From c6531498d54eec503304e7d2e7d2105c65e93243 Mon Sep 17 00:00:00 2001
From: Eugene Livis <elivis@basistech.com>
Date: Thu, 29 Jul 2021 16:11:15 -0400
Subject: [PATCH] Added communication accounts to the list of artifacts flagged
 for previously seen

---
 .../eventlisteners/IngestEventsListener.java  |  6 ++++--
 .../datamodel/PastCasesSummary.java           | 21 +++++++++----------
 2 files changed, 14 insertions(+), 13 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
index 54bb73455d..a346c1ac1a 100644
--- a/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
+++ b/Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java
@@ -541,13 +541,15 @@ public class IngestEventsListener {
                                 }
                             }
                             
-                            // flag previously seen devices
+                            // flag previously seen devices and communication accounts (emails, phones, etc)
                             if (flagPreviousItemsEnabled
                                     && (eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.USBID_TYPE_ID
                                     || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.ICCID_TYPE_ID
                                     || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.IMEI_TYPE_ID
                                     || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.IMSI_TYPE_ID
-                                    || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.MAC_TYPE_ID)) {
+                                    || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.MAC_TYPE_ID
+                                    || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.EMAIL_TYPE_ID
+                                    || eamArtifact.getCorrelationType().getId() == CorrelationAttributeInstance.PHONE_TYPE_ID)) {
                                 try {
                                     // only alert to previous instances when they were in another case
                                     List<CorrelationAttributeInstance> previousOccurences = dbManager.getArtifactInstancesByTypeValue(eamArtifact.getCorrelationType(), eamArtifact.getCorrelationValue());
diff --git a/Core/src/org/sleuthkit/autopsy/datasourcesummary/datamodel/PastCasesSummary.java b/Core/src/org/sleuthkit/autopsy/datasourcesummary/datamodel/PastCasesSummary.java
index e28dbe7dc1..3f02a0bc2d 100644
--- a/Core/src/org/sleuthkit/autopsy/datasourcesummary/datamodel/PastCasesSummary.java
+++ b/Core/src/org/sleuthkit/autopsy/datasourcesummary/datamodel/PastCasesSummary.java
@@ -37,33 +37,32 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
-import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_OTHER_CASES;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.DataSource;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 
 /**
- * Provides information about how a data source relates to a previous case. NOTE:
- * This code is fragile and has certain expectations about how the central
+ * Provides information about how a data source relates to a previous case.
+ * NOTE: This code is fragile and has certain expectations about how the central
  * repository handles creating artifacts. So, if the central repository changes
  * ingest process, this code could break. This code expects that the central
  * repository ingest module:
  *
- * a) Creates a TSK_PREVIOUSLY_NOTABLE artifact for a file whose hash is in
- * the central repository as a notable file.
+ * a) Creates a TSK_PREVIOUSLY_NOTABLE artifact for a file whose hash is in the
+ * central repository as a notable file.
  *
- * b) Creates a TSK_PREVIOUSLY_SEEN artifact for a matching id in the
- * central repository.
+ * b) Creates a TSK_PREVIOUSLY_SEEN artifact for a matching id in the central
+ * repository.
  *
- * c) The created artifact will have a TSK_COMMENT attribute attached where one
- * of the sources for the attribute matches
+ * c) The created artifact will have a TSK_OTHER_CASES attribute attached where
+ * one of the sources for the attribute matches
  * CentralRepoIngestModuleFactory.getModuleName(). The module display name at
  * time of ingest will match CentralRepoIngestModuleFactory.getModuleName() as
  * well.
  *
- * d) The content of that TSK_COMMENT attribute will be of the form "Previous
- * Case: case1,case2...caseN"
+ * d) The content of that TSK_OTHER_CASES attribute will be of the form
+ * "case1,case2...caseN"
  */
 public class PastCasesSummary implements DefaultArtifactUpdateGovernor {