mstoeck3/autopsy-flatpak
1
0
Fork 0
mirror of https://github.com/overcuriousity/autopsy-flatpak.git synced 2025-07-06 21:00:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

using score constants

Browse Source
This commit is contained in:
Greg DiCristofaro 2021-06-02 13:45:50 -04:00
parent b4937e1830
commit 7f69ee0b62
18 changed files with 22 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
View File

@ -63,8 +63,6 @@ import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
import org.sleuthkit.datamodel.Score;
import org.sleuthkit.datamodel.Score.Priority;
import org.sleuthkit.datamodel.Score.Significance;
/**
* Listen for ingest events and update entries in the Central Repository
@ -72,7 +70,6 @@ import org.sleuthkit.datamodel.Score.Significance;
*/
@NbBundle.Messages({"IngestEventsListener.ingestmodule.name=Central Repository"})
public class IngestEventsListener {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Significance.LIKELY_NOTABLE, Priority.NORMAL);
private static final Logger LOGGER = Logger.getLogger(CorrelationAttributeInstance.class.getName());
private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.DATA_SOURCE_ANALYSIS_COMPLETED);
private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(DATA_ADDED);
@ -267,7 +264,7 @@ public class IngestEventsListener {
// Create artifact if it doesn't already exist.
if (!blackboard.artifactExists(abstractFile, TSK_INTERESTING_ARTIFACT_HIT, attributesForNewArtifact)) {
BlackboardArtifact newInterestingArtifact = abstractFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_ARTIFACT_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_ARTIFACT_HIT, Score.SCORE_LIKELY_NOTABLE,
null, configuration, null, attributesForNewArtifact)
.getAnalysisResult();

3
Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java
View File

@ -67,7 +67,6 @@ import org.sleuthkit.datamodel.Score;
final class CentralRepoIngestModule implements FileIngestModule {
private static final String MODULE_NAME = CentralRepoIngestModuleFactory.getModuleName();
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
static final boolean DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS = false;
static final boolean DEFAULT_FLAG_PREVIOUS_DEVICES = false;
static final boolean DEFAULT_CREATE_CR_PROPERTIES = true;
@ -346,7 +345,7 @@ final class CentralRepoIngestModule implements FileIngestModule {
// Create artifact if it doesn't already exist.
if (!blackboard.artifactExists(abstractFile, TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact tifArtifact = abstractFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
null, Bundle.CentralRepoIngestModule_prevTaggedSet_text(), null, attributes)
.getAnalysisResult();
try {

4
Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java
View File

@ -100,8 +100,6 @@ final class AddLogicalImageTask implements Runnable {
}
}
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private final static Logger LOGGER = Logger.getLogger(AddLogicalImageTask.class.getName());
private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
private final static String USERS_TXT = "_users.txt"; //NON-NLS
@ -446,7 +444,7 @@ final class AddLogicalImageTask implements Runnable {
try {
artifact = this.blackboard.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, fileId, dataSourceId,
LIKELY_NOTABLE_SCORE,
Score.SCORE_LIKELY_NOTABLE,
null, ruleSetName, null,
Arrays.asList(
new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),

3
Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
View File

@ -51,7 +51,6 @@ import org.sleuthkit.datamodel.TskDataException;
*/
public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
private static final Logger logger = Logger.getLogger(DataSourceIntegrityIngestModule.class.getName());
private static final long DEFAULT_CHUNK_SIZE = 32 * 1024;
private static final IngestServices services = IngestServices.getInstance();
@ -297,7 +296,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
BlackboardArtifact verificationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().getBlackboard().newAnalysisResult(
BlackboardArtifact.Type.TSK_VERIFICATION_FAILED,
img.getId(), img.getId(),
NOTABLE_SCORE,
Score.SCORE_NOTABLE,
null, null, artifactComment,
Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)))

6
Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java
View File

@ -89,8 +89,6 @@ class SevenZipExtractor {
private static final Logger logger = Logger.getLogger(SevenZipExtractor.class.getName());
private static final String MODULE_NAME = EmbeddedFileExtractorModuleFactory.getModuleName();
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
//encryption type strings
private static final String ENCRYPTION_FILE_LEVEL = NbBundle.getMessage(EmbeddedFileExtractorIngestModule.class,
@ -321,7 +319,7 @@ class SevenZipExtractor {
if (!blackboard.artifactExists(archiveFile, TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact artifact = archiveFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
null, setName, null,
attributes)
.getAnalysisResult();
@ -864,7 +862,7 @@ class SevenZipExtractor {
try {
BlackboardArtifact artifact = archiveFile.newAnalysisResult(
new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED),
NOTABLE_SCORE,
Score.SCORE_NOTABLE,
null, null, encryptionType,
Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, encryptionType)))
.getAnalysisResult();

6
Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java
View File

@ -47,8 +47,6 @@ import org.sleuthkit.datamodel.VolumeSystem;
*/
final class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModule {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
private final IngestServices services = IngestServices.getInstance();
private final Logger logger = services.getLogger(EncryptionDetectionModuleFactory.getModuleName());
private Blackboard blackboard;
@ -106,7 +104,7 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
return ProcessResult.OK;
}
if (BitlockerDetection.isBitlockerVolume(volume)) {
return flagVolume(volume, BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, NOTABLE_SCORE,
return flagVolume(volume, BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, Score.SCORE_NOTABLE,
Bundle.EncryptionDetectionDataSourceIngestModule_artifactComment_bitlocker());
}
@ -114,7 +112,7 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
return ProcessResult.OK;
}
if (isVolumeEncrypted(volume)) {
return flagVolume(volume, BlackboardArtifact.Type.TSK_ENCRYPTION_SUSPECTED, LIKELY_NOTABLE_SCORE,
return flagVolume(volume, BlackboardArtifact.Type.TSK_ENCRYPTION_SUSPECTED, Score.SCORE_LIKELY_NOTABLE,
String.format(Bundle.EncryptionDetectionDataSourceIngestModule_artifactComment_suspected(), calculatedEntropy));
}
}

6
Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java
View File

@ -64,8 +64,6 @@ import org.xml.sax.SAXException;
final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter {
private static final int FILE_SIZE_MODULUS = 512;
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
private static final String DATABASE_FILE_EXTENSION = "db";
private static final int MINIMUM_DATABASE_FILE_SIZE = 65536; //64 KB
@ -158,10 +156,10 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
*/
String mimeType = fileTypeDetector.getMIMEType(file);
if (mimeType.equals("application/octet-stream") && isFileEncryptionSuspected(file)) {
return flagFile(file, BlackboardArtifact.Type.TSK_ENCRYPTION_SUSPECTED, LIKELY_NOTABLE_SCORE,
return flagFile(file, BlackboardArtifact.Type.TSK_ENCRYPTION_SUSPECTED, Score.SCORE_LIKELY_NOTABLE,
String.format(Bundle.EncryptionDetectionFileIngestModule_artifactComment_suspected(), calculatedEntropy));
} else if (isFilePasswordProtected(file)) {
return flagFile(file, BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, NOTABLE_SCORE,
return flagFile(file, BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, Score.SCORE_NOTABLE,
Bundle.EncryptionDetectionFileIngestModule_artifactComment_password());
}
}

4
Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java
View File

@ -39,7 +39,6 @@ import org.sleuthkit.autopsy.modules.filetypeid.FileTypeDetector;
import org.sleuthkit.datamodel.AbstractFile;
import org.sleuthkit.datamodel.Blackboard;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
import org.sleuthkit.datamodel.Score;
import org.sleuthkit.datamodel.TskData;
import org.sleuthkit.datamodel.TskData.FileKnown;
@ -53,7 +52,6 @@ import org.sleuthkit.datamodel.TskException;
"FileExtMismatchIngestModule.readError.message=Could not read settings."
})
public class FileExtMismatchIngestModule implements FileIngestModule {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Logger logger = Logger.getLogger(FileExtMismatchIngestModule.class.getName());
private final IngestServices services = IngestServices.getInstance();
@ -147,7 +145,7 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
// add artifact
BlackboardArtifact bart = abstractFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_EXT_MISMATCH_DETECTED, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_EXT_MISMATCH_DETECTED, Score.SCORE_LIKELY_NOTABLE,
null, null, justification, Collections.emptyList())
.getAnalysisResult();

3
Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java
View File

@ -49,7 +49,6 @@ import org.sleuthkit.datamodel.TskCoreException;
*/
@NbBundle.Messages({"CannotRunFileTypeDetection=Unable to run file type detection."})
public class FileTypeIdIngestModule implements FileIngestModule {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName());
private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs = new HashMap<>();
@ -165,7 +164,7 @@ public class FileTypeIdIngestModule implements FileIngestModule {
// Create artifact if it doesn't already exist.
if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact artifact = file.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
null, fileType.getInterestingFilesSetName(), null,
attributes)
.getAnalysisResult();

4
Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java
View File

@ -511,9 +511,9 @@ public class HashDbIngestModule implements FileIngestModule {
}
switch (knownFilesType) {
case KNOWN:
return new Score(Significance.NONE, Score.Priority.NORMAL);
return Score.SCORE_NONE;
case KNOWN_BAD:
return new Score(Significance.NOTABLE, Score.Priority.NORMAL);
return Score.SCORE_NOTABLE;
default:
case NO_CHANGE:
return Score.SCORE_UNKNOWN;

3
Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java
View File

@ -53,7 +53,6 @@ import org.sleuthkit.datamodel.TskData;
*/
@NbBundle.Messages({"FilesIdentifierIngestModule.getFilesError=Error getting interesting files sets from file."})
final class FilesIdentifierIngestModule implements FileIngestModule {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Object sharedResourcesLock = new Object();
private static final Logger logger = Logger.getLogger(FilesIdentifierIngestModule.class.getName());
@ -145,7 +144,7 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
// Create artifact if it doesn't already exist.
if (!blackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact artifact = file.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
null, filesSet.getName(), null,
attributes)
.getAnalysisResult();

3
Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestHelper.java
View File

@ -46,7 +46,6 @@ import org.sleuthkit.datamodel.TskCoreException;
*/
final class YaraIngestHelper {
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
private static final String YARA_DIR = "yara";
private static final String YARA_C_EXE = "yarac64.exe";
private static final String MODULE_NAME = YaraIngestModuleFactory.getModuleName();
@ -207,7 +206,7 @@ final class YaraIngestHelper {
attributes.add(new BlackboardAttribute(TSK_SET_NAME, MODULE_NAME, ruleSetName));
attributes.add(new BlackboardAttribute(TSK_RULE, MODULE_NAME, rule));
BlackboardArtifact artifact = abstractFile.newAnalysisResult(BlackboardArtifact.Type.TSK_YARA_HIT, NOTABLE_SCORE, null, ruleSetName, rule, attributes)
BlackboardArtifact artifact = abstractFile.newAnalysisResult(BlackboardArtifact.Type.TSK_YARA_HIT, Score.SCORE_NOTABLE, null, ruleSetName, rule, attributes)
.getAnalysisResult();
artifacts.add(artifact);

3
Core/src/org/sleuthkit/autopsy/report/modules/stix/StixArtifactData.java
View File

@ -42,7 +42,6 @@ import org.sleuthkit.datamodel.TskCoreException;
*
*/
class StixArtifactData {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final String MODULE_NAME = "Stix";
private AbstractFile file;
@ -89,7 +88,7 @@ class StixArtifactData {
// Create artifact if it doesn't already exist.
if (!blackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact bba = file.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
null, setName, null,
attributes)
.getAnalysisResult();

3
Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java
View File

@ -56,7 +56,6 @@ import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
* artifacts.
*/
class VolatilityProcessor {
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final Logger logger = Logger.getLogger(VolatilityProcessor.class.getName());
private static final String VOLATILITY = "Volatility"; //NON-NLS
@ -384,7 +383,7 @@ class VolatilityProcessor {
// Create artifact if it doesn't already exist.
if (!blackboard.artifactExists(resolvedFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
BlackboardArtifact volArtifact = resolvedFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, Score.SCORE_LIKELY_NOTABLE,
null, setName, null,
attributes)
.getAnalysisResult();

3
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java
View File

@ -61,7 +61,6 @@ class LuceneQuery implements KeywordSearchQuery {
static final int SNIPPET_LENGTH = 50;
static final String HIGHLIGHT_FIELD = Server.Schema.TEXT.toString();
private static final Score KEYWORD_SEARCH_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT);
/**
@ -265,7 +264,7 @@ class LuceneQuery implements KeywordSearchQuery {
try {
return content.newAnalysisResult(
BlackboardArtifact.Type.TSK_KEYWORD_HIT, KEYWORD_SEARCH_SCORE,
BlackboardArtifact.Type.TSK_KEYWORD_HIT, Score.SCORE_LIKELY_NOTABLE,
null, listName, null,
attributes)
.getAnalysisResult();

3
KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java
View File

@ -72,7 +72,6 @@ import org.sleuthkit.datamodel.TskData;
final class RegexQuery implements KeywordSearchQuery {
public static final Logger LOGGER = Logger.getLogger(RegexQuery.class.getName());
private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.Priority.NORMAL);
/**
* Lucene regular expressions do not support the following Java predefined
@ -615,7 +614,7 @@ final class RegexQuery implements KeywordSearchQuery {
try {
return content.newAnalysisResult(
BlackboardArtifact.Type.TSK_KEYWORD_HIT, LIKELY_NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_KEYWORD_HIT, Score.SCORE_LIKELY_NOTABLE,
null, listName, null, attributes)
.getAnalysisResult();
} catch (TskCoreException e) {

3
RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java
View File

@ -69,7 +69,6 @@ import org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper;
* Chromium recent activity extraction
*/
class Chromium extends Extract {
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
private static final String HISTORY_QUERY = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " //NON-NLS
+ "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) AS from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; //NON-NLS
@ -833,7 +832,7 @@ class Chromium extends Extract {
bbartifacts.add(
webDataFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, NOTABLE_SCORE,
BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, Score.SCORE_NOTABLE,
null, null, comment, bbattributes).getAnalysisResult());
}
} catch (NoCurrentCaseException | TskCoreException | Blackboard.BlackboardException ex) {

3
thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
View File

@ -75,7 +75,6 @@ import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.Fil
* structure and metadata.
*/
public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.Priority.NORMAL);
private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName());
private final IngestServices services = IngestServices.getInstance();
@ -247,7 +246,7 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
"ThunderbirdMboxFileIngestModule.encryptionFileLevel");
BlackboardArtifact artifact = abstractFile.newAnalysisResult(
BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED,
NOTABLE_SCORE, null, null, encryptionFileLevel, Arrays.asList(
Score.SCORE_NOTABLE, null, null, encryptionFileLevel, Arrays.asList(
new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME,
EmailParserModuleFactory.getModuleName(),
encryptionFileLevel)