Merge pull request #6919 from APriestman/7393_hostDoc

7393 Host doc

docs/doxygen-user/data_sources.dox

@@ -25,6 +25,18 @@ The data source must remain accessible for the duration of the analysis because
 
 Regardless of the type of data source, there are some common steps in the process:
 <ol>
+
+<li> You will choose the host for the data source you are going to add. See the \ref host_page "hosts page" for more information about hosts.
+
+\image html data_source_host_select.png
+
+There are three options:
+<ul>
+<li> <b>Generate new host based on data source name</b> - this will typically create a host with a name similar to your data source with the ID used in the database appended for uniqueness.
+<li> <b>Specify new host name</b> - this allows you to enter a host name.
+<li> <b>Use existing host</b> - this allows you to choose a host name already in use in the current case.
+</ul>
+
 <li> You will select the type of data source.
 
 \image html select-data-source-type.PNG

docs/doxygen-user/hosts.dox

@@ -0,0 +1,50 @@
+/*! \page host_page Hosts
+
+
+[TOC]
+
+\section host_use Using Hosts
+
+\subsection host_wizard Associating a Data Source With a Host
+
+Every data source must be associated with a host. The first step in the \ref ds_add "add data source process" is to select a host for the data source you are about to add to the case. This host can be auto-generated, entered by the user, or selected from the list of hosts already present in the case.
+
+\image html data_source_host_select.png
+
+\subsection host_view Viewing Hosts
+
+Hosts are displayed in the \ref tree_viewer_page. Depending on the \ref view_options_page selected, hosts may be grouped together under persons. 
+
+\image html ui_tree_top_ds.png
+
+\subsection host_os_accounts OS Accounts
+
+OS accounts can be viewed in the OS Accounts node under Results. Each OS account is associated with a host, and the host information is displayed in the OS Account tab of the content viewer.
+
+\image html host_os_accounts.png
+
+\section host_management Managing Hosts
+
+\subsection host_menu Manage Hosts Menu
+
+Go to Case->Manage Hosts to open the host management panel.
+
+\image html manage_hosts.png
+
+Here you can see all hosts in the case, add new hosts, change the name of an existing host, and delete hosts that are not in use. 
+
+\subsection host_merge Merging Hosts
+
+Over the course of processing a case, it may become clear that two (or more) hosts should be combined. Merging one host into another will move all data sources from the source host into the destination host and move or combine any OS accounts found.
+
+
+To merge hosts, right-click on the host you want to merge into another host.
+
+\image html host_merge.png
+
+A confirmation dialog will display stating that this can not be undone. After proceeding, the hosts will be merged together and the tree viewer node will update showing the combined data.
+
+\image html host_merge_result.png
+
+
+*/

docs/doxygen-user/tree_viewer.dox

@@ -4,20 +4,37 @@
 
 
 The tree on the left-hand side of the main window is where you can browse the files in the data sources in the case and find saved results from automated analyis (ingest). The tree has five main areas:
-- <b>Data Sources:</b> This shows the directory tree hierarchy of the data sources. You can navigate to a specific file or directory here. Each data source added to the case is represented as a distinct sub tree. If you add a data source multiple times, it shows up multiple times.
+- <b>Persons / Hosts / Data Sources:</b> This shows the directory tree hierarchy of the data sources. You can navigate to a specific file or directory here. Each data source added to the case is represented as a distinct sub tree. If you add a data source multiple times, it shows up multiple times.
 - <b>Views:</b> Specific types of files from the data sources are shown here, aggregated by type or other properties. Files here can come from more than one data source.
 - <b>Results:</b> This is where you can see the results from both the automated analysis (ingest) running in the background and your search results.
 - <b>Tags:</b> This is where files and results that have been \ref tagging_page "tagged" are shown.
 - <b>Reports:</b> Reports that you have generated, or that ingest modules have created, show up here.
 
-You can also use the "Group by data source" option available through the \ref view_options_page to move the Views, Results, and Tags tree nodes under their corresponding data sources. This can be helpful on very large cases to reduce the size of each sub tree. For example:
+You can also use the "Group by Person/Host" option available through the \ref view_options_page to move the Views, Results, and Tags tree nodes under their corresponding person and host. This can be helpful on very large cases to reduce the size of each sub tree.
 
-\image html ui_layout_group_tree.PNG
+\section ui_tree_ds Persons / Hosts / Data Sources
+By default, the top node of the tree viewer will contain all data sources in the case. The Data Sources node is organized by host and then the data source itself. Right clicking on the various nodes in the Data Sources area of the tree will allow you to get more options for each data source and its contents. 
 
-\section ui_tree_ds Data Sources
+\image html ui_tree_top_ds.png
 
-The Data Sources area shows each data source that has been added to the case, in order added (top one is first).
-Right clicking on the various nodes in the Data Sources area of the tree will allow you to get more options for each data source and its contents. 
+If the "Group by Person/Host" option has been selected in the \ref view_options_group "View Options", the hosts and data sources will be organized under any persons that have been associated with the hosts. Additionally, the rest of the nodes (Views, Results, etc) will be found under each data source.
+
+\image html ui_tree_top_persons.png
+
+\subsection ui_tree_persons Persons
+
+If the "Group by Person/Host" option in the \ref view_options_group "View Options" has been set, the top level nodes will display persons. Persons are manually created and can be associated with one or more hosts. To add or remove a person from a host, right-click on the host and select the appropriate option.
+
+\image html ui_person_select.png
+
+You can edit and delete persons by right-clicking on the node.
+
+\subsection ui_tree_hosts Hosts
+
+All data sources are organized under host nodes. See the \ref host_page "hosts page" for more information on using hosts.
+
+\subsection ui_tree_ds_node Data Sources
+Under the hosts are the nodes for each data source. 
 
 Unallocated space is the chunks of a file system that are currently not being used for anything. Unallocated space can hold deleted files and other interesting artifacts. In an image data source, unallocated space is stored in blocks with distinct locations in the file system. However, because of the way carving tools work, it is better to feed these tools a single, large unallocated space file. Autopsy provides access to both methods of looking at unallocated space.
 \li <b>Individual blocks in a volume</b>  For each volume, there is a "virtual" folder named "$Unalloc". This folder contains all the individual unallocated blocks in contiguous runs (unallocated space files) as the image is storing them. You can right click and extract any unallocated space file the same way you can extract any other type of file in the Data Sources area.

docs/doxygen-user/view_options.dox

@@ -66,11 +66,15 @@ If you have a \ref machine_translation_page module installed, this option will a
 
 The settings in this section only apply to the current case.
 
-\subsection view_options_group Group by data source
+\subsection view_options_group Data Source Grouping
 
-The "Group by data source" option allows you to separate all elements in the \ref ui_tree by data source. This can help nodes load faster on large cases.
+The options here allow you to choose how to display data in the \ref ui_tree. The top option ("Group by Data Type") displays combined results for all data sources. All nodes on the tree will contain combined results for all data sources in the case.
 
-\image html ui_layout_group_tree.PNG
+\image html views_standard_tree.png
+
+The second option ("Group by Person/Host") separates the results for each data source, and organizes the data sources by \ref ui_tree_persons "person" and \ref ui_tree_hosts "host". 
+
+\image html views_grouped_tree.png
 
 \section view_options_session Current Session Settings