addComponent(jCheckBox4))
@@ -144,11 +151,11 @@ public class reportFilter extends javax.swing.JPanel {
                 .addGap(18, 18, 18)
                 .addComponent(jCheckBox3)
                 .addGap(18, 18, 18)
-                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
-                    .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
-                        .addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
-                        .addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
-                    .addComponent(progBar, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE))
+                .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
+                    .addComponent(jButton1, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
+                    .addComponent(cancelButton, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE))
+                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                .addComponent(progBar, javax.swing.GroupLayout.DEFAULT_SIZE, 17, Short.MAX_VALUE)
                 .addContainerGap())
         );
     }// </editor-fold>//GEN-END:initComponents
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
index 2019ee0da9..101b0f3a5c 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
@@ -38,6 +38,10 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
     
     //This is literally a terrible way to count up all the types of artifacts, and doesn't include any added ones. 
     //Unlike the XML report, which is dynamic, this is formatted and needs to be redone later instead of being hardcoded.
+    //Also, clearing variables to generate new report.
+    formatted_Report.setLength(0);
+    unformatted_header.setLength(0);
+    formatted_header.setLength(0);
    
       int countGen = 0;
       int countWebBookmark = 0;
@@ -128,6 +132,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                      + "table tr th {text-align: left; width: 80px;} "
                    + "table td {width: 100px; font-size: 8px; display: table-cell; padding: 4px 8px;} "
                    + "table tr {text-align: left; width: 60px; background: #f3f3f3;} "
+                    + "tr.alt td{ background-color: #FFFFFF;}"
                      + "</style>";
            unformatted_header.append(header);
            unformatted_header.append(simpleCSS);
@@ -140,15 +145,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
             {
                 formatted_Report.append(ingestwarning);
             }
-            formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
+             formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
             formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
             formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
             formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
             formatted_Report.append("<li># of Dirs: ").append(totaldirs.toString()).append("</li>");
-            formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li>");
+            formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
+            
+            formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
+            formatted_Report.append("<tr><td>Web Bookmarks</td><td>").append(countWebBookmark).append("</td></tr>");
+            formatted_Report.append("<tr><td>Web History</td><td>").append(countWebHistory).append("</td></tr>");
+            formatted_Report.append("<tr><td>Web Downloads</td><td>").append(countWebDownload).append("</td></tr>");
+            formatted_Report.append("<tr><td>Recent Documents</td><td>").append(countRecentObjects).append("</td></tr>");
+            formatted_Report.append("<tr><td>Installed Programs</td><td>").append(countInstalled).append("</td></tr>");
+            formatted_Report.append("<tr><td>Keyword Hits</td><td>").append(countKeyword).append("</td></tr>");
+            formatted_Report.append("<tr><td>Hash Hits</td><td>").append(countHash).append("</td></tr>");
+             formatted_Report.append("</tbody></table><br />");
             String tableHeader = "<table><thead><tr>";
              StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
-             StringBuilder nodeWebBookmark =  new StringBuilder("<h3>Web Bookmarks (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
+             StringBuilder nodeWebBookmark =  new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks</a> (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
              StringBuilder nodeWebCookie =  new StringBuilder("<h3>Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
              StringBuilder nodeWebHistory =  new StringBuilder("<h3>Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
              StringBuilder nodeWebDownload =  new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
@@ -156,13 +171,24 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
              StringBuilder nodeTrackPoint =  new StringBuilder("<h3>Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
              StringBuilder nodeInstalled =  new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
              StringBuilder nodeKeyword =  new StringBuilder("<h3>Keyword Search Hits (").append(countKeyword).append(")</h3>");
-             StringBuilder nodeHash =  new StringBuilder("<h3>Hashset Hits (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
-            
+             StringBuilder nodeHash =  new StringBuilder("<h3>Hashset Hits (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
+             int alt = 0;
+             String altRow = "";
              for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
                  if(reportFilter.cancel == true){
                      break;
                  }
                  int cc = 0;
+                 
+                 if(alt > 0)
+                 {
+                     altRow = " class=\"alt\"";
+                     alt = 0;
+                 }
+                 else{
+                     altRow="";
+                     alt++;
+                 }
                StringBuilder artifact = new StringBuilder("");
                 Long objId = entry.getKey().getObjectID();
                 //Content file = skCase.getContentById(objId);
@@ -172,15 +198,27 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                 
                  
                  TreeMap<Integer, String> attributes = new TreeMap<Integer,String>();
-                    // Get all the attributes, line them up to be added.
+                    // Get all the attributes, line them up to be added. Place empty string placeholders for each attribute type
+                 int n;
+                 for(n=1;n<=35;n++)
+                 {
+                     attributes.put(n, "");
+                     
+                 }
                      for (BlackboardAttribute tempatt : entry.getValue())
                          {
                              if(reportFilter.cancel == true){
                                  break;
                                  }
-                          
+                         String value = "";
                          int type = tempatt.getAttributeTypeID();
-                         String value = tempatt.getValueString();
+                         if(tempatt.getValueString() == null || tempatt.getValueString() == "null"){
+                         
+                         }
+                         else
+                         {
+                          value = tempatt.getValueString();
+                         }
                          value = reportUtils.insertPeriodically(value, "<br>", 30);
                           attributes.put(type, value);
                           cc++;
@@ -193,14 +231,14 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                         nodeGen.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 2){
-                        artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
+                        artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
                         artifact.append("<td>").append(attributes.get(3)).append("</td>");
                         artifact.append("<td>").append(attributes.get(4)).append("</td>");
                         artifact.append("</tr>");
                         nodeWebBookmark.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 3){
-                        artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
+                       artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
                         artifact.append("<td>").append(attributes.get(2)).append("</td>");
                         artifact.append("<td>").append(attributes.get(3)).append("</td>");
                         artifact.append("<td>").append(attributes.get(6)).append("</td>");
@@ -209,8 +247,8 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                         nodeWebCookie.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 4){
-                        artifact.append("<tr><td>").append(attributes.get(1)).append("</td>");
-                        artifact.append("<td>").append(attributes.get(2)).append("</td>");
+                       artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(1)).append("</td>");
+                        artifact.append("<td>").append(attributes.get(33)).append("</td>");
                         artifact.append("<td>").append(attributes.get(32)).append("</td>");
                         artifact.append("<td>").append(attributes.get(3)).append("</td>");
                         artifact.append("<td>").append(attributes.get(4)).append("</td>");
@@ -218,29 +256,30 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                         nodeWebHistory.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 5){
-                         artifact.append("<tr><td>").append(attributes.get(8)).append("</td>");
+                       artifact.append("<tr").append(altRow).append("><td>").append(attributes.get(8)).append("</td>");
                          artifact.append("<td>").append(attributes.get(1)).append("</td>");  
-                         artifact.append("<td>").append(attributes.get(2)).append("</td>");  
+                         artifact.append("<td>").append(attributes.get(33)).append("</td>");  
                          artifact.append("<td>").append(attributes.get(4)).append("</td>");   
                          artifact.append("</tr>");
                          nodeWebDownload.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 6){
-                         artifact.append("<tr><td>").append(objId.toString());
-                         artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
+                         //artifact.append("<tr><td>").append(objId.toString());
+                      artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(6)).append("</strong></td>");
+                         artifact.append("<td>").append(attributes.get(5)).append("</td>");  
                          artifact.append("<td>").append(filesize.toString()).append("</td>");  
                          artifact.append("</tr>");
                          nodeRecentObjects.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 7){
-                         artifact.append("<tr><td>").append(objId.toString());
+                         artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
                          artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
                          artifact.append("<td>").append(filesize.toString()).append("</td>");  
                          artifact.append("</tr>");
                          nodeTrackPoint.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 8){
-                         artifact.append("<tr><td>").append(objId.toString());
+                         artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
                          artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
                          artifact.append("<td>").append(filesize.toString()).append("</td>");  
                          artifact.append("</tr>");
@@ -254,8 +293,8 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                      //    nodeKeyword.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 10){
-                         artifact.append("<tr><td>").append(objId.toString());
-                         artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
+                        // artifact.append("<tr><td>").append(objId.toString());
+                        artifact.append("<tr").append(altRow).append("><td><strong>").append(file.getName().toString()).append("</strong></td>");
                          artifact.append("<td>").append(filesize.toString()).append("</td>");  
                          //artifact.append("<td>").append(attributes.get(31)).append("</td>");
                          artifact.append("<td>").append(attributes.get(30)).append("</td>");
@@ -268,6 +307,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
             //Add them back in order
             //formatted_Report.append(nodeGen);
            // formatted_Report.append("</tbody></table>");
+            
             formatted_Report.append(nodeWebBookmark);
             formatted_Report.append("</tbody></table>");
             formatted_Report.append(nodeWebCookie);
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
index 4528aff206..023c29d263 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
@@ -97,7 +97,7 @@ public class reportPanelAction {
             // add the panel to the popup window
             popUpWindow.add(panel);
             
-            popUpWindow.setResizable(false);
+            popUpWindow.setResizable(true);
             popUpWindow.pack();
             // set the location of the popUp Window on the center of the screen
             Dimension screenDimension = Toolkit.getDefaultToolkit().getScreenSize();

From 52fcef0014201d1d33cff304f70fd504fd216509 Mon Sep 17 00:00:00 2001
From: Alex Ebadirad <aebadirad@42six.com>
Date: Mon, 26 Mar 2012 12:04:33 -0700
Subject: [PATCH 2/4] Installed programs now available w/ version of windows

Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
---
 .../release/rr/plugins/autopsyuninstall.pl    |  4 +-
 .../release/rr/plugins/autopsywinver.pl       |  2 +-
 .../recentactivity/ExtractRegistry.java       | 46 +++++++++++++++++--
 .../sleuthkit/autopsy/report/reportHTML.java  |  7 ++-
 4 files changed, 47 insertions(+), 12 deletions(-)

diff --git a/RecentActivity/release/rr/plugins/autopsyuninstall.pl b/RecentActivity/release/rr/plugins/autopsyuninstall.pl
index 1cff08cf14..30fc0dcd74 100644
--- a/RecentActivity/release/rr/plugins/autopsyuninstall.pl
+++ b/RecentActivity/release/rr/plugins/autopsyuninstall.pl
@@ -73,9 +73,9 @@ sub pluginmain {
 	 			push(@{$uninst{$lastwrite}},$display);
 	 		}
 	 		foreach my $t (reverse sort {$a <=> $b} keys %uninst) {
-				::rptMsg("<item name=\"". gmtime($t).">");
+				#::rptMsg("<item name=\"". gmtime($t)."\">");
 				foreach my $item (@{$uninst{$t}}) {
-					::rptMsg($item."</item>");
+					::rptMsg("<item name=\"". gmtime($t)."\">" .$item."</item>");
 				}
 				#::rptMsg("");
 			}
diff --git a/RecentActivity/release/rr/plugins/autopsywinver.pl b/RecentActivity/release/rr/plugins/autopsywinver.pl
index a13795b6b6..73cb5a3017 100644
--- a/RecentActivity/release/rr/plugins/autopsywinver.pl
+++ b/RecentActivity/release/rr/plugins/autopsywinver.pl
@@ -104,6 +104,6 @@ sub pluginmain {
 		#::rptMsg($key_path." not found.");
 		#::logMsg($key_path." not found.");
 	}
-	::rptMsg("</artifacts></shellfolders>");
+	::rptMsg("</artifacts></WinVersion>");
 }
 1;
\ No newline at end of file
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index 179d40a7f1..7d5569d0b6 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -153,7 +153,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
                 }
                 if(regFilePath.toLowerCase().contains("software"))
                 {
-                    type = "1software";
+                    type = "autopsysoftware";
                 }
                 if(regFilePath.toLowerCase().contains("ntuser"))
                 {
@@ -196,6 +196,7 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
              File regfile = new File(regRecord);
           
            BufferedReader input = new BufferedReader(new InputStreamReader(new FileInputStream(regfile)));
+           regfile.delete();
            String regString = new Scanner(input).useDelimiter("\\Z").next();
            String startdoc = "<document>";
            String result = regString.replaceAll("----------------------------------------","");
@@ -219,6 +220,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
                
                Element artroot = tempnode.getChild("artifacts");
                List artlist = artroot.getChildren();
+               String winver = "";
+               String installdate = "";
             if(artlist.isEmpty()){   
             }
             else{
@@ -229,19 +232,52 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
                  String name = artnode.getAttributeValue("name");
                  String value = artnode.getTextTrim();  
                  Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
-                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
+                
+                   if("recentdocs".equals(context)){
+                       
+               BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
+               bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
                   bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
       
                  bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
-                   if("recentdocs".equals(context)){
-               BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
                 bbart.addAttributes(bbattributes);
                  }
                else if("runMRU".equals(context)){
                 BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_RECENT_OBJECT);
+                bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
+                  bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), "RecentActivity", context, name));
+      
+                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), "RecentActivity", context, value));
+                bbart.addAttributes(bbattributes);
+               }
+                 else if("uninstall".equals(context)){
+                     bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_LAST_ACCESSED.getTypeID(), "RecentActivity", context, time));
+                  bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, value));
+      
+                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, name));
+                     BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
                  bbart.addAttributes(bbattributes);
-    
                 }
+                 else if("WinVersion".equals(context)){
+                     
+                     if(name.contains("ProductName"))
+                     {
+                         winver = value;
+                     }
+                     if(name.contains("CSDVersion")){
+                         winver = winver + " " + value;
+                     }
+                     if(name.contains("InstallDate"))
+                     {
+                      installdate = value;
+                     
+                  bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), "RecentActivity", context, winver));
+      
+                 bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_DATETIME.getTypeID(), "RecentActivity", context, installdate));
+                     BlackboardArtifact bbart = tempDb.getContentById(orgId).newArtifact(ARTIFACT_TYPE.TSK_INSTALLED_PROG);
+                       bbart.addAttributes(bbattributes);
+                    }
+                 }
                else
                {   
                  
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
index 101b0f3a5c..c73c902edf 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
@@ -169,7 +169,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
              StringBuilder nodeWebDownload =  new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
              StringBuilder nodeRecentObjects =  new StringBuilder("<h3>Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody>");
              StringBuilder nodeTrackPoint =  new StringBuilder("<h3>Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
-             StringBuilder nodeInstalled =  new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
+             StringBuilder nodeInstalled =  new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
              StringBuilder nodeKeyword =  new StringBuilder("<h3>Keyword Search Hits (").append(countKeyword).append(")</h3>");
              StringBuilder nodeHash =  new StringBuilder("<h3>Hashset Hits (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
              int alt = 0;
@@ -279,9 +279,8 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
                          nodeTrackPoint.append(artifact);
                     }
                     if(entry.getKey().getArtifactTypeID() == 8){
-                         artifact.append("<tr").append(altRow).append("><td>").append(objId.toString());
-                         artifact.append("</td><td><strong>").append(file.getName().toString()).append("</strong></td>");
-                         artifact.append("<td>").append(filesize.toString()).append("</td>");  
+                        artifact.append("<tr").append(altRow).append("><td><strong>").append(attributes.get(4)).append("</strong></td>");
+                         artifact.append("<td>").append(attributes.get(2)).append("</td>");  
                          artifact.append("</tr>");
                          nodeInstalled.append(artifact);
                     }

From f469c03967484ea1363624823e330574d1c6bbb0 Mon Sep 17 00:00:00 2001
From: Alex Ebadirad <aebadirad@42six.com>
Date: Mon, 26 Mar 2012 12:27:04 -0700
Subject: [PATCH 3/4] Addition of installed prog to reporting section.

Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
---
 .../org/sleuthkit/autopsy/report/report.java  | 21 ++++++++++++
 .../sleuthkit/autopsy/report/reportHTML.java  | 32 +++++++++----------
 .../autopsy/report/reportInterface.java       |  1 +
 .../autopsy/report/reportPanelAction.java     |  2 +-
 4 files changed, 39 insertions(+), 17 deletions(-)

diff --git a/Report/src/org/sleuthkit/autopsy/report/report.java b/Report/src/org/sleuthkit/autopsy/report/report.java
index ae8c5a2a57..e87d4e60ee 100644
--- a/Report/src/org/sleuthkit/autopsy/report/report.java
+++ b/Report/src/org/sleuthkit/autopsy/report/report.java
@@ -196,6 +196,27 @@ public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit() {
     
     return reportMap;
 }
+@Override
+public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg() {
+    HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> reportMap = new HashMap();
+    Case currentCase = Case.getCurrentCase(); // get the most updated case
+    SleuthkitCase tempDb = currentCase.getSleuthkitCase();
+    try
+    {
+        ArrayList<BlackboardArtifact> bbart = tempDb.getBlackboardArtifacts(8);
+        for (BlackboardArtifact artifact : bbart)
+            {
+                ArrayList<BlackboardAttribute> attributes = artifact.getAttributes();
+               reportMap.put(artifact, attributes);    
+            }
+    }
+    catch (Exception e)
+    {
+        Logger.getLogger(report.class.getName()).log(Level.INFO, "Exception occurred", e);
+    }
+    
+    return reportMap;
+}
 
 @Override
 public String getGroupedKeywordHit() {
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
index c73c902edf..539948563d 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportHTML.java
@@ -145,7 +145,7 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
             {
                 formatted_Report.append(ingestwarning);
             }
-             formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<br /><ul>");
+             formatted_Report.append("<h2>Case Summary</h2><p>HTML Report Generated by <strong>Autopsy 3</strong> on ").append(datetime).append("<ul>");
             formatted_Report.append("<li># of Images: ").append(imagecount).append("</li>");
             formatted_Report.append("<li>FileSystems: ").append(filesystemcount).append("</li>");
             formatted_Report.append("<li># of Files: ").append(totalfiles.toString()).append("</li>");
@@ -153,25 +153,25 @@ public reportHTML (HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> re
             formatted_Report.append("<li># of Artifacts: ").append(reportsize).append("</li></ul>");
             
             formatted_Report.append("<br /><table><thead><tr><th>Section</th><th>Count</th></tr></thead><tbody>");
-            formatted_Report.append("<tr><td>Web Bookmarks</td><td>").append(countWebBookmark).append("</td></tr>");
-            formatted_Report.append("<tr><td>Web History</td><td>").append(countWebHistory).append("</td></tr>");
-            formatted_Report.append("<tr><td>Web Downloads</td><td>").append(countWebDownload).append("</td></tr>");
-            formatted_Report.append("<tr><td>Recent Documents</td><td>").append(countRecentObjects).append("</td></tr>");
-            formatted_Report.append("<tr><td>Installed Programs</td><td>").append(countInstalled).append("</td></tr>");
-            formatted_Report.append("<tr><td>Keyword Hits</td><td>").append(countKeyword).append("</td></tr>");
-            formatted_Report.append("<tr><td>Hash Hits</td><td>").append(countHash).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#bookmark\">Web Bookmarks</a></td><td>").append(countWebBookmark).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#history\">Web History</a></td><td>").append(countWebHistory).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#download\">Web Downloads</a></td><td>").append(countWebDownload).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#recent\">Recent Documents</a></td><td>").append(countRecentObjects).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#installed\">Installed Programs</a></td><td>").append(countInstalled).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#keyword\">Keyword Hits</a></td><td>").append(countKeyword).append("</td></tr>");
+            formatted_Report.append("<tr><td><a href=\"#hash\">Hash Hits</a></td><td>").append(countHash).append("</td></tr>");
              formatted_Report.append("</tbody></table><br />");
             String tableHeader = "<table><thead><tr>";
              StringBuilder nodeGen = new StringBuilder("<h3>General Information (").append(countGen).append(")</h3>").append(tableHeader).append("<th>Attribute</th><th>Value</th></tr></thead><tbody>");
              StringBuilder nodeWebBookmark =  new StringBuilder("<h3><a name=\"bookmark\">Web Bookmarks</a> (").append(countWebBookmark).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Title</th><th>Program</th></tr></thead><tbody>");
-             StringBuilder nodeWebCookie =  new StringBuilder("<h3>Web Cookies (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
-             StringBuilder nodeWebHistory =  new StringBuilder("<h3>Web History (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
-             StringBuilder nodeWebDownload =  new StringBuilder("<h3>Web Downloads (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
-             StringBuilder nodeRecentObjects =  new StringBuilder("<h3>Recent Documents (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody>");
-             StringBuilder nodeTrackPoint =  new StringBuilder("<h3>Track Points (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
-             StringBuilder nodeInstalled =  new StringBuilder("<h3>Installed Programs (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
-             StringBuilder nodeKeyword =  new StringBuilder("<h3>Keyword Search Hits (").append(countKeyword).append(")</h3>");
-             StringBuilder nodeHash =  new StringBuilder("<h3>Hashset Hits (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
+             StringBuilder nodeWebCookie =  new StringBuilder("<h3><a name=\"cookie\">Web Cookies</a> (").append(countWebCookie).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Name</th><th>Value</th><th>Program</th></tr></thead><tbody>");
+             StringBuilder nodeWebHistory =  new StringBuilder("<h3><a name=\"history\">Web History</a> (").append(countWebHistory).append(")</h3>").append(tableHeader).append("<th>URL</th><th>Date</th><th>Referrer</th><th>Title</th><th>Program</th></tr></thead><tbody>");
+             StringBuilder nodeWebDownload =  new StringBuilder("<h3><a name=\"download\">Web Downloads</a> (").append(countWebDownload).append(")</h3>").append(tableHeader).append("<th>File</th><th>Source</th><th>Time</th><th>Program</th></tr></thead><tbody>");
+             StringBuilder nodeRecentObjects =  new StringBuilder("<h3><a name=\"recent\">Recent Documents</a> (").append(countRecentObjects).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Path</th><th>Size</th></tr></thead><tbody>");
+             StringBuilder nodeTrackPoint =  new StringBuilder("<h3><a name=\"track\">Track Points</a> (").append(countTrackPoint).append(")</h3>").append(tableHeader).append("<th>Artifact ID</th><th>Name</th><th>Size</th><th>Attribute</th><th>Value</th></tr></thead><tbody>");
+             StringBuilder nodeInstalled =  new StringBuilder("<h3><a name=\"installed\">Installed Programs</a> (").append(countInstalled).append(")</h3>").append(tableHeader).append("<th>Program Name</th><th>Install Date/Time</th></tr></thead><tbody>");
+             StringBuilder nodeKeyword =  new StringBuilder("<h3><a name=\"keyword\">Keyword Search Hits</a> (").append(countKeyword).append(")</h3>");
+             StringBuilder nodeHash =  new StringBuilder("<h3><a name=\"hash\">Hashset Hit</a> (").append(countHash).append(")</h3>").append(tableHeader).append("<th>Name</th><th>Size</th><th>Hashset Name</th></tr></thead><tbody>");
              int alt = 0;
              String altRow = "";
              for (Entry<BlackboardArtifact,ArrayList<BlackboardAttribute>> entry : report.entrySet()) {
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportInterface.java b/Report/src/org/sleuthkit/autopsy/report/reportInterface.java
index ba8f3ef6f1..61ab8b8dfe 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportInterface.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportInterface.java
@@ -22,5 +22,6 @@ public interface reportInterface{
     public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getRecentObject();
     public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getHashHit();
     public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getKeywordHit();
+    public HashMap<BlackboardArtifact,ArrayList<BlackboardAttribute>> getInstalledProg();
     public String getGroupedKeywordHit();
 }
diff --git a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
index 023c29d263..1f3a42ef69 100644
--- a/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
+++ b/Report/src/org/sleuthkit/autopsy/report/reportPanelAction.java
@@ -42,7 +42,7 @@ public class reportPanelAction {
              if(reportlist.contains(5)){Results.putAll(bbreport.getWebDownload());}
              if(reportlist.contains(6)){Results.putAll(bbreport.getRecentObject());}
             // if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
-            // if(reportlist.contains(7)){Results.putAll(bbreport.getGenInfo());}
+             if(reportlist.contains(8)){Results.putAll(bbreport.getInstalledProg());}
              if(reportlist.contains(9)){Results.putAll(bbreport.getKeywordHit());}
              if(reportlist.contains(10)){Results.putAll(bbreport.getHashHit());}
               SwingUtilities.invokeLater(new Runnable() {

From 138edf1d2c0125dee5103e0090a48a34816a15a9 Mon Sep 17 00:00:00 2001
From: Alex Ebadirad <aebadirad@42six.com>
Date: Mon, 26 Mar 2012 12:37:17 -0700
Subject: [PATCH 4/4] Fixed possible delete before buffer has read in full file
 in registryextract

Signed-off-by: Alex Ebadirad <aebadirad@42six.com>
---
 .../org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index 7d5569d0b6..737b2cff7c 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -196,8 +196,8 @@ public void getregistryfiles(List<String> image, IngestImageWorkerController con
              File regfile = new File(regRecord);
           
            BufferedReader input = new BufferedReader(new InputStreamReader(new FileInputStream(regfile)));
-           regfile.delete();
            String regString = new Scanner(input).useDelimiter("\\Z").next();
+           regfile.delete();
            String startdoc = "<document>";
            String result = regString.replaceAll("----------------------------------------","");
            String enddoc = "</document>";

Section	Count
Web Bookmarks	").append(countWebBookmark).append("
Web History	").append(countWebHistory).append("
Web Downloads	").append(countWebDownload).append("
Recent Documents	").append(countRecentObjects).append("
Installed Programs	").append(countInstalled).append("
Keyword Hits	").append(countKeyword).append("
Hash Hits	").append(countHash).append("
Attribute	Value
URL	Title	Program
URL	Title	Program
URL	Date	Name	Value	Program
URL	Date	Referrer	Title	Program
File	Source	Time	Program
Artifact ID	Name	Size	Attribute	Value
Artifact ID	Name	Size	Attribute	Value
Artifact ID	Name	Size	Hashset Name
Name	Size	Hashset Name
").append(attributes.get(1)).append("	").append(attributes.get(1)).append("	").append(attributes.get(3)).append("	").append(attributes.get(4)).append("
").append(attributes.get(1)).append("	").append(attributes.get(1)).append("	").append(attributes.get(2)).append("	").append(attributes.get(3)).append("	").append(attributes.get(6)).append("
").append(attributes.get(1)).append("	").append(attributes.get(2)).append("	").append(attributes.get(1)).append("	").append(attributes.get(33)).append("	").append(attributes.get(32)).append("	").append(attributes.get(3)).append("	").append(attributes.get(4)).append("
").append(attributes.get(8)).append("	").append(attributes.get(8)).append("	").append(attributes.get(1)).append("	").append(attributes.get(2)).append("	").append(attributes.get(33)).append("	").append(attributes.get(4)).append("
").append(objId.toString()); - artifact.append("	").append(file.getName().toString()).append("
").append(objId.toString()); + artifact.append("	").append(attributes.get(6)).append("	").append(attributes.get(5)).append("	").append(filesize.toString()).append("
").append(objId.toString()); + artifact.append("	").append(objId.toString()); artifact.append("	").append(file.getName().toString()).append("	").append(filesize.toString()).append("
").append(objId.toString()); + artifact.append("	").append(objId.toString()); artifact.append("	").append(file.getName().toString()).append("	").append(filesize.toString()).append("
").append(objId.toString()); - artifact.append("	").append(file.getName().toString()).append("
").append(objId.toString()); + artifact.append("	").append(file.getName().toString()).append("	").append(filesize.toString()).append("	").append(attributes.get(31)).append("	").append(attributes.get(30)).append("