From 62fe0a89d97fe63706433516c96497bed8386ceb Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 7 Dec 2018 13:21:54 -0500
Subject: [PATCH 1/3] Create artifact when hash validation fails

---
 .../autopsy/datamodel/ExtractedContent.java   |  2 ++
 .../DataSourceIntegrityIngestModule.java      | 22 ++++++++++++++++++-
 .../sleuthkit/autopsy/report/ReportHTML.java  |  3 +++
 3 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
index 5f7f5b9d1c..6672854463 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@@ -166,6 +166,8 @@ public class ExtractedContent implements AutopsyVisitableItem {
             return filePath + "Bluetooth.png"; //NON-NLS
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID()) {
             return filePath + "devices.png"; //NON-NLS
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_VALIDATION_FAILED.getTypeID()) {
+            return filePath + "warning16.png"; //NON-NLS
         }
         return filePath + "artifact-icon.png"; //NON-NLS
     }
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
index 21dcf95d65..e2bc1d6527 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@@ -36,6 +36,9 @@ import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.openide.util.NbBundle;
+import org.sleuthkit.autopsy.casemodule.Case;
+import org.sleuthkit.datamodel.BlackboardArtifact;
+import org.sleuthkit.datamodel.BlackboardAttribute;
 
 /**
  * Data source ingest module that verifies the integrity of an Expert Witness
@@ -98,6 +101,10 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
         "DataSourceIntegrityIngestModule.process.errorSavingHashes= Error saving hashes for image {0} to the database", 
         "# {0} - imageName",
         "DataSourceIntegrityIngestModule.process.errorLoadingHashes= Error loading hashes for image {0} from the database", 
+        "# {0} - hashAlgorithm",
+        "# {1} - calculatedHashValue",
+        "# {2} - storedHashValue",
+        "DataSourceIntegrityIngestModule.process.hashFailedForArtifact={0} hash validation failed:\n  Calculated hash: {1}\n  Stored hash: {2}\n",        
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -253,6 +260,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             String detailedResults = NbBundle
                 .getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.verifyResultsHeader", imgName);
             String hashResults = "";
+            String artifactComment = "";
             
             for (HashData hashData:hashDataList) {
                 if (hashData.storedHash.equals(hashData.calculatedHash)) {
@@ -260,7 +268,9 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
                 } else {
                     verified = false;
                     hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashNonMatch(hashData.type.name);
-                }
+                    artifactComment += Bundle.DataSourceIntegrityIngestModule_process_hashFailedForArtifact(hashData.type.name,
+                            hashData.calculatedHash, hashData.storedHash);
+               }
                 hashResults += Bundle.DataSourceIntegrityIngestModule_process_hashList(hashData.calculatedHash, hashData.storedHash);
             }
             
@@ -276,6 +286,16 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             
             detailedResults += NbBundle.getMessage(this.getClass(), "DataSourceIntegrityIngestModule.shutDown.resultLi", verificationResultStr);
             detailedResults += hashResults;
+            
+            if (!verified) {
+                try {
+                    BlackboardArtifact validationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_VALIDATION_FAILED, img.getId());
+                    validationFailedArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                        DataSourceIntegrityModuleFactory.getModuleName(), artifactComment));
+                } catch (TskCoreException ex) {
+                    logger.log(Level.SEVERE, "Error creating validation failed artifact", ex);
+                }
+            }
 
             services.postMessage(IngestMessage.createMessage(messageType, DataSourceIntegrityModuleFactory.getModuleName(), 
                     imgName + verificationResultStr, detailedResults));
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
index 2f709310b6..e880a749b3 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
@@ -299,6 +299,9 @@ class ReportHTML implements TableReportModule {
                 case TSK_DEVICE_INFO:
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/devices.png"); //NON-NLS
                     break;
+                case TSK_VALIDATION_FAILED:
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/red-circle-exclamation.png"); //NON-NLS
+                    break;    
                 default:
                     logger.log(Level.WARNING, "useDataTypeIcon: unhandled artifact type = {0}", dataType); //NON-NLS
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/report/images/star.png"); //NON-NLS

From 712cf88763e7948eb6abbe89ca936b83432c62ec Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 7 Dec 2018 15:05:18 -0500
Subject: [PATCH 2/3] Updated icon

---
 .../autopsy/datamodel/ExtractedContent.java       |   2 +-
 .../sleuthkit/autopsy/images/validationFailed.png | Bin 0 -> 591 bytes
 .../org/sleuthkit/autopsy/report/ReportHTML.java  |   2 +-
 3 files changed, 2 insertions(+), 2 deletions(-)
 create mode 100644 Core/src/org/sleuthkit/autopsy/images/validationFailed.png

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
index 6672854463..e1ae0f9a69 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@@ -167,7 +167,7 @@ public class ExtractedContent implements AutopsyVisitableItem {
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID()) {
             return filePath + "devices.png"; //NON-NLS
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_VALIDATION_FAILED.getTypeID()) {
-            return filePath + "warning16.png"; //NON-NLS
+            return filePath + "validationFailed.png"; //NON-NLS
         }
         return filePath + "artifact-icon.png"; //NON-NLS
     }
diff --git a/Core/src/org/sleuthkit/autopsy/images/validationFailed.png b/Core/src/org/sleuthkit/autopsy/images/validationFailed.png
new file mode 100644
index 0000000000000000000000000000000000000000..c0abaa22549dd26c86cfc91cd0d69f3e62bbbeb2
GIT binary patch
literal 591
zcmV-V0<iswP)<h;3K|Lk000e1NJLTq000mG000mO0ssI2kdbIM00009a7bBm000XU
z000XU0RWnu7ytkO2XskIMF-*x2NNSCQ?*M70000TX;fHrLvL+uWo~o;00000Lvm$d
zbY)~9cWHEJAV*0}P-HG;2LJ#8#Ysd#R4C75xE~a-*Vy>&s<r=N;P3lSmn!S0o0`su
zivIES+kaHR#P;yH%FFLpY8#)fTgt$|@c-|>JMEp{w{H7?_x97r4}N_6%76x59zJwk
z)98<^<`r#)ZwuN!byS{`Q@E_8+^Q^k<MiSG7=Ypb|Np;s?0%@E_f?qxo+{TZHGw<Q
zD)V)$o*&<Xru4{>BTx<h|NsBFa^q)7$(PC;ca(XKYa6}3eg{*vg@whDBS)AR7#JA-
z|NC|M>dPPhKm6mm_3+D^cQ60{{DSQ4qeqXHl$0<qFqD*(F#Y`c;bLLY;ns=w|1n<_
z6#FSB!~XK!HvizOd$yygW?*3G>FHrOlM#1_OYS6#;!HEE7dNiGxpHZPiq={N#tGu0
zXSZ&IxC8<qeqav1^or@{?<eviwln%=jf}a(#Q!SEzB+J{^Tqp1S8vTda`4x`zYw#n
zt*sdt7?^WIqi%_^+fM6Jw6cNNE2gH-uBm$S{N*pAA~$}0|Htqju9|^?f#KJ;Z=YVj
z#td&4D{FgeYq(2L;=#hg0+~c+ps7a014I#;W~=~<4gc{1MhgoI2I9c+<Hs2o7#RQm
d|Ia`Q008Vqusj_Wj8Omp002ovPDHLkV1lOIAH@Iw

literal 0
HcmV?d00001

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
index e880a749b3..ab2acf46ad 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
@@ -300,7 +300,7 @@ class ReportHTML implements TableReportModule {
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/devices.png"); //NON-NLS
                     break;
                 case TSK_VALIDATION_FAILED:
-                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/red-circle-exclamation.png"); //NON-NLS
+                    in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/validationFailed.png"); //NON-NLS
                     break;    
                 default:
                     logger.log(Level.WARNING, "useDataTypeIcon: unhandled artifact type = {0}", dataType); //NON-NLS

From bdf36b59c44e562be9196ca6e9b4f2988cf46a01 Mon Sep 17 00:00:00 2001
From: Ann Priestman <apriestman@basistech.com>
Date: Fri, 7 Dec 2018 15:50:58 -0500
Subject: [PATCH 3/3] Name change

---
 .../org/sleuthkit/autopsy/datamodel/ExtractedContent.java | 2 +-
 .../DataSourceIntegrityIngestModule.java                  | 8 ++++----
 Core/src/org/sleuthkit/autopsy/report/ReportHTML.java     | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
index e1ae0f9a69..f8ba1e86bd 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ExtractedContent.java
@@ -166,7 +166,7 @@ public class ExtractedContent implements AutopsyVisitableItem {
             return filePath + "Bluetooth.png"; //NON-NLS
         } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO.getTypeID()) {
             return filePath + "devices.png"; //NON-NLS
-        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_VALIDATION_FAILED.getTypeID()) {
+        } else if (typeID == BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED.getTypeID()) {
             return filePath + "validationFailed.png"; //NON-NLS
         }
         return filePath + "artifact-icon.png"; //NON-NLS
diff --git a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
index e2bc1d6527..6c307f50a2 100644
--- a/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
+++ b/Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java
@@ -104,7 +104,7 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
         "# {0} - hashAlgorithm",
         "# {1} - calculatedHashValue",
         "# {2} - storedHashValue",
-        "DataSourceIntegrityIngestModule.process.hashFailedForArtifact={0} hash validation failed:\n  Calculated hash: {1}\n  Stored hash: {2}\n",        
+        "DataSourceIntegrityIngestModule.process.hashFailedForArtifact={0} hash verification failed:\n  Calculated hash: {1}\n  Stored hash: {2}\n",        
     })
     @Override
     public ProcessResult process(Content dataSource, DataSourceIngestModuleProgress statusHelper) {
@@ -289,11 +289,11 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             
             if (!verified) {
                 try {
-                    BlackboardArtifact validationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_VALIDATION_FAILED, img.getId());
-                    validationFailedArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
+                    BlackboardArtifact verificationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().newBlackboardArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED, img.getId());
+                    verificationFailedArtifact.addAttribute(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
                         DataSourceIntegrityModuleFactory.getModuleName(), artifactComment));
                 } catch (TskCoreException ex) {
-                    logger.log(Level.SEVERE, "Error creating validation failed artifact", ex);
+                    logger.log(Level.SEVERE, "Error creating verification failed artifact", ex);
                 }
             }
 
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
index ab2acf46ad..f7e2fbb31f 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
@@ -299,7 +299,7 @@ class ReportHTML implements TableReportModule {
                 case TSK_DEVICE_INFO:
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/devices.png"); //NON-NLS
                     break;
-                case TSK_VALIDATION_FAILED:
+                case TSK_VERIFICATION_FAILED:
                     in = getClass().getResourceAsStream("/org/sleuthkit/autopsy/images/validationFailed.png"); //NON-NLS
                     break;    
                 default: