Merge pull request #2011 from delftswa2016/Documentation

Spelling mistakes in docs folder are fixed

docs/doxygen-user/filetype.dox

@@ -36,6 +36,6 @@ This module does not have obvious impacts in the user interface, though it is us
 
 To see the file type of an individual file, view the "Results" tab in the lower right when you navigate to the file. You should see a page in there that mentions the file type.
 
-The Views area of the tree does not take the results of this module into account. That part of the tree relies on extension.  We will be upating it in the future to rely on extension when there is no output from this module for the file. 
+The Views area of the tree does not take the results of this module into account. That part of the tree relies on extension.  We will be updating it in the future to rely on extension when there is no output from this module for the file. 
 
 */

docs/doxygen-user/image_gallery.dox

@@ -10,10 +10,10 @@ The new image gallery feature has been designed specifically with child-exploita
 This document assumes basic familiarity with Autopsy. 
 Quick Start 
 ===========
-1. The Image Gallery tool can be configured to collect data about images/videos as ingest runs or all at once after ingest.  To change this setting go to "Tools", "Options", "Image /Video Gallery".  This setting is saved per case, but can not be changed during ingest. See the Options window for more details
+1. The Image Gallery tool can be configured to collect data about images/videos as ingest runs or all at once after ingest.  To change this setting go to "Tools", "Options", "Image /Video Gallery".  This setting is saved per case, but cannot be changed during ingest. See the Options window for more details
 2. Create a case as normal and add a disk image (or folder of files) as a data source.  Ensure that you have the hash lookup module enabled with NSRL and known bad hashsets, the EXIF module enabled, and the File Type module enabled. 
 3. Click "Tools", "View Images/Videos" in the menu.  This will open the  Autopsy Image/Video Analysis tool in a new window.
-4. Groups of images will be presented as they are analyzed by the background ingest modules.  You can later resort and regroup, but it is required to keep it grouped by folder while ingest is still ongoing. 
+4. Groups of images will be presented as they are analyzed by the background ingest modules.  You can later resort and regroup, but it is required to keep it grouped by folder while ingest is still on-going. 
 5. As each group is reviewed, the next highest priority group is presented, according to a sorting criteria (the default is the density of hash set hits).
 6. Images that were hits from hashsets, will have a dashed border around them.
 7. You can use the menu bar on the top of the group to categorize the entire group.
@@ -94,7 +94,7 @@ In slide show mode a group shows only one file at a time at an increased size.
 
 Table/Tree of contents
 ----------------------
-The section in the top left with tabs labeled “Contents” and “Hash Hits” provides an overview of the groups of files in the case.  It changes to reflect the current Group By setting: for hierarchical groupings (path) it shows a tree of folders (folders containing images/videos (groups) are marked with a distinctive icon ), and for other groupings it shows only a flat list.  
+The section in the top left with tabs labelled “Contents” and “Hash Hits” provides an overview of the groups of files in the case.  It changes to reflect the current Group By setting: for hierarchical groupings (path) it shows a tree of folders (folders containing images/videos (groups) are marked with a distinctive icon ), and for other groupings it shows only a flat list.  
 
 Each group shows the number of files that hit against configured Hash DBs during ingest (hash hits) and the total number of image/video files as a ratio (hash hits / total) after its name.  By selecting groups in the tree/list you can navigate directly to them in the main display area.  If the Hash Hits tab is selected only groups containing files that have hash hits are shown.    
 

docs/doxygen-user/ingest.dox

@@ -23,7 +23,7 @@ There are two ways to start ingest modules:
 -# Immediately after you add a data source
 -# By right-clicking on a data source from the tree in the main interface and choosing "Run Ingest Modules"
 
-Once ingest is started, you can review the currently running ingest tasks in the task bar on the bottom-right corner of the main window. The ingest tasks can be canceled by the user if so desired.
+Once ingest is started, you can review the currently running ingest tasks in the task bar on the bottom-right corner of the main window. The ingest tasks can be cancelled by the user if so desired.
 
 <b>Note: sometimes the cancellation process may take several seconds or more to complete cleanly, depending on what the ingest module was currently doing. </b>
 

docs/doxygen-user/stix.dox

@@ -16,7 +16,7 @@ Quick Start
 -# After the image has been added and ingest is complete, click the Report button then select STIX. Next choose either a single STIX file or a directory of STIX files to run against the image. It is possible to do this while ingest is running but the results will be incomplete.
 -# Once the STIX report module is complete, there will be two sets of results:
     - Entries will be created under Interesting Items in the Autopsy tree, under a subheading for each indicator.
-    - A log of which indicators/observables were found is generated by the report module (Follow the link on the Report Generation Progess window)
+    - A log of which indicators/observables were found is generated by the report module (Follow the link on the Report Generation Progress window)
 
 
 Supported CybOX Objects
@@ -93,7 +93,7 @@ See http://cybox.mitre.org for more information on CybOX Objects.
 Limitations
 ===========
 - As shown in the list above, not all CybOX objects/fields are currently supported. When an unsupported object/field is found in an observable, its status is set to "indeterminate" instead of true or false. These indeterminate fields will not change the result of the observable composition (i.e., if the rest is true, the overall result will stay as true).
-- Not all ConditionTypeEnum values are supported. It varies by field, but generally on String fields the following work: EQUALS, DOES_NOT_EQUAL, CONTAINS, DOES_NOT_CONTAIN, STARTS_WITH, ENDS_WITH. If a condtion type is not supported there will be a warning in the log file.
+- Not all ConditionTypeEnum values are supported. It varies by field, but generally on String fields the following work: EQUALS, DOES_NOT_EQUAL, CONTAINS, DOES_NOT_CONTAIN, STARTS_WITH, ENDS_WITH. If a condition type is not supported there will be a warning in the log file.
 - Related objects are not processed
 
 

docs/doxygen-user/tagging.dox

@@ -12,7 +12,7 @@ Which to choose depends upon the context and what you desire in the final report
 
 \image html tagging-1.PNG
 
-Once you have choosen to tag the file or the result, there are two more options:
+Once you have chosen to tag the file or the result, there are two more options:
 - Quick Tag -- use this if you just want the tag
 - Tag and Comment -- use this if you need to add a comment about this tag
 

docs/doxygen-user/timeline.dox

@@ -7,7 +7,7 @@ This document assumes basic familiarity with Autopsy.
 Quick Start 
 ===========
 -# Create a case as normal and add a disk image (or folder of files) as a data source.  To get the most out of the timeline, ensure that you have the hash lookup module enabled with NSRL (to ignore known files) and have the EXIF and recent activity modules enabled to collect additional temporal data. 
--# After the image has been added, click "Tools", "Timeline" in the menu.  This will open the  Timeline tool in a new window. You can do this while ingest is running, but you will not have access to the temporal data that will be found after you create the timeline, unless you re-open the timeline tool. 
+-# After the image has been added, click "Tools", "Timeline" in the menu.  This will open the Timeline tool in a new window. You can do this while ingest is running, but you will not have access to the temporal data that will be found after you create the timeline, unless you re-open the timeline tool. 
                    
 
 
@@ -136,7 +136,7 @@ Visualization Area: Counts View
 -------------------------------
 The Counts View shows a stacked bar chart with time periods along the x-axis and event counts along the y-axis.  The height of each bar represents the number of events that occurred in that time period.  The different colored segments represent different event types. Right clicking the bars brings up a context menu with selection and zooming actions.
 
-The only setting specific to the Counts View is what kind of vertical scale to use.  The default linear scale is good for many use cases.  When this scale is selected, the height of the bars represents the counts in a linear, one-to-one fashion, and the y-axis is labeled with values. When the range of count values is very large, date ranges with relatively low counts have a bar that may be too small to see.  To help avoid the misperception of this as no events, the labels for time periods with events are bold relative to the labels for time periods with no events.
+The only setting specific to the Counts View is what kind of vertical scale to use.  The default linear scale is good for many use cases.  When this scale is selected, the height of the bars represents the counts in a linear, one-to-one fashion, and the y-axis is labelled with values. When the range of count values is very large, date ranges with relatively low counts have a bar that may be too small to see.  To help avoid the misperception of this as no events, the labels for time periods with events are bold relative to the labels for time periods with no events.
 To see the events when the bar for a period is too small, there are three options:  adjust the window size so that the visualization area has more vertical space, adjust the time range shown so that time periods with relatively much larger bars are excluded, or adjust the scale setting to square root or logarithmic.  The square root and logarithmic scales represent the number of events in a non linear way that compresses the difference between very large and very small numbers. Note that even with the logarithmic scale, an extremely large difference in counts may still produce bars too small to see.  In this case the only option may be to exclude events to reduce the difference in counts.
 Because the square root and logarithmic scales are applied to each event type separately, the height of the combined bar is not very meaningful, and to emphasize this, no labels are shown on the y-axis. The non-linear scales should be used to quickly compare the counts relative across _time within a type, or across types for one time period, but not both_. The exact numbers (available in tooltips or the result viewer) should be used for absolute comparisons.  Use the non-linear scales with care.
 

docs/doxygen/platformConcepts.dox

@@ -2,7 +2,7 @@
 
 
 
-This page covers the motivation for and basics of Autopsy modules.  It applies to both Java and Python modules.  Later pages will focus on getting the devevelopment environment setup and how to write specific modules. 
+This page covers the motivation for and basics of Autopsy modules.  It applies to both Java and Python modules.  Later pages will focus on getting the development environment setup and how to write specific modules. 
 
 \section platform_motivation Why Write Modules?
 
@@ -18,7 +18,7 @@ The main reason for considering writing an Autopsy module instead of a stand-alo
 Autopsy was designed to be an extensible platform for other developers to leverage. There are several places in the platform where plug-in modules can be applied. 
 - <b>Ingest Modules:</b> These modules are run when a new data source (such as a disk image) is added to a case (and can be re-run afterwards too).  These modules come in two forms:
  - File Ingest Modules are called for every file in the data source.  Use this type of module if you want to examine the contents of all or most of the files.  Examples include hash calculation, hash lookup, file type identification, and entropy calculation.  These modules are passed in a reference to a file to analyze. 
- - Data Source Ingest Modules are called once for every image or set of logical files.  These modules can use the database to query for one or more files and perform analysis on them.  Examples include web artifact analysis and searches that can rely only file names and extensions.  Note that these modules will not have access to the contents of ZIP files.  These modules are also often used when wrapping an executabe that takes a disk image in as input. 
+ - Data Source Ingest Modules are called once for every image or set of logical files.  These modules can use the database to query for one or more files and perform analysis on them.  Examples include web artifact analysis and searches that can rely only file names and extensions.  Note that these modules will not have access to the contents of ZIP files.  These modules are also often used when wrapping an executable that takes a disk image in as input. 
 See \ref mod_ingest_page for details on building these modules. 
 - <b>Report Modules:</b> These modules are (typically) run after the user has reviewed results and tagged files.  Their intention is to create an output report of the results, but they can also be used to perform analysis. See \ref mod_report_page for details on creating these modules. 
 - <b>Content Viewers:</b> These modules are graphical and focus on displaying a specific file in some unique way. These are the modules in the lower right of the interface.  The platform comes with viewers to view the file in hexadecimal, extract the strings from the file, and view images and movies.  See \ref mod_content_page for details on creating these modules. 

docs/doxygen/regressionTesting.dox

@@ -81,7 +81,7 @@ Other commands can be issued by adding the following arguments to the script
     -r, --rebuild
 Rebuild the gold standards from the test results for each image.
     -i, --ignore
-Ignores the ./input directory when searching for files. Only use in combinatin with a configuration file.
+Ignores the ./input directory when searching for files. Only use in combination with a configuration file.
     -u, --unallocated
 Ignores unallocated space when ingesting. Faster, but yields less accurate results.
     -k, --keep
@@ -153,7 +153,7 @@ For additional details regarding setting up and using Jemmy, please see
 	
 
 
-The Jemmy UI framework includes elements such as buttons, frames, dialog boxes and wizards. In order to manipulate these elements programatically, the associated ContainerOperators must be used. RegressionTest.java makes use of the following major operators:
+The Jemmy UI framework includes elements such as buttons, frames, dialog boxes and wizards. In order to manipulate these elements programmatically, the associated ContainerOperators must be used. RegressionTest.java makes use of the following major operators:
 	
 	JButtonOperator
 	JDialogOperator
@@ -174,7 +174,7 @@ For example, to find a JDialog whose display name is the string "Hash Database C
 
 	JDialog hashMainDialog =  JDialogOperator.waitJDialog("Hash Database Configuration", false, false);
 
-The two booleans are for searching the exact string including subsrtings, and for searching case sensitively. 
+The two booleans are for searching the exact string including substrings, and for searching case sensitively. 
 
 Note that the method used is called '.waitJDialog', and not '.findJDialog'. This is an important distinction regarding thoroughness of the find, but the functionality of the same. Refer to the link on Jemmy above for greater detail.
 
@@ -194,7 +194,7 @@ For further reference regarding ContainerOperators, please see
 	http://www.jarvana.com/jarvana/view/org/netbeans/jemmy/2.2.7.5/jemmy-2.2.7.5-javadoc.jar!/org/netbeans/jemmy/operators/ContainerOperator.html
 
 
-When an element has been selected, the individual components may be manipluated with ContainerOperators. 
+When an element has been selected, the individual components may be manipulated with ContainerOperators. 
 To select a button, use the code below, where cont is one of the ContainerOperators from above, text is the text displayed on the button, and index is the button's order if there are multiple with the same name (i.e. if there are three buttons labeled <20>preview<65>, the first's index is 0, then 1, then 2).
 
 JbuttonOperator jbo = new JbuttonOperator(ContainerOperator cont, String text, int index);

docs/doxygen/workflow.dox

@@ -27,7 +27,7 @@ If you want to develop a module that analyzes drive data, then this is probably
 
 The UI has three main areas.  The tree on the left-hand side, the result viewers in the upper right, and the content viewers in the lower right.  Data passes between these areas by encapsulating them in Netbeans Node objects (see org.openide.nodes.Node).  These allow Autopsy to generically handle all types of data.  The org.sleuthkit.autopsy.datamodel package wraps the generic org.sleuthkit.datamodel Sleuth Kit objects as Netbeans Nodes. 
  
-Nodes are modeled in a parent-child hierarchy with other nodes.  All data within a Case is represented in a hierarchy with the disk images being one level below the case and volumes and such below the image. 
+Nodes are modelled in a parent-child hierarchy with other nodes.  All data within a Case is represented in a hierarchy with the disk images being one level below the case and volumes and such below the image. 
 
 The tree on the left hand-side shows the analysis results.  
 Its contents are populated from the central database.