From 804991dc3b937b37eba46fcef1a0043efb49e2f9 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 3 Jan 2013 10:16:58 -0500
Subject: [PATCH 1/5] adjust max terms

---
 .../org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
index 89ed96d8f8..ebadddff60 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
@@ -56,7 +56,7 @@ public class TermComponentQuery implements KeywordSearchQuery {
     private Keyword keywordQuery = null;
     private KeywordQueryFilter filter = null;
     private String field = null;
-    private static int MAX_TERMS_RESULTS = 20000;
+    private static int MAX_TERMS_RESULTS = 10000;
     
     private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT);
 

From bc3ccd16a6229445d2b39a69e4d0b03956cdbbec Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 3 Jan 2013 10:34:20 -0500
Subject: [PATCH 2/5] add image_id to Solr schema

---
 KeywordSearch/release/solr/solr/conf/schema.xml   |  2 ++
 .../sleuthkit/autopsy/keywordsearch/Ingester.java | 15 +++++++++++++++
 .../sleuthkit/autopsy/keywordsearch/Server.java   |  6 ++++++
 .../autopsy/keywordsearch/TermComponentQuery.java |  2 +-
 4 files changed, 24 insertions(+), 1 deletion(-)

diff --git a/KeywordSearch/release/solr/solr/conf/schema.xml b/KeywordSearch/release/solr/solr/conf/schema.xml
index 7af3175de7..ecfb9e15d8 100644
--- a/KeywordSearch/release/solr/solr/conf/schema.xml
+++ b/KeywordSearch/release/solr/solr/conf/schema.xml
@@ -505,6 +505,8 @@
    -->
 
    <field name="id" type="string" indexed="true" stored="true" required="true" /> 
+   <!-- use image_id to easily search a specific image only -->
+   <field name="image_id" type="string" indexed="true" stored="true" required="true" /> 
     <!-- The content field holds the text extracted by SolrCell -->
    <field name="content" type="text_general" indexed="true" stored="true" termVectors="true" termPositions="true" termOffsets="true" />
    <!-- The strings field holds strings extracted from files that SolrCell doesn't support -->
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
index 54ce2c866d..43ef7d6292 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Ingester.java
@@ -54,6 +54,7 @@ import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.FsContent;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.ReadContentInputStream;
+import org.sleuthkit.datamodel.TskCoreException;
 
 /**
  * Handles indexing files on a Solr core.
@@ -217,6 +218,12 @@ public class Ingester {
         private Map<String, String> getCommonFields(AbstractFile af) {
             Map<String, String> params = new HashMap<String, String>();
             params.put(Server.Schema.ID.toString(), Long.toString(af.getId()));
+            try {
+                params.put(Server.Schema.IMAGE_ID.toString(), Long.toString(af.getImage().getId()));
+            } catch (TskCoreException ex) {
+                logger.log(Level.SEVERE, "Could not get image id to properly index the file " + af.getId());
+            }
+
             params.put(Server.Schema.FILE_NAME.toString(), af.getName());
             return params;
         }
@@ -239,6 +246,14 @@ public class Ingester {
      * @throws org.sleuthkit.autopsy.keywordsearch.Ingester.IngesterException 
      */
     private void ingest(ContentStream cs, Map<String, String> fields, final long size) throws IngesterException {
+        
+        if (fields.get(Server.Schema.IMAGE_ID.toString()) == null) {
+            //skip the file, image id unknown
+            String msg = "Skipping indexing the file, unknown image id, for file: " + cs.getName();
+            logger.log(Level.SEVERE, msg);
+            throw new IngesterException(msg);
+        }
+        
         SolrInputDocument updateDoc = new SolrInputDocument();
 
         for (String key : fields.keySet()) {
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
index 4aa82fcf29..afff96cee8 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/Server.java
@@ -69,6 +69,12 @@ public class Server {
                 return "id";
             }
         },
+        IMAGE_ID {
+            @Override
+            public String toString() {
+                return "image_id";
+            }
+        },
         CONTENT {
             @Override
             public String toString() {
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
index ebadddff60..89ed96d8f8 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/TermComponentQuery.java
@@ -56,7 +56,7 @@ public class TermComponentQuery implements KeywordSearchQuery {
     private Keyword keywordQuery = null;
     private KeywordQueryFilter filter = null;
     private String field = null;
-    private static int MAX_TERMS_RESULTS = 10000;
+    private static int MAX_TERMS_RESULTS = 20000;
     
     private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT);
 

From 1d4716ca4c268a8a9e77d2a21e5ae2a1599d9a7b Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 3 Jan 2013 14:06:34 -0500
Subject: [PATCH 3/5] text view: fix scrolling to first highlighted hit when
 text is first loaded

---
 .../keywordsearch/ExtractedContentPanel.java  | 24 +++++++++++++++++++
 .../keywordsearch/ExtractedContentViewer.java | 12 ++--------
 2 files changed, 26 insertions(+), 10 deletions(-)

diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java
index 1764f60bbd..0ec7a77809 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentPanel.java
@@ -19,6 +19,7 @@
 package org.sleuthkit.autopsy.keywordsearch;
 
 import java.awt.ComponentOrientation;
+import java.awt.EventQueue;
 import java.awt.event.ActionEvent;
 import java.awt.event.ActionListener;
 import java.awt.event.ItemEvent;
@@ -610,6 +611,26 @@ class ExtractedContentPanel extends javax.swing.JPanel {
         }
     }
 
+    /**
+     * Scroll to current (first) hit after SetMarkup worker completed
+     *
+     * @param source
+     */
+    private void scrollToCurrentHit(final MarkupSource source) {
+        if (source == null || !source.isSearchable()) {
+            return;
+        }
+
+        //scrolling required invokeLater to enqueue in EDT
+        EventQueue.invokeLater(new Runnable() {
+            @Override
+            public void run() {
+                scrollToAnchor(source.getAnchorPrefix() + Integer.toString(source.currentItem()));
+            }
+        });
+
+    }
+
     /**
      * Gets and sets new markup. Updates GUI in GUI thread and gets markup in
      * background thread. To be invoked from GUI thread only.
@@ -656,6 +677,9 @@ class ExtractedContentPanel extends javax.swing.JPanel {
             }
             updateControls(source);
 
+            scrollToCurrentHit(source);
+
+
         }
     }
 }
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java
index 4247813904..de5c4fac72 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/ExtractedContentViewer.java
@@ -234,13 +234,10 @@ public class ExtractedContentViewer implements DataContentViewer {
         if (currentPage == 0 && currentSource.hasNextPage()) {
             currentSource.nextPage();
         }
-
         updatePageControls();
 
         // first source will be the default displayed
         setPanel(sources);
-        // If node has been selected before, return to the previous position
-        scrollToCurrentHit();
     }
 
     private void scrollToCurrentHit() {
@@ -249,13 +246,8 @@ public class ExtractedContentViewer implements DataContentViewer {
             return;
         }
 
-        // using invokeLater to wait for ComboBox selection to complete
-        EventQueue.invokeLater(new Runnable() {
-            @Override
-            public void run() {
-                panel.scrollToAnchor(source.getAnchorPrefix() + Integer.toString(source.currentItem()));
-            }
-        });
+        panel.scrollToAnchor(source.getAnchorPrefix() + Integer.toString(source.currentItem()));
+
     }
 
     @Override

From 3a86e3434dad100ffe395d56f103dbf0f159d86a Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 3 Jan 2013 14:10:22 -0500
Subject: [PATCH 4/5] update news

---
 NEWS.txt | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/NEWS.txt b/NEWS.txt
index 7c9547c00f..c9596cfba7 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -4,7 +4,7 @@ New features:
 
 Improvements:
 - Keyword search indexing and search speed improvements
-- Improved keyword search highlighting in Text View: highlighted tokens are no longer white-space separated
+- Improved keyword search highlighting in Text View: highlighted tokens are no longer delimiter separated
 - Remake of reporting UI and functionality
 - Significant increase in reporting speed
 - Documented report module API
@@ -12,7 +12,8 @@ Improvements:
 
 
 Bugfixes:
-- Keyword search will index and search entire extracted content from files
+- Keyword search now indexes and searches entire extracted content from files
+- Fix scrolling to first keyword hit when Text View is first loaded
 
 ---------------- VERSION 3.0.2 --------------
 

From ce7c33a0874ff0150bde5c885bb09dd574501a37 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 3 Jan 2013 15:03:33 -0500
Subject: [PATCH 5/5] check email with tika only if bytes read > 0

---
 .../thunderbirdparser/ThunderbirdMboxFileIngestModule.java  | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
index 1936dd06bf..7c5ce0c152 100644
--- a/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
+++ b/thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java
@@ -104,7 +104,9 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
             byte[] t = new byte[64];
             if(fsContent.getSize() > 64) {
                 int byteRead = fsContent.read(t, 0, 64);
-                isMbox = mbox.isValidMimeTypeMbox(t);
+                if (byteRead > 0) {
+                    isMbox = mbox.isValidMimeTypeMbox(t);
+                }
             }
         } catch (TskException ex) {
             logger.log(Level.WARNING, null, ex);
@@ -120,6 +122,8 @@ public class ThunderbirdMboxFileIngestModule implements IngestModuleAbstractFile
             Long msfId = 0L;
             currentCase = Case.getCurrentCase(); // get the most updated case
             SleuthkitCase tskCase = currentCase.getSleuthkitCase();
+            
+            
             try {
                 ResultSet resultset = tskCase.runQuery("SELECT obj_id FROM tsk_files WHERE parent_path = '" + mboxPath + "' and name = '" + msfName + "'");
                 if (! resultset.next()) {