From cde86ea8941d00bc7e1345a63b1d01a1a38d094e Mon Sep 17 00:00:00 2001
From: William Schaefer <wschaefer@basistech.net>
Date: Tue, 8 Jan 2019 12:35:26 -0500
Subject: [PATCH] 4590 hide Data Source Profile in tree

---
 .../autopsy/datamodel/ExtractedContent.java   |  4 ++-
 .../recentactivity/DataSourceProfiler.java    | 36 ++++++++++++-------
 2 files changed, 27 insertions(+), 13 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
index f8ba1e86bd..c3689f1eaa 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@@ -1,7 +1,7 @@
 /*
  * Autopsy Forensic Browser
  *
- * Copyright 2011-2018 Basis Technology Corp.
+ * Copyright 2011-2019 Basis Technology Corp.
  * Contact: carrier <at> sleuthkit <dot> org
  *
  * Licensed under the Apache License, Version 2.0 (the "License");
@@ -44,6 +44,7 @@ import org.sleuthkit.autopsy.ingest.ModuleDataEvent;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ACCOUNT;
+import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_DATA_SOURCE_PROFILE;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_EMAIL_MSG;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_GEN_INFO;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT;
@@ -235,6 +236,7 @@ public class ExtractedContent implements AutopsyVisitableItem {
             doNotShow.add(new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT));
             doNotShow.add(new BlackboardArtifact.Type(TSK_INTERESTING_ARTIFACT_HIT));
             doNotShow.add(new BlackboardArtifact.Type(TSK_ACCOUNT));
+            doNotShow.add(new BlackboardArtifact.Type(TSK_DATA_SOURCE_PROFILE));
         }
 
         private final PropertyChangeListener pcl = (PropertyChangeEvent evt) -> {
diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DataSourceProfiler.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DataSourceProfiler.java
index dbd90681e8..408aa30256 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DataSourceProfiler.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/DataSourceProfiler.java
@@ -35,29 +35,41 @@ import org.sleuthkit.datamodel.TskCoreException;
 @Messages({"DataSourceProfiler.parentModuleName=Recent Activity"})
 public class DataSourceProfiler extends Extract {
 
+    private static final Logger logger = Logger.getLogger(Firefox.class.getName());
     private Content dataSource;
-     private static final Logger logger = Logger.getLogger(Firefox.class.getName());
 
     @Override
     void process(Content dataSource, IngestJobContext context) {
+        Collection<BlackboardAttribute> bbattributes = new ArrayList<>();
         this.dataSource = dataSource;
         try {
-            checkForWindowsVolume();
+            checkForWindowsVolume(bbattributes);
         } catch (TskCoreException ex) {
             logger.log(Level.WARNING, "Failed to check if datasource contained Windows volume.", ex);
         }
-    }
-
-    void checkForWindowsVolume() throws TskCoreException {
-        FileManager fileManager = currentCase.getServices().getFileManager();
-        List<AbstractFile> files = fileManager.findFilesByParentPath(dataSource.getId(), "/windows/system32");
-        if (!files.isEmpty()) {
-            Collection<BlackboardAttribute> bbattributes = new ArrayList<BlackboardAttribute>();
-            bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATA_SOURCE_DESCRIPTOR,
-                    Bundle.DataSourceProfiler_parentModuleName(),
-                    "Windows volume")); //NON-NLS
+        //create an artifact if any attributes were added
+        if (!bbattributes.isEmpty()) {
             addArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_DATA_SOURCE_PROFILE, dataSource, bbattributes);
         }
     }
 
+    /**
+     * Check if the data source contains files which would indicate a windows
+     * volume is present in it.
+     *
+     * @param bbattributes the list of blackboard attributes to add to if a windows volume is present
+     *
+     * @throws TskCoreException
+     */
+    private void checkForWindowsVolume(Collection<BlackboardAttribute> bbattributes) throws TskCoreException {
+        FileManager fileManager = currentCase.getServices().getFileManager();
+        List<AbstractFile> files = fileManager.findFilesByParentPath(dataSource.getId(), "/windows/system32");
+        //create an attribute if any files with the windows/system32 path were found
+        if (!files.isEmpty()) {
+            bbattributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATA_SOURCE_DESCRIPTOR,
+                    Bundle.DataSourceProfiler_parentModuleName(),
+                    "Windows volume")); //NON-NLS
+        }
+    }
+
 }