Move past cases to TSK_OTHER_CASES

Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/CaseEventListener.java

@@ -30,6 +30,7 @@ import java.util.Set;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.logging.Level;
+import java.util.stream.Collectors;
 import org.apache.commons.lang.StringUtils;
 import org.openide.util.NbBundle;
 import org.openide.util.NbBundle.Messages;
@@ -69,6 +70,7 @@ import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COM
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CORRELATION_TYPE;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CORRELATION_VALUE;
+import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_OTHER_CASES;
 import org.sleuthkit.datamodel.OsAccount;
 import org.sleuthkit.datamodel.OsAccountInstance;
 import org.sleuthkit.datamodel.Score;
@@ -722,6 +724,7 @@ public final class CaseEventListener implements PropertyChangeListener {
                                     SleuthkitCase tskCase = osAccount.getSleuthkitCase();
                                     Blackboard blackboard = tskCase.getBlackboard();
 
+                                    List<String> caseDisplayNames = dbManager.getListCasesHavingArtifactInstances(osAcctType, correlationAttributeInstance.getCorrelationValue());
                                     Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList(
                                             new BlackboardAttribute(
                                                     TSK_SET_NAME, MODULE_NAME,
@@ -733,8 +736,8 @@ public final class CaseEventListener implements PropertyChangeListener {
                                                     TSK_CORRELATION_VALUE, MODULE_NAME,
                                                     correlationAttributeInstance.getCorrelationValue()),
                                             new BlackboardAttribute(
-                                                    TSK_COMMENT, MODULE_NAME,
+                                                    TSK_OTHER_CASES, MODULE_NAME,
-                                                    Bundle.CaseEventsListener_prevCaseComment_text()));
+                                                    caseDisplayNames.stream().distinct().collect(Collectors.joining(","))));
                                     BlackboardArtifact newAnalysisResult = osAccount.newAnalysisResult(
                                             BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, Score.SCORE_LIKELY_NOTABLE,
                                             null, Bundle.CaseEventsListener_prevExists_text(), null, attributesForNewArtifact, osAccountInstance.getDataSource().getId()).getAnalysisResult();

Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java

@@ -54,10 +54,10 @@ import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_PREVI
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.autopsy.coreutils.ThreadUtils;
 import static org.sleuthkit.autopsy.ingest.IngestManager.IngestModuleEvent.DATA_ADDED;
-import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CORRELATION_TYPE;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CORRELATION_VALUE;
+import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_OTHER_CASES;
 import org.sleuthkit.autopsy.ingest.events.DataSourceAnalysisEvent;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Image;
@@ -200,6 +200,10 @@ public class IngestEventsListener {
         createCrProperties = value;
     }
     
+    static private String createOtherCasesAttrString(List<String> caseDisplayNames) {
+        return caseDisplayNames.stream().distinct().collect(Collectors.joining(","));
+    }
+
     /**
      * Make a "previously seen" artifact based on a new artifact being
      * previously seen.
@@ -212,8 +216,7 @@ public class IngestEventsListener {
         "IngestEventsListener.prevCaseComment.text=Previous Case: "})
     static private void makeAndPostPreviousNotableArtifact(BlackboardArtifact originalArtifact, List<String> caseDisplayNames,
             CorrelationAttributeInstance.Type aType, String value) {
-        Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList(
+        Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList(new BlackboardAttribute(
-                new BlackboardAttribute(
                         TSK_SET_NAME, MODULE_NAME,
                         Bundle.IngestEventsListener_prevTaggedSet_text()),
                new BlackboardAttribute(
@@ -223,8 +226,8 @@ public class IngestEventsListener {
                     TSK_CORRELATION_VALUE, MODULE_NAME,
                     value),
                 new BlackboardAttribute(
-                        TSK_COMMENT, MODULE_NAME,
+                        TSK_OTHER_CASES, MODULE_NAME,
-                        Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(","))));
+                        createOtherCasesAttrString(caseDisplayNames)));
         makeAndPostArtifact(BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, originalArtifact, attributesForNewArtifact, Bundle.IngestEventsListener_prevTaggedSet_text());
     }
 
@@ -252,8 +255,8 @@ public class IngestEventsListener {
                     TSK_CORRELATION_VALUE, MODULE_NAME,
                     value),
                 new BlackboardAttribute(
-                        TSK_COMMENT, MODULE_NAME,
+                        TSK_OTHER_CASES, MODULE_NAME,
-                        Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(","))));
+                        createOtherCasesAttrString(caseDisplayNames)));
         makeAndPostArtifact(BlackboardArtifact.Type.TSK_PREVIOUSLY_SEEN, originalArtifact, attributesForNewArtifact, Bundle.IngestEventsListener_prevExists_text());
     }
     

Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java

@@ -50,7 +50,7 @@ import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_PREVIOUSLY_SEEN;
 import org.sleuthkit.datamodel.BlackboardAttribute;
-import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT;
+import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_OTHER_CASES;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CORRELATION_TYPE;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CORRELATION_VALUE;
@@ -346,8 +346,8 @@ final class CentralRepoIngestModule implements FileIngestModule {
                     TSK_CORRELATION_VALUE, MODULE_NAME,
                     value),
                 new BlackboardAttribute(
-                        TSK_COMMENT, MODULE_NAME,
+                        TSK_OTHER_CASES, MODULE_NAME,
-                        Bundle.CentralRepoIngestModule_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(","))));
+                        caseDisplayNames.stream().distinct().collect(Collectors.joining(","))));
         try {
 
             // Create artifact if it doesn't already exist.