From d286ad8614999ced87cd21959575b77693a049cc Mon Sep 17 00:00:00 2001
From: Tim McIver <mciver@basistech.com>
Date: Tue, 4 Dec 2012 16:52:21 -0500
Subject: [PATCH 01/27] Added public method Case.getImages.

---
 Core/src/org/sleuthkit/autopsy/casemodule/Case.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
index a599372982..2e44b24d71 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/Case.java
@@ -27,6 +27,7 @@ import java.io.FileInputStream;
 import java.io.IOException;
 import java.text.DateFormat;
 import java.text.SimpleDateFormat;
+import java.util.Collection;
 import java.util.GregorianCalendar;
 import java.util.HashMap;
 import java.util.HashSet;
@@ -572,6 +573,10 @@ public class Case {
         Set<Long> ids = getImagePaths(db).keySet();
         return ids.toArray(new Long[ids.size()]);
     }
+    
+    public List<Image> getImages() throws TskCoreException {
+        return db.getImages();
+    }
 
     /**
      * Count the root objects.

From 1a2a74ae05bec638b7a4c92d7d65758b4df2fe80 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 09:37:09 -0500
Subject: [PATCH 02/27] fix doxygen warnings in code

---
 .../org/sleuthkit/autopsy/casemodule/LocalDiskPanel.java    | 2 +-
 .../sleuthkit/autopsy/casemodule/services/FileManager.java  | 4 ++++
 .../autopsy/corecomponents/AbstractDataResultViewer.java    | 3 +--
 Core/src/org/sleuthkit/autopsy/coreutils/StringExtract.java | 2 +-
 Core/src/org/sleuthkit/autopsy/coreutils/XMLUtil.java       | 6 ++++--
 .../src/org/sleuthkit/autopsy/hashdatabase/HashDb.java      | 2 +-
 .../autopsy/keywordsearch/KeywordSearchIngestModule.java    | 1 -
 7 files changed, 12 insertions(+), 8 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/LocalDiskPanel.java b/Core/src/org/sleuthkit/autopsy/casemodule/LocalDiskPanel.java
index 56dff078ec..48f21bab5d 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/LocalDiskPanel.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/LocalDiskPanel.java
@@ -43,7 +43,7 @@ import org.sleuthkit.autopsy.coreutils.PlatformUtil;
 import org.sleuthkit.datamodel.FsContent;
 
 /**
- * ImageTypePanel for adding a local disk or partition such as \\.\PhysicalDrive0 or  \\.\C:.
+ * ImageTypePanel for adding a local disk or partition such as PhysicalDrive0 or  C:.
  */
 public class LocalDiskPanel extends ImageTypePanel {
     private static LocalDiskPanel instance;
diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java b/Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java
index 4a34625bb4..c5499b118b 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/services/FileManager.java
@@ -42,6 +42,7 @@ public class FileManager implements Closeable {
 	}
 	
 	/**
+         * @param image image where to find files
 	 * @param fileName the name of the file or directory to match
 	 * @return a list of FsContent for files/directories whose name matches the
 	 * given fileName
@@ -54,6 +55,7 @@ public class FileManager implements Closeable {
 	}
 	
 	/**
+         * @param image image where to find files
 	 * @param fileName the name of the file or directory to match
 	 * @param dirName the name of a parent directory of fileName
 	 * @return a list of FsContent for files/directories whose name matches
@@ -67,6 +69,7 @@ public class FileManager implements Closeable {
 	}
 	
 	/**
+         * @param image image where to find files
 	 * @param fileName the name of the file or directory to match
 	 * @param parentFsContent 
 	 * @return a list of FsContent for files/directories whose name matches
@@ -80,6 +83,7 @@ public class FileManager implements Closeable {
 	}
 	
 	/**
+         * @param image image where to find files
 	 * @param filePath The full path to the file(s) of interest. This can
 	 * optionally include the image and volume names.
 	 * @return a list of FsContent that have the given file path.
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/AbstractDataResultViewer.java b/Core/src/org/sleuthkit/autopsy/corecomponents/AbstractDataResultViewer.java
index 2a1f93e7a6..1d9d3c640b 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/AbstractDataResultViewer.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/AbstractDataResultViewer.java
@@ -48,11 +48,10 @@ public abstract class AbstractDataResultViewer extends JPanel implements
 
         //property listener to send nodes to content viewer    
         nodeSelListener = new PropertyChangeListener() {
+                        
             /**
              * Propagates changes in the current select node from the
              * DataResultViewer to the DataContentTopComponent
-             *
-             * @param evt
              */
             @Override
             public void propertyChange(PropertyChangeEvent evt) {
diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/StringExtract.java b/Core/src/org/sleuthkit/autopsy/coreutils/StringExtract.java
index 014a26c794..bb8890d8a3 100644
--- a/Core/src/org/sleuthkit/autopsy/coreutils/StringExtract.java
+++ b/Core/src/org/sleuthkit/autopsy/coreutils/StringExtract.java
@@ -111,7 +111,7 @@ public class StringExtract {
     /**
      * Sets the enabled script to one provided, resets previous setting
      *
-     * @param scripts script to consider for when extracting strings
+     * @param script script to consider for when extracting strings
      */
     public final void setEnabledScript(SCRIPT script) {
 
diff --git a/Core/src/org/sleuthkit/autopsy/coreutils/XMLUtil.java b/Core/src/org/sleuthkit/autopsy/coreutils/XMLUtil.java
index 329348167f..eab0f6cf60 100644
--- a/Core/src/org/sleuthkit/autopsy/coreutils/XMLUtil.java
+++ b/Core/src/org/sleuthkit/autopsy/coreutils/XMLUtil.java
@@ -62,7 +62,8 @@ public class XMLUtil {
      *  The schema files are extracted automatically when this function is called, the XML being validated is not.
      *  Be sure the XML file is already extracted otherwise it will return false.
      * @param xmlfile The XML file to validate, in DOMSource format
-     * @param type The file name of the schema to validate against, must exist as a resource in the same package as where this function is being called.
+     * @param clazz class frm package to extract schema file from
+     * @param schemaFile The file name of the schema to validate against, must exist as a resource in the same package as where this function is being called.
      * 
      * For example usages, please see KeywordSearchListsXML, HashDbXML, or IngestModuleLoader.
      * 
@@ -95,7 +96,8 @@ public class XMLUtil {
      * 
      *  The schema files are extracted automatically when this function is called, the XML being validated is not.
      *  Be sure the XML file is already extracted otherwise it will return false.
-     * @param xmlfile The XML file to validate
+     * @param doc The XML DOM to validate
+     * @param clazz class from package to extract schema from
      * @param type The file name of the schema to validate against, must exist as a resource in the same package as where this function is being called
      * 
      * For example usages, please see KeywordSearchListsXML, HashDbXML, or IngestModuleLoader.
diff --git a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDb.java b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDb.java
index cce3086c4c..9a08234eab 100644
--- a/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDb.java
+++ b/HashDatabase/src/org/sleuthkit/autopsy/hashdatabase/HashDb.java
@@ -281,7 +281,7 @@ public class HashDb implements Comparable<HashDb> {
 
         /** We need proper cancel support in TSK to make the task cancellable
          new Cancellable() {
-                @Override
+                Override
                 public boolean cancel() {
                     return CreateIndex.this.cancel(true);
                 }
diff --git a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
index dac751b3bd..366c5e08e4 100644
--- a/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
+++ b/KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/KeywordSearchIngestModule.java
@@ -320,7 +320,6 @@ public final class KeywordSearchIngestModule implements IngestModuleAbstractFile
      * Initializes the module for new ingest run Sets up threads, timers,
      * retrieves settings, keyword lists to run on
      *
-     * @param services
      */
     @Override
     public void init(IngestModuleInit initContext) {

From c26bd6e1225d4fb469f49d0c14e8d920aef86dc3 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 09:57:39 -0500
Subject: [PATCH 03/27] fixed warnings in doxygen docs

---
 .../corecomponentinterfaces/package.dox       |  2 +-
 docs/doxygen/modDev.dox                       |  4 ++--
 docs/doxygen/workflow.dox                     | 21 ++++++++++++-------
 3 files changed, 16 insertions(+), 11 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/package.dox b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/package.dox
index e8da825fcf..51cbc93198 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/package.dox
+++ b/Core/src/org/sleuthkit/autopsy/corecomponentinterfaces/package.dox
@@ -3,6 +3,6 @@
 
 This package contains the interface classes that define the core components in Autopsy.  These components are used in the different zones of the GUI.
 
-See \ref design_page for examples of the modules and such that it defines. 
+See \ref design_data_flow for examples of the modules and such that it defines. 
 
 */
diff --git a/docs/doxygen/modDev.dox b/docs/doxygen/modDev.dox
index a3dfa1fdd8..217650b587 100644
--- a/docs/doxygen/modDev.dox
+++ b/docs/doxygen/modDev.dox
@@ -119,7 +119,7 @@ TODO: Add additional info about service classes (log, Case, database, etc.)  Sim
 
 TODO: Move the log content from the wiki (http://wiki.sleuthkit.org/index.php?title=Autopsy_3_Logging_and_Error_Checking) to here.
 
-Note: \ref IngestModuleServices provides services specifically for the ingest modules.
+Note: org.sleuthkit.autopsy.ingest.IngestServices provides services specifically for the ingest modules.
 
 
 \section mod_dev_configuration Making a Configuration Panel
@@ -155,7 +155,7 @@ First, use NetBeans' GUI builder to design the panel. Be sure to include all opt
 
 Second, in the source code of the panel, there are two important methods: \c load() and \c store(). When the options panel is opened via Tools > Options in Autopsy, the \c load() method will be called. Conversely, when the user presses OK after editing the options, the \c store() method will be called.
 
-If one wishes to make any additional panels within the original options panel, or panels which the original opens, Autopsy provides the \ref OptionsPanel interface to help. This interface requires the \c store() and \c load() functions also be provided in the separate panels, allowing for easier child storing and loading.
+If one wishes to make any additional panels within the original options panel, or panels which the original opens, Autopsy provides the org.sleuthkit.autopsy.corecomponents.OptionsPanel interface to help. This interface requires the \c store() and \c load() functions also be provided in the separate panels, allowing for easier child storing and loading.
 
 Any storing or loading of settings or properties should be done in the \c store() and \c load() methods. Continue to \ref mod_dev_properties for more details.
 
diff --git a/docs/doxygen/workflow.dox b/docs/doxygen/workflow.dox
index 09a30f8abf..13de18a5bc 100644
--- a/docs/doxygen/workflow.dox
+++ b/docs/doxygen/workflow.dox
@@ -36,10 +36,13 @@ See \ref mod_ingest_page for more details on making an ingest module.
 The UI has three main areas.  The tree on the left-hand side, the result viewers in the upper right, and the content viewers in the lower right.  Data passes between these areas by encapsulating them in Netbeans Node objects (see org.openide.nodes.Node).  These allow Autopsy to generically handle all types of data.  The org.sleuthkit.autopsy.datamodel package details with wrapping the org.sleuthkit.datamodel objects as Netbeans Nodes. 
  
 
-
 Nodes are modeled in a parent-child hierarchy with other nodes.  All data within a Case is represented in a hierarchy with the disk images being one level below the case and volumes and such below the image. 
 
-The tree on the left hand-side shows the analysis results.  Its contents are populated from the central database.   This is where you can browse the file system contents and see the results from the blackboard (see \ref blackboard_page).  The tree is implemented in the org.sleuthkit.autopsy.directorytree package. 
+The tree on the left hand-side shows the analysis results.  
+Its contents are populated from the central database.   
+This is where you can browse the file system contents and see the results from the blackboard. 
+<!-- @@@(see \ref blackboard_page).  -->
+The tree is implemented in the org.sleuthkit.autopsy.directorytree package. 
 
 The area in the upper right is the result viewer area.  When a node is selected from the tree, the node and its children are sent to this area.  This area is used to view a set of nodes.  The viewer is itself a framework with modules that display the data in different layouts.  For example, the standard version comes with a table viewer and a thumbnail viewer.  Refer to \ref mod_result_page for details on building a module. 
 
@@ -50,12 +53,13 @@ See  \ref mod_content_page for details on building new content viewers.
 
 \section design_report Report generation
 
-When ingest is complete, the user can generate reports.  There is a reporting framework to enable many different formats.  Autopsy currently comes with generic html, xml and Excel reports.  See the org.sleuthkit.autopsy.report package for details on the framework and
-\ref report_making for details on building a new report module. 
+When ingest is complete, the user can generate reports.  
+There is a reporting framework to enable many different formats.  Autopsy currently comes with generic html, xml and Excel reports.  See the org.sleuthkit.autopsy.report package for details on the framework and
+\ref mod_report_page for details on building a new report module. 
 
 
 
-<!-- @@@ MOVE THIS SOMEWHERE ELSE -- the directory tree package maybe??
+<!-- @@@ MOVE THIS SOMEWHERE ELSE -- the directory tree package maybe?? -->
 
 The component is by default registered with the ingest manager as an ingest event listener.
 The viewer first loads all the viewer-supported data currently in the blackboard when Autopsy starts.  
@@ -66,9 +70,10 @@ and performs a final refresh of all viewer-supported data in the blackboard.
 
 
 Node content support capabilities are registered in the node's Lookup.
--->
 
-<!-- @@@ This is too detailed for here, but maybe should be broken up and put into the sections on making a result viewer and such…
+
+<!-- @@@ This is too detailed for here, but maybe should be broken up and put into the sections on making a result viewer and such… 
+-->
 
 \section design_data_flow Data Flow
 
@@ -88,6 +93,6 @@ DataResult can send data back to its DataExplorer by making a custom action that
 
 A default DataContent viewer is created when a case is opened. To display the contents of a node, it must be passed to a DataContent instance.  The default single-click behavior of the DataResultViewers is to lookup the default DataContent TopComponent and pass the selected node to it.   See org.sleuthkit.autopsy.corecomponents.AbstractDataResultViewer.propertyChange(PropertyChangeEvent) for details. 
 
--->
+
 
 */

From 4b9675fd3e6e3e0cfc7cb5739d50d0875f74fa49 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 09:57:49 -0500
Subject: [PATCH 04/27] update news

---
 NEWS.txt | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/NEWS.txt b/NEWS.txt
index b6d7eeec90..d1c77494a3 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -1,18 +1,20 @@
 ---------------- VERSION Current (development) --------------
 
 New features:
-- Added Hashkeeper hash database support
+- Hashkeeper hash database support
+- Extraction of all unallocated blocks (from volume, image) as a single file
+- Result bookmarks
 
 Improvements:
 - File Ingest: minimized file queuing time and memory usage
 - Add Image Wizard - better work-flow, better device size reporting, info on currently processed directory
-- Added extraction of all unallocated blocks (from volume, image) as a single file
-- Reporting improvements: reorganized columns, sorted by 1st column, added logo to html report
+- Reporting improvements: reorganized columns, sorted by 1st column, added logo to html report, better styling
 
 Bugfixes:
 - fixed periodic keyword search during ingest, when it'd run max. 2 times only
 - fixed Downloads "target" in Recent Activity
 - fixed missing hash and keyword search hits in reports
+- fixed deselecting NSRL database for hash ingest
 
 
 ---------------- VERSION 3.0.1 --------------

From 2bb12c11764dcecf3c51167c314cbcc1b46b9b91 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Thu, 6 Dec 2012 10:32:46 -0500
Subject: [PATCH 05/27] Extraction per image now takes place in a single thread
 Previously made one thread per volume.

---
 .../directorytree/ExtractUnallocAction.java   | 161 +++++++++++++-----
 1 file changed, 114 insertions(+), 47 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index 5e8ee14bb0..bdef2a4a31 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -55,8 +55,8 @@ public final class ExtractUnallocAction extends AbstractAction {
 
     private final List<UnallocStruct> LstUnallocs = new ArrayList<UnallocStruct>();
     private static final List<String> lockedVols = new ArrayList<String>();
-    private int numDone = 0;
-    private static boolean runningOnImage = false;
+    private static final List<Long> lockedImages = new ArrayList<Long>();
+    private long currentImage = 0L;
     private static final Logger logger = Logger.getLogger(ExtractUnallocAction.class.getName());
     private boolean isImage = false;
     
@@ -68,6 +68,7 @@ public final class ExtractUnallocAction extends AbstractAction {
     public ExtractUnallocAction(String title, Image img) {
         super(title);
         isImage = true;
+        currentImage = img.getId();
         if (hasVolumeSystem(img)) {
             for (Volume v : getVolumes(img)) {
                 UnallocStruct us = new UnallocStruct(v);
@@ -87,29 +88,36 @@ public final class ExtractUnallocAction extends AbstractAction {
     @Override
     public void actionPerformed(ActionEvent e) {
         if (LstUnallocs != null && LstUnallocs.size() > 0) {
-            if (runningOnImage) {
+            if (lockedImages.contains(currentImage)) {
                 JOptionPane.showMessageDialog(new Frame(), "Unallocated Space is already running on this Image. Please select a different Image.");
                 return;
             }
+            List<UnallocStruct> copyList = new ArrayList<UnallocStruct>(){{
+                addAll(LstUnallocs);
+            }};
             for (UnallocStruct u : LstUnallocs) {
-                String UnallocName = u.ImageName + "-Unalloc-" + u.ImageId + "-" + u.VolumeId + ".dat";
-                if (u.llf != null && u.llf.size() > 0 && !lockedVols.contains(UnallocName)) {                    
-                    //Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat
-                    File unalloc = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + UnallocName);
-                    if (unalloc.exists()) {
-                        int res = JOptionPane.showConfirmDialog(new Frame(), "The Unalloc File for this volume, " + UnallocName + " already exists, do you want to replace it?");
+                if (u.llf != null && u.llf.size() > 0 && !lockedVols.contains(u.getFileName())) {                    
+                    //Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat                    
+                    if (u.FileInstance.exists()) {
+                        int res = JOptionPane.showConfirmDialog(new Frame(), "The Unalloc File for this volume, " + u.getFileName() + " already exists, do you want to replace it?");
                         if (res == JOptionPane.YES_OPTION) {
-                            unalloc.delete();
+                            u.FileInstance.delete();
                         } else {
-                            return;
+                            copyList.remove(u);
                         }
                     }
-                    ExtractUnallocWorker uw = new ExtractUnallocWorker(unalloc, u);
-                    uw.execute();
+                    if (!isImage) {                        
+                        ExtractUnallocWorker uw = new ExtractUnallocWorker(u);
+                        uw.execute();
+                    }
                 } else {
                     logger.log(Level.WARNING, "Tried to get unallocated content from volume ID " + u.VolumeId + ", but its list of unallocated files was empty or null");
                 }
             }
+            if (isImage) {
+                ExtractUnallocWorker uw = new ExtractUnallocWorker(copyList);
+                uw.execute();
+            }
         }
 
     }
@@ -135,61 +143,99 @@ public final class ExtractUnallocAction extends AbstractAction {
      */
     private class ExtractUnallocWorker extends SwingWorker<Integer, Integer> {
         
-        private File path;
+
         private ProgressHandle progress;
         private boolean canceled = false;
-        private UnallocStruct us;
-    
+        private List<UnallocStruct> lus = new ArrayList<UnallocStruct>();
+        private File currentlyProcessing;
+        private int totalSizeinMegs;
 
-        ExtractUnallocWorker(File path, UnallocStruct us) {
-            this.path = path;
-            if(isImage){
-                runningOnImage = true;
+        ExtractUnallocWorker(UnallocStruct us) {
+            this.lus.add(us);
+            //Getting the total megs this worker is going to be doing
+            if (!lockedVols.contains(us.getFileName())) {
+                totalSizeinMegs = toMb(us.sizeInBytes());
+                lockedVols.add(us.getFileName());
+            }            
+            
+        }
+
+        ExtractUnallocWorker(List<UnallocStruct> lst) {
+            //Getting the total megs this worker is going to be doing
+            long totalBytes = 0;
+            for (UnallocStruct lu : lst) {
+                if (!lockedVols.contains(lu.getFileName())) {
+                    totalBytes += lu.sizeInBytes();
+                    lockedVols.add(lu.getFileName());
+                    this.lus.add(lu);
+                }
             }
-            lockedVols.add(path.getName());
-            this.us = us;
+            totalSizeinMegs = toMb(totalBytes);
+            lockedImages.add(currentImage);
+        }
+
+        
+        private int toMb(long bytes) {
+            if (bytes > 1024 && (bytes / 1024.0) <= Double.MAX_VALUE) {
+                double Mb = ((bytes / 1024.0)/1024.0);//Bytes -> Megabytes
+                if (((bytes / 1024.0)/1024.0) <= Integer.MAX_VALUE) { 
+                    return (int) Math.floor(Mb);
+                }
+            }
+            return 0;
         }
 
         @Override
         protected Integer doInBackground() {
             try {
-                progress = ProgressHandleFactory.createHandle("Extracting " + path.getName(), new Cancellable() {
+                progress = ProgressHandleFactory.createHandle("Extracting Unallocated Space", new Cancellable() {
                     @Override
                     public boolean cancel() {
-                        logger.log(Level.INFO, "Canceling extraction of Unalloc file " + path.getName());
+                        logger.log(Level.INFO, "Canceling extraction of unallocated space");
                         canceled = true;
                         if (progress != null) {
-                            progress.setDisplayName(path.getName() + " (Cancelling...)");
+                            progress.setDisplayName("Extracting Unallocated Space" + " (Cancelling...)");
                         }
                         return true;
                     }
-                });
-                FileOutputStream fos = new FileOutputStream(path);
+                });                
                 int MAX_BYTES = 8192;
-                byte[] buf = new byte[MAX_BYTES];    //read 8kb at a time
-                logger.log(Level.INFO, "Writing Unalloc file to " + path.getPath());
+                byte[] buf = new byte[MAX_BYTES];    //read 8kb at a time                         
+    
                 
-                progress.start(us.size());
-                int count = 0;
-                    for (LayoutFile f : us.getLayouts()) {
+                //Begin the actual File IO
+                progress.start(totalSizeinMegs);
+                int kbs = 0; //Each completion of the while loop adds one to kbs. 8kb * 128 = 1mb. 
+                int mbs = 0; //Increments every 128 kbs
+                for (UnallocStruct u : this.lus) {
+                    currentlyProcessing = u.getFile();
+                    logger.log(Level.INFO, "Writing Unalloc file to " + currentlyProcessing.getPath());
+                    FileOutputStream fos = new FileOutputStream(currentlyProcessing);
+                    int count = 1;
+                    for (LayoutFile f : u.getLayouts()) {
                         long offset = 0L;
                         while (offset != f.getSize() && !canceled) {
                             offset += f.read(buf, offset, MAX_BYTES);    //Offset + Bytes read
                             fos.write(buf);
+                            if (++kbs % 128 == 0) {
+                                mbs++;
+                                progress.progress("processing " + mbs + " of " + totalSizeinMegs + " MBs", mbs);
+                            }
                         }
-                        progress.progress("processing block " + ++count + "of " + us.size(), count);
+                        count++;
                     }
+                    fos.flush();
+                    fos.close();
+
+                    if (canceled) {
+                        u.getFile().delete();
+                        logger.log(Level.INFO, "Canceled extraction of " + u.getFile().getName() + " and deleted file");
+                    } else {
+                        logger.log(Level.INFO, "Finished writing unalloc file " + u.getFile().getPath());
+                    }
+                    lockedVols.remove(u.FileName);
+                }
                 progress.finish();
-                fos.flush();
-                fos.close();
-                
-                if(canceled){
-                   path.delete();
-                   logger.log(Level.INFO, "Canceled extraction of " + path.getName() + " and deleted file");
-                }
-                else{
-                    logger.log(Level.INFO, "Finished writing unalloc file " + path.getPath());
-                }
             } catch (IOException ioe) {
                 logger.log(Level.WARNING, "Could not create Unalloc File; error writing file", ioe);
                 return -1;
@@ -202,10 +248,8 @@ public final class ExtractUnallocAction extends AbstractAction {
         
         @Override
         protected void done(){
-            lockedVols.remove(path.getName());
-            if(++numDone == LstUnallocs.size()){
-                runningOnImage = false;
-                numDone = 0;
+            if(isImage){
+                lockedImages.remove(currentImage);
             }
         }
     }
@@ -358,7 +402,10 @@ public final class ExtractUnallocAction extends AbstractAction {
         private long VolumeId;
         private long ImageId;
         private String ImageName;
+        private String FileName;
+        private File FileInstance;
         
+       
         /**
          * Contingency constructor in event no VolumeSystem exists on an Image.
          * @param img Image file to be analyzed
@@ -368,6 +415,8 @@ public final class ExtractUnallocAction extends AbstractAction {
             this.VolumeId = 0;
             this.ImageId = img.getId();
             this.ImageName = img.getName();
+            this.FileName = this.ImageName + "-Unalloc-" + this.ImageId + "-" + 0 + ".dat";
+            this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName);
         }
 
         /**
@@ -384,6 +433,8 @@ public final class ExtractUnallocAction extends AbstractAction {
                 this.ImageName = "";
                 this.ImageId = 0;
             }
+            this.FileName = this.ImageName + "-Unalloc-" + this.ImageId + "-" + VolumeId + ".dat";
+            this.FileInstance = new File(Case.getCurrentCase().getCaseDirectory() + File.separator + "Export" + File.separator + this.FileName);
             this.llf = getUnallocFiles(volu);
             Collections.sort(llf, new SortObjId());
         }
@@ -392,6 +443,14 @@ public final class ExtractUnallocAction extends AbstractAction {
         int size() {
             return llf.size();
         }
+        
+        long sizeInBytes(){
+            long size = 0L;
+            for(LayoutFile f : llf){
+                size+= f.getSize();
+            }
+            return size;
+        }
         long getVolumeId(){
             return this.VolumeId;
         }
@@ -405,6 +464,14 @@ public final class ExtractUnallocAction extends AbstractAction {
             return this.llf;
         }
         
+        String getFileName(){
+            return this.FileName;
+        }
+        
+        File getFile(){
+            return this.FileInstance;
+        }
+        
         
         
     }

From c8f7803a3453c09fda6c8070fd413d8f54a1faf2 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Thu, 6 Dec 2012 10:36:01 -0500
Subject: [PATCH 06/27] Added documentation for Extracting Unallocated Space

---
 .../autopsy/casemodule/docs/hashDbMgmt.html   |   4 +-
 .../docs/corecomponents-idx.xml               |   1 +
 .../docs/corecomponents-map.xml               |   1 +
 .../docs/corecomponents-toc.xml               |   1 +
 .../docs/ExtractUnallocImage.png              | Bin 0 -> 10070 bytes
 .../directorytree/docs/directorytree-idx.xml  |   1 +
 .../directorytree/docs/directorytree-map.xml  |   3 +-
 .../directorytree/docs/unallocated-space.html |  53 ++++++++++++++++++
 8 files changed, 62 insertions(+), 2 deletions(-)
 create mode 100644 Core/src/org/sleuthkit/autopsy/directorytree/docs/ExtractUnallocImage.png
 create mode 100644 Core/src/org/sleuthkit/autopsy/directorytree/docs/unallocated-space.html

diff --git a/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html b/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html
index cd90748e39..e825d1642f 100644
--- a/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html
+++ b/Core/src/org/sleuthkit/autopsy/casemodule/docs/hashDbMgmt.html
@@ -29,6 +29,7 @@
     	    <li>EnCase: An EnCase hashset file.</li>
     	    <li>MD5sum: Output from running the md5, md5sum, or md5deep program on a set of files.</li>
     	    <li>NSRL: The format of the NSRL database.</li>
+            <li>HashKeeper: Hashset file conforming to the HashKeeper standard.</li> 
     	</ul>
 
     	<h2>NIST NSRL</h2>
@@ -49,7 +50,8 @@
             Autopsy needs an index of the hashset to actualy use a hash database.
             It can create the index if you import only the hashset. 
             When you select the database from within this window, it will tell you if the index needs to be created.
-            Autopsy uses the hash database management system from The Sleuth Kit. You can manually create an index using the 'hfind' command line tool or use can use Autopsy.
+            Autopsy uses the hash database management system from The Sleuth Kit. You can manually create an index using the 'hfind' command line tool or you can use Autopsy.
+            If you attempt proceed without indexing a database, Autopsy will offer to automatically produce an index for you.
         </p>
     	<p>
             You can also specify only the index file and not use the full hashset - the index file is sufficient to identify known files.
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-idx.xml b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-idx.xml
index e428c40e70..350f02129b 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-idx.xml
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-idx.xml
@@ -14,6 +14,7 @@ and open the template in the editor.
     <indexitem text="Image Details Window" target="org.sleuthkit.autopsy.directorytree.image-details"/>
     <indexitem text="Volume Details Window" target="org.sleuthkit.autopsy.directorytree.volume-details"/>
     <indexitem text="File System Details Window" target="org.sleuthkit.autopsy.directorytree.filesystem-details"/>
+    <indexitem text="Extracting Unallocated Space" target="org.sleuthkit.autopsy.directorytree.unallocated-space"/>
 
     <indexitem text="About File Search" target="org.sleuthkit.autopsy.filesearch.about"/>
     <indexitem text="How to Open File Search" target="org.sleuthkit.autopsy.filesearch.open-filesearch"/>
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-map.xml b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-map.xml
index deb30aa9e6..23534a81d2 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-map.xml
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-map.xml
@@ -9,6 +9,7 @@ and open the template in the editor.
     <mapID target="org.sleuthkit.autopsy.directorytree.image-details" url="nbdocs:/org/sleuthkit/autopsy/directorytree/docs/image-details.html"/>
     <mapID target="org.sleuthkit.autopsy.directorytree.volume-details" url="nbdocs:/org/sleuthkit/autopsy/directorytree/docs/volume-details.html"/>
     <mapID target="org.sleuthkit.autopsy.directorytree.filesystem-details" url="nbdocs:/org/sleuthkit/autopsy/directorytree/docs/filesystem-details.html"/>
+    <mapID target="org.sleuthkit.autopsy.directorytree.unallocated-space" url="nbdocs:/org/sleuthkit/autopsy/directorytree/docs/unallocated-space.html"/>
 
     <mapID target="org.sleuthkit.autopsy.filesearch.about" url="nbdocs:/org/sleuthkit/autopsy/filesearch/docs/filesearch-about.html"/>
     <mapID target="org.sleuthkit.autopsy.filesearch.open-filesearch" url="nbdocs:/org/sleuthkit/autopsy/filesearch/docs/open-filesearch.html"/>
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
index a3746f29f3..f204c293c3 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/docs/corecomponents-toc.xml
@@ -8,6 +8,7 @@
             <tocitem text="About Directory Tree" target="org.sleuthkit.autopsy.directorytree.about"/>
             <tocitem text="Image Details Window" target="org.sleuthkit.autopsy.directorytree.image-details"/>
             <tocitem text="Volume Details Window" target="org.sleuthkit.autopsy.directorytree.volume-details"/>
+            <tocitem text="Extracting Unallocated Space" target="org.sleuthkit.autopsy.directorytree.unallocated-space"/>
         </tocitem>
         <tocitem text="File Search">
             <tocitem text="About File Search" target="org.sleuthkit.autopsy.filesearch.about"/>
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/ExtractUnallocImage.png b/Core/src/org/sleuthkit/autopsy/directorytree/docs/ExtractUnallocImage.png
new file mode 100644
index 0000000000000000000000000000000000000000..3fc12e59d1851359c1120ea320344fd13aad51eb
GIT binary patch
literal 10070
zcmZX4WmsF$5-o({?!_%=an}|n0g6lU;!q$!k>Ul4JHd+;2o!hs;_g=5-HQ|}FWmd=
zd+$e*bG~HHp4n&CnwiXmtEnhpV~}GYARu6aL9!YM2#6u@>qImF{QY$#Su*?s(M3Z+
z8lilQ@&JDG%3A8Z6aqq3EasyrGW;Ih38d$OfPmBe@<Qx)EVMvCU^)WJN@;l*pJZY>
z5%s6}YkSVj&NdC{7R@vnmR}m3vNe4!{v5vbp${nXkl}*E?dMM=-2aP3GLh0RF3-Nd
zuP>BlAhm}{(65In#<K$$#Ql*BPw*@>PRHLu>^0UVE1nG_T~!IH$65A4T2|IUR$A7{
z@83ozYXWsqR?l}Wd)cS49nYC}Erl{%tn4<3wFvsOsO)M%prL>k|M!xZKajC7X`z*G
zejrZ(L@WX(;#?1=@}<6^80{H1H#dLYZ?0m6FOpQzr{xD`ihF)us9aLXh7d!(ta@6z
zxVWh3BTxjBNMdfsA-@9YcjW96s|RdRW3RRQKKR~7dmiNLE;vjpEDZ{JUA5KK)fvzG
zI?b)qYbchu47^<+dQnCL6D{tQ@Zr(fo{;eAWUb|Jvc%u@?xT5M;BsGVx|-2RDEW`6
zbv;yuHlI=~4u6sX4$Pns7^#Vm^P%RnPRA{x{lksGWHcqBK8IoB#NHGuv^H}}W5tfG
zOmLZbQ%tX2D;~_X8|OSCYBu16`uT|Zqum6+2JsWzRDRnj7^!t@ZSJPT!oTy-cT>@n
zo>%exZJF%fgo5bErLWo!r|6rvoPMmoiPrcY#52toX60kbI#WwVKbtT7re`dcWWW|P
zEPiIr{j~l<X#qP1uRu9naP$IPerEmd;kRAQbFGE5oP&deeP#FQySwe_ZP^O5KTu^s
zb&y^yubB#Y=|U6rZ|h7Z2Ht#AOc^ba73?Z!8^mcqIS7CvB8V##Dvo%*kf+*t(}{%J
z-FK#%A*@aep7Ey7B0@m3k!fR&06I%z{0eHL=7>Wj!DBdREcBp7&l0&;DEIlZwASvt
zP?<x>^yslY@bzizOL^<%5MEr5d|a(>2zah%^k3e}FTH&E3CgWK&k2UAaAZh;Q`{?g
zerwISj;~*5wZCxaUmeB7Jk&#;LLL1G+t1VLCPNXHt(|&i19F2q(6jdGPFS$zcoM|q
z0beKHoS(*|WIvFgoiqWd!C!CdDvZ3>d>cCM57$Gfn;(bX_{PB?Y)s{4<yZnQ&Zbx8
zKR&(mkH?lgaWnNQpX=+LBWKHTb;Z{wN3M=XC6hbFkhmUU@LxN9on}0p2okhu09~uv
z)bun`73}8bW^Qgy^QVf`>%;xYJcTQO*txZm5~dF_fEK08RFK9k2fhQ+Fo4bj90m)R
zWjy~h0r*`jiDs-Jm>%nv_rJfC{x*P`Lv-S~Vo(&&#=3~As(`tjf?R#f_=_*u`}Xub
zkigfMG+}VHyc~071^uu1*Y=jW>*X{)YXkkU9y4zVd(leISGu9d9BOJL0|hBF^Yf_O
z#U&*M4Um;#uIG#V6sxw&A^X1>f+u<lMWv<sRc1S_o|wkoC)lzYQf`W^3)1zH$!)M2
z>v3vfr}OLiwZ}nK2o<lzLfkXC-@`e+5YGL@1YJW4mr2v<x9D++hc0OEPPpuNZ=?y@
z8KD<Ac-i-25j6|B`hYP&U}M8y!uxPTJ;0+CY1hVDrGe_*9KhgDJfQ%Epmv$zpOM;w
z;S}vGQMbj>EBL9*vtC4C{05kMfu*L^{VwDVd%`unDZZOsKQuTlwYd$CMGF|r`JQhq
z3LLE&Xtxy~`hse&9@1)Pe|2t*#~K}zt`%U>+47a0IQgI7&2$%OiM!E|I{#cO_-=Bc
zFc56NtHQOt8a{9A4}Ww@iVRdcIWnQTTBVEiZu8}tZZwePYSSkskRrNxv3`^L@2R1k
zVV!>mqwk*29BH1mx5hO#Jq-|yU-|34|Kt*#;|UQLXfP}$Sy$(?r_@{*o)jd-)JNdp
z{!%Vv-F*cOq(6vMD(dj_viaBA+nG0-?(U=3c9DnMP^Q;*`cy}uqf@TeTIe&`wS!5@
z{%`_Q5b~`ZMFOuo^Uoj6u&DlmBDu`l86tf7Mub5c0ed)npN{Z$ok-PGO~r^pANlAw
z&Ud1yPHKMl99oF7A8j!!&TbPBSceb=U<4w2wX(24{dv7VQ6PXNDO0NhBCk@ukZ6^E
zFlul8v>REI%&EuYc)I!Jx%zyNby`Qe4B4+Kq`{2<ksK>F#6P@I@E!vNqKx=#S=_>H
z<C0Y}9qJ|V{j;yW^?4XKe!Ny?9yXU@7oZq~!JmW-Y|76g+RJ^UudA}+`-rxwz-{u)
zrxClVpr8-w+U=oats-E{vE%wQqhZbWDxP__y=4LuEK2m_Lpwn?vXcga>I@%%jG&)K
z*fJCi-|DBw<3XZqClkH$x+Sq#67M0So4Y%;m>*?v@;(+zAjv>GvQ|9NjMAoy`V>}^
z_zI_ya==54!x1F4PKujC@CQMh&DfHQ>BFB4&x(#4LE3|z6ywZ`E*c**aI?^M0Pt;`
zh5sNfI9avlRat<PB>!6?s<sq(<oQS2P4cSBpA8!51rC@}zqv6CWR6`=`B%`_0a>ZG
z`}LUrXOAQ8;go)1)x&q}Sa;2^)keg=#yIO~J3(_}Ph>uvVnXWH3yUT+AM3{uPXe2&
z15*Gq@8mR+s{B<y5lTwLy<+Q{tktJ<I;g{8m4`x!;2!i?mW!|oD60{-;a~l`;eT!(
z_ezxx@rzD}ZrMBHJJZtkD#-ZT1^2TEht*mtY6Y+BB%zP9gzJ+Pe%E%f3XB2d@>uDz
zF|L#oW|+Wun#IwxD1Uygk<y$&h5kF*1|g_TbQtUy7tLO(p5sRZOww3mVh_5wxVT}7
z?;-5{>yZ)ee8K+s$Ns9XG61iCZGjxy1gyt0zO4T~RiO4PZE0ERR;nHymgTXUXGQ>^
zm$Yq0f`)FKI`3;75w(HHmr%e3W)PQ=A~7j$;1>lyr<EV3GG~q6+xyTe!gU9N1qjQ(
zjk<Z`+enjTT<-fFuKqQbaf$OlPWtdOHDTxB|8wjbOoiej1CWlVv2@3F%fIJh@==Z6
zGlkC~?-XKMQCGjTY{j(5$F_gj9*EDAj}CNuv%-(+fuJ$kuU>)H2BS41wL~p|yGEiq
z7x?+$UVNJ_Ky^V>tY!VZ&|mQ{oPHb9)opEr|AH#EE`)vPp+ORff1qZTy<Q|&o7EqP
zjGA+U2Ai_{GWAOafB)e26;L<inai<yvGCd}H%0f0G5s`NQVP*dq1DmUg_g#~lsTgT
zBWr;m`}y&)o+L3i?FQ-*Bxho7@tSHMbhtl}K_$clu9nwe_m;u1)2V?!T6&7|U^Vq^
z&{XJ`V4egdt<(fjyH6IQEiB;DG?O%e&|GWL@GV-jZs0DFuc#GC8-2NPap-BIPLUw}
z`7yfze2>Wo_R0CzWY{$UK)ym4Unkm>%>#}}2xH(yX3Q(jc1?A&*sDgma1lrbz3W#G
zf;5G7lX;Pk$*9CS6=rZt<OB^db8_uz!vQ_`S3I!>rxAXyge~a$#d|MxT~+(#F{r@>
z)b2&<Cqyl<JmVt+gZ$U~I%JPcp5<)N+*`e=LVRky!vnB1`I&{rLr~&s4&v#0>923r
zR9CvFpXKEIN=|kup{2IT;q<z|LAkI(X(_dEDFPF&SfH;s{_EU^#B?Wcg?2IMk|s(o
z$$!UX>%3CZdJoy-lO&fv&|{1ui^9Lxt)p@K(m2B>Jrh*SNsO<EL~uSpH?qOL7iST<
zG$HccX><2xxb+XI5FyQX(rwXR!udCTXq_m7S15>CNlGMYavJ1sBOg6T6^G^*R%YGy
zC-%srI^O|^(t?kX5^;QP(#*_14DH9LsmCLLXY;phRA|F}IR`DPt(t&Zjj$k<g%MV5
z=QQrtQPt&rtkD=+_vZeP+B)BMW6nY#TI=3aXIDMU4t|zJI0wpE*^N%^Ri=AV14-Vn
zJFVdZzA|gmZ(mh1?C&1W<B_ucmVF8bOZ>VU=;-~4eOE30QA5)1n1^XM#K(Zp*Wi2B
z8pS$iilmf8h_!RZ-gTrONc+e4t`}F?_D!x_XD~6Z{%LJD8bKwnlPz$vs@uR(@2&Y%
zj(g-jGXp6L`8K@DDmHgah|DV@8~zG4DlBf>FiLXdNAiS{S+4S3FwpN%+oKz`Lf8kh
zke-!&V&G`wk7@*;MuEnl?0o-&x%bf*-$f!j`-Rm?JDHPY0Wm=x$Wr5{hl1PmoBkN8
zx9ge}gFpt^9^PQ?K}SxeVBqxl5Gv4ly6pS`_=(*HE)=|K9UmIg0P~5)8(FQ-F&j_5
z#o<4-T{Ku)sKl&)s><}X6FU3dT>tssSuFL140Lz1^VKMpJ_8iPt8%?p!4!Uu!N}j0
z_rZqy0NuiN_oaYX^XRIwDypL|4#ss3zIVxPI|f4Kiv}GJ3;56H^?fjndp><pLLm+;
z%fC`{S@=oS&sZtA#u`MK1V=0u|J4W`Q}j}xYYSvB$FWpnIr{U#F8yXs;IzzPu>tk%
z?fhBc(m$!4z?2xF2QM%%YgAlqn|igr-T7@mPh1!=eTJDhm#hXIu3W483uNHxVI4Gi
zR6S4ptooKcBQygElANmlei=K*xqQCbnwef4L-o%tgl%V5v~pL6OHQM;jlmt}ee%!3
z^4nqkXUFQ+@`tuQKR4|{M2<LgOv!hlt2n-IDS?9z?55GrwRW$59uSmzLNf`D4^HkG
zR<ISk#hSemz_VpPf8r9TNcFw{|5jRB`{PdN7p2sCeXY)GX*iO;^!Xy~jKo;BxA~N!
z5#e?2S}PgCj$lOO)iSpylh&AjQUiORv~Q=}QY57c0|9RTN>?}3yvb?LJX6UMp*U+v
z)zA$lp8$|mBV4)f|Jk5r-7l2!#Kjbjo0&{fTN7<b_&MI^%~dd?orCfs8IS3O3vw%X
zc%ww)UEfaTw7R)7sy6g_KWH8nt0C#r%8;NDg5$C0r3=I4G<2&Qo_wTzkM<SoYx}(K
z|MyS)SE(0!IJ~kM@5veRa<IYStAFo;?&nsM#AnG>Z+^bk);3SOvNhKYQj0VZ%juJv
zrm&HVdFM+Zx$`Y+zvQ=!q}F_dbHPquQmFHn$K&03KLu}cE0U$-<1fwb=)6pIZmFB3
z<Xbv&ygwg=^4{Q6|CfB@k-!d_=+_*6Z#^%S#V1qDv}{-Q?@(}e+5uAIZY)^E*+Zxj
z@s2-RQB*W2Lbs9=(x<rp+!50)Q%yc4K}>~D;)}*)<ab@a$^?hQ_I;E2KaI4MLf3oT
zjrJwx)6~`$$Cy<!!cF#-c#4Zp=i|4_mvw3Pn{a}qt~Kv|FkhY|&Ub<Xl|FZmEOJ94
z_8k6ik<SpUHi_DB1OBn$du)M<Fbv9Dh@`6?W15iMUm!$>iBPbYVlWZ5=gSa$4IM**
ziV_?e7+7ES9Q+MlCCXDgljkXJz3_DS-6#M4hnb=J#b5k6Gdk@(QT~kwB@|-fXoI=<
z5Avi0tN|5aC?~EOuBJ5~0JK|$@&Ag>63J@l@~{K-k1t_6Jm-2*pT7p5=ntrWo>=`@
z?wL$*a`>UH*OKo<hhEo|e5ldA&6HSPX?e-920E$V{^|Ws1<dF-)oTjs-uw??*h<lT
zhEy(gJ?}RiX}o*3TuaQkg+R;sISrv9Fn*t8eijtrW)?Q5Wf=pQ9%G5pDCvg%+1%l%
zd5vP%n^vZ3N>5~z@d!L{BBce3bblb#<-va7qp$_?>x`<rnN6yLKx$ARd!p!ye~A1^
z?ffOsEH+g}ivko>>0>Ug_1i$3M+G&)y~^ToCK)kU&uQteT?|hqZ7-i4wyfy3t(`=f
zh1RIhEG^MD?z9^`vNltdZj1_*AaALJ(r4l88;@o36P-_eK@^`J90!k{=egq(QB0<U
zgXN|K8k7rMFXc5zsue%Y_gN;pS|q_dHy-0$>lxrUI#Q;7M|F1ko~O9>-<9D=xgkTK
zAh{clPA6w+<bm8gUb?66WMh84dqm<AQT4qM+vgdxOvupEk&%9GgW*JKkDji!Y!)k{
z_G0{IT1)gWzHu0Y=1F!%N02O!jCS3QvHjC<NR-Nk<z<`n1a-V=uWtYM83?v%LPnqS
zJ0r*0Ys+X}UtwjS+%Dtw^=$%noa}8|d}44Zl%D=Vj}e>2lfGz6+R@Hi+E;8TUVM(=
z>=4XTd<D^R)HN<=D9WI;Ku&$~qLTbBx#iN^jB<oF%cP;QGf1pw9nQ9CSG8yk*L3y+
z0>>W3R{oG2b(}@2kq2F$<tYkHF>DCJQW>5{cB(_L@ZLgl!!p7Pd7hfI8>3vsUc<Y8
z>%CO$-;8pBkwe|`Co(T@8^Q*D!z_Lk#4Cgl2t`NG$~u~q299Nt#b<`eVIp8NV`yvq
z%&d2TL{591J21AsXZ#lSLIe>g5(eXJp$uEewF#=iV;I~I{$=o!l9Z%ila<-3>0Nvd
z${MPRNS4Hl$WXdbD!$T`B}V_0V|J`Enfm#O;L5o~DBUh9g-t_j%|qsd(|6OVM&nNT
zkE%X?UVxy?oMKGz!HLsCP=~Un#xnJk)dtm!zEV`5Vdg08#(>qHK!l~8p=&yaleA6;
zH%Q1)Mn=QJSi@jRq&gr)_SUx*R#>BWsSbRQjWLZ&Cc}|l;wLEo+S><RXUdFWo@wAa
z8Qj&p7_*2_&v$#TU!L8r(>-)0kGCM=i|21{Enbx>-o#&j=xTW8;|60~RGU$}Xyoa=
z`jL;_EEdMISA8NhKKqSJEx0^RTjlmne_uDshbq&3G8r#eev*R0rm_qU(9c!j)6ETN
zJNE~CX_!CD1nLM)+n&t(KE)sqeZGV0h>q$ytU^*qs#6YTsh_OSvEQ_c=78VZp+OS1
z`kJyK`UKKJkxyQqQ$dQ|JK!xM$#Lfz1n7Rd2|H_7DReRR6KAAygf7b@ftJ3tYy=Ds
z^mA+oF(-iP&eKvGJM14U?3fzPh6Am@2s-zE3b49Wl0}VNb>W7evw3o#WhNUA_{6A<
z<09zZy;;I@TdS2J?Iqv{V`@F++D!1d(JdE*Ikcd)u5YG^b?tx5sipiso&tVof{Bl^
zp*NsHri$v}@qs{<`YoBGD(oc~jR8cVH$hJ6^i>X9d{^q_xz3SY`$nb$VsI#IF;)>N
zwe*P(v7sN7j=5e1e#`S4#s?n?%3_n%AzZoapXB5_DRuAs(p+Yj>|Tnys;O@xJ=JVg
za<e--6(c+g*@ON!-Z8NwJi!%O*@z=pDS$^(?1KLpNi9;47XEk&J$B?|`BJ4IsWs4j
z8Yo2mkuBqh>mcI)BM)asg55uoX`@TZ260v{;eUlpdZ?3R?o0jp+leCxPISVwlkg%s
zV%0jly>GxK4Ag}f{*uF5bl2grNdq_hWnWS^c$kbP|HD~g5%yGFQ}buxVhiC4&n=g&
zR&tjeUeQs0G0q)kE80Qej!YYgevhK|3Y97?v9U*SpV6{BFK^f9rKp`c*CS$OGBHoC
zR{RXBf`e|=d6*N*Mk^Pl9x-f|bE7L?mrN!&hyP|;<KR<Lr!GOA9)==Ymu=dYw$Ejo
z`ndvpHb~#T(`O8iGjkM!G`5xGRmU}Sz~2R?T7{jN5cr;egPmn9A0|D)iyw1sD&@f-
ziFxxNB`m)(kzL8yq@>_(7#1!1qMo6K#t1=jS?{f)FY^9MTng3!ij{Wse>2{Fc*eV}
z#|Rch*sFaX*A=}G$n=?SJRAdj{A1pm=8I&RYB3!v0}{6n&{mc$GG2AsFbr51lb2l<
z0jrc`s0baWOH<Ng+z`zOUw(|Y*wu?b0|O8y<MVNgG0ruwlpS0vZGXl|Kav`ij-=i@
z^YQpSPBV<?s$`aGc8;D3n?fKzZBc&q+UIP&N;%>^-0rAb0wM5En~@}xk{sOdL|So|
zIE>6_F94ZmgtfPyac_(p7kOTZTgU{zs88a#AH<jzC0YWTbm|}BAdTOKp-~0gf1qE(
z$fG7^yiaL<ou9z>qYDcp6QMxBcY~E_e=8J{Ci3+Uo|S-R+=Zt4ZgZ`X!Yh#LtW#9c
zDj9DzsOKIGF@_eb@i&$IGA^j!gm8WeUrBYhLZaQ6FM`{A9*-^&jyY+WBraSsgJtM)
z04YPNuPE(Z`8=w`%S<ot*zk{{zz@2#z(A$dr9`m5E!x1DS0%|}?;MMnfw|m?fGyZB
zOm$>tu_*0~QY9WI+v_Px!8GlLCcusAskyHJ^y5X#rXrgvjDQ*5Kyydf4(_lJWatGS
zfOPnOS`1_fh2FYaM4P&UQWa+98>uu3{F?TY=z1{?6pl4j0GjzIV%jyvc!YepgnW><
zb_gq^s`Q#lbl`Ia8anL>lV{!@BDuO^&`{79!rU=9%!@oUe^2+uDlRf{#n=YlnUqIs
z#yp222~(K?4>aFhJf9F-TA@XbbqJg4cR0BZj);(jo%=<wc=c{7=f!Uc3FMFtsCWn0
zHQv2#ElN8qi*(Q6tWQVFq`S%6*D9iCO=$z7E?%<0QFOa@ec)iX+5PXV_}WhbWFK7p
zzN4G0Lg3d1&wKO!Rwu9C!&<~Hl1>3i8l8oV&JP1l{N2ssx9IU@o`EGyJbYuf>s+ap
z1Oge80KV4IwBg>F+6_j=D>6>`BwupOAu3XGv-v?N8@zhhpZrl=$ONJGji!O<9i}#^
zb3`-m$h%<V62t9g;9|Xv4+RaC@d$m~m2R@s$)1CQ{kGqex(+Wsk<UC-84Gm^S5L%T
zzaylO9=#2Q7oUOzx;*0gE1?hnuS!i0y6tZdfvnQ2ODbz@_!G$hEgKv1?!_zNa0j*l
zJJn50vV{~R5qeO7c0ewS_(W6&l=M{7mn!LVCH`E-A9h-Q5XO_cIYz_8`v?raPw;wY
z&>I{EH1WwxNt|qt8T!)&IH0wC3i+-piyYGuEjp(p>aweBWMq_N{1NpZa4aD<#X`xW
z;8{J-*XGOuD=`o>6v^`~dZZ9}N{V28Kew>c*#vm9(sEn$GwZvk+u`#*vU`DY8UXbv
zzNa0lj~POVrzH)vtgXnqY<<zXyvdR`KY<H+cyvVLu^!;CRR8`vzwPGt1qCY7_3<);
z20*&|+3E>}QnjR(QE`*PmE)0-&Wc?%6*KzmdR+Y$-iSa99rV&{<Rb&$rvU!=nfWzU
zK}mv@Te+!j+;^?E(@Y-oSaGhiVs_=J2H2p(voln!XmSAzcb~2$D|-4Z6C?>`FZu`k
zXc;wrrUNX#>Hr(sVx~}+Qd%hQ;=H=2@dsL8;EJFhdJAGI8Z=0R8r|;ZWJ$<%Uu|Kn
z$%VPoX0s=}k|wg3Nj0n0YLwiB3#_^TBDtRk=mJJqYRK7`;BzT%;lvA!(ME=C(?_9E
z;DbGRtSaNl>LkB|KG}&W2%f_OZ$-*0M20ZyHMe=At^U|-3GbVuiVhsH?oeFRc`$vl
zY-{?jnqq8vJ<w+0vS{G`vC5LAaAM2H2n?_?fqxkEc!Km+#u!tMU+}7A%XkeJdNA^^
zV(!Byk|%ozA_Vu30zkPBydc0;ZGAnwU%_eI>M@xsSIO`YN#P81&3f%qRbU%P^qBuG
zI(v(Dje&^3oR{z2u8oJdG?2$u*OKq+Ag){v?D61IVzn;UY^jUxN1WP+%S-`T=pzT3
zi3Tw^QK6C{9N4hO$jAf<0vGf%pgEEflTi~U3`{0l&!ukc>~<sRNkX@~KI!)-SS#Md
zZ!5PJFp^bG;of00$U?J&dGCBhK^i`sU~I4mNjy%Sh@K>Y*nMg1n8l*`(`ZG)FGd_b
z0w}u940khE8F+0&SEy>&{XFwv?3FE4L>VM!U%&vh2x`(&;@G0cAn(-gU-f&FcPeSj
z4oui~p3TI8E|{`BUkSEv?M7Ch#rOPlu?WfbIKXsVQ!poLKto+RS)d!OfaGS5`Nt_q
zk+p(J5~6Aq>QP=-F&ShTj-#N>VP4dI(2;jt)h&(yu9>0$BqStIaj6qQuPTvyBtOXS
z`6q_sf$vklY^PcAEqBMcp#+_Ps+WO&mJTK!&gjJsgHt2ZWF~zB)JH48P%*1R{@*>t
zb-8PO4P7W6%zL+v#;enGZ%BVc0Li$}S*B-aXIEEo0#05!OEU-mZ)Yh4gwa3~X53O2
zXBsU_qN<EJ(CAW7Q6E$U*r4nmRe~x&Z$DA49#1c!3|o-bSpvXFK2>o}Ex9m3Z6G$t
zk<oyZxGu#4Q@@6f%V5v66&qq@mHyX*9kENke+9tb<(crZ9K^e+-z7km7M|`BtlURz
zF6@xjFNjF=FC-NGGvfgRk)|9pDkZTDKkLi26%u#^AakrNTYDAEqias;?W#u`6c210
z!=P#@&9VvZy`B)FS)DTyu&cKz+p#fG?7bMKol&A9GxbQ9iYQv1L(tE={+6j0+vv&0
zQ1fwI8%}eTq0GQFC<`r9k&|SETrh0;^n_D$U>U++&&mHnXH!Z5%3loec=P8hv<PNM
zPyr}uFo<3y=9nQmCmNuYDDxk({D?Fsd39fEjfg0#v2VnnTCFI`6rGcfNW2>j&&Ysh
zjPO=)08OoVe@va-ypEQZ{c<Dz+d&-4Pyj%kmQ}%o>DN5ukJZRW892AN#wGSmFLjc8
z*iiT#XY-hc+zjd29-R5zid7>a$H*Weasl<4VrYL9olB!VkVgcPgKxRxUaKtsFB+i&
z{%W!3S0HHFx`?3&XUr6K1{@mH+v~ZxT@NL_xjp{v0^)L_j8J6{zlNlaC<OGiGDX43
zH6}coT?<n-6nOq^{ntQ0wfAu_sWHO14ZJ&k&TJsr*{@WcLH;n@aP!61p@@NsmLYsO
zDlu`+Rs`xm&<2yH3h`J;M$VO)8cbl`a6XwW(Up0$`S*Ai*Xs~&+-V-D`WNGsMZAS~
z(^}T+&Un!&VsMvFqu!WcIH)TpoCHoDarL9|+5|Bk7D=z>IwKjl6};~ce%hj;UouJ^
z8l0yWsAl7s1o+#thc_$LBM=V4EXF68z5)AL1AYePWcvRny9LpJ`O{#^I^d7kBa=9k
z!fKkDH6MQk3a$ANy0g7`W4Z#nUHeKyu->IhOS{8Z6#$&i9#`fD(}fS>q|EX+h5;$#
zY~a-1V+BbVWJ50%@%eksob3a6!=%m?e%$(Wv*bjHfd--*9N+-&+L3$N57tr@F_@MK
zF`?(*C{cCzfyXS;W&e{|%Z9?n-#xb$6`_+b+^KO@*7!cS{|y54=lJ`xL!)+LM;M_t
zI@r}{{&&o2tCLMs?7F$g^<*94VK`aWF<XffR%VFAbpOfcr=&Ez#u<HYep_=({b8ZS
z>&=5A^5EwS)1#vT^=YYq`8<jN0@2aYc-)sPFEO`Gp}9k?tF?P0i79)umo81^-DqSb
zuM#;%Zi(n9$(Aiyr6dt3u+;vXI$W0Czd;g9voY8^r57~iY_UTVnUr+!yIziwjnf7k
zLaFzdS1f86nI|ZKDH{YFVPoCWmltrxO#H_{&ly*1eY0(iuU#e>czztmfrkvWkY^b3
zN2ZsCqQ<8VW*o?%H_{Hl3VtTee*NHNU=*Zx5j2i#S3U3!)qMa7VRq*`a&-uBkO+Vr
zT)ZC##KGYCMJa`1@V2CsW2Yp5-YYjPc<uON<iMf{zkcDf{~vUhU~~r;2NqNBt}4m7
zIN%_8n4}T2I*PoZxF`@^x3SJ!l}SUkhI#n?W(xD<=gLXLMiQ^T*W#%-Blq$*KJ$R5
z4OgETXbH&x`F|3a$wXGotP6HHq@hv6mQ`VK76$BtI4CIE<)BNwtR56W0DXd5;I;VG
zAxGEml$7od8s%mT2`5AF)sqONY4C*O^*8_!25eBF|JVCI6yY{9-F#C%<+QSejfkjz
zFq2Gr6QDf;VCF=(&z$Bh2E->0=46*N*MtB)xemgavtCPhT}i~gbGnUEQ26IOv@-37
znQegzM|Xg@Bve*#xUd!2##hb9D%w$v<MqmQ|1-mtkaslIIcf`uK*#s6GWkB!O(Z#{
z1Uzt4M6`1K8x3Io#ez_!)#dged{AZYB&ma@-7%})!K-`Ww-D}sSwo}-xe*3Ulnhy@
zNf1|Ov1)tDZ7U{ag?1flzxKnK{*GM!A|^hD;KQE@8C+~Kcvrq87B`*8bDyw-?B=*z
zrvKSzAWW?GJs0izH(**&J=9{O3g}7CT#z^AW!czVOBAoQo`=sx!ybnU3baRr<L*x-
zt_el+Bl3By-~FS^3y;v!LizW4IulVsevJ$_$$iVt066ZAO|ACKdi?tPfyh4D(Oe9F
z^>Sxgv-<7#=qLab4g=*}<VyrFoIKk$LMR~L`FD5wnU^mgzrCXrczpNoOsMkdp(neW
z89oew$OO^xL!ia!MmCrtP+tTxG;yZfE=`%LcGwj#a#PZw1_}#IO0b2$%#U=Fgpq?G
z2Q1*)^d}%6@Z)IP?drn{oM(TQSWV$g#b#%4+xHvD2)5p5M`nMkkfi;QV!@92(cmyh
zj^Joac$spwsj4Q5NpUiR{cQkc=52U^x91V#juUEs!A?4IwLeVqfF(eHK|bp5TtoYH
zTYLkKm;G_9l{lK%JC?RRR6=>b=e_QVrkl0(H+Uc<Ft7@WOhX5~vdzqb7a+4I(LjZX
zAtbQ=^%x#0J?mNsZoQBXrff9q$BWd475AlCU6ZE-Vtv~16-cTm;*0C7gXk03Loi*L
zcDnErRC2@9dB(Ri40-SM8u4{mzn{DRH9`@{Mdr1I``A=j!>U&=v994Y*Ynl*yJj50
zg{FJ&`A%m07mj-s#%SA)-i_1G`S-n-N4l`QnhnbmNYS=BNO_{vzNKel^V{#;ySalA
zNB2^X5Ng1H#h%oPO~5$^9xHUpoAaO`9n!p9<1a}q&c=GtD7uXGGKb}V`+=4Ib>eHa
zU$WcTtL+zk6sX=Lc&}fBFs!5!<uQq1$h^ToGIQyW!QVC3N<cs(P7j6%ReltYItm9j
zH+vi_aL@xRNv5nI!rhE-jI2+~j%k4bHm$?GewnU8whU0F1NSKrkc*xWVjk9S^yVU?
z6vIWr_D|e$^79{h!uOAQ$tM9e0eBp6S@|c&FyBoDM#isA$JGme#&4Mk=*ZEuU&d(E
z^=UOh5trmY%3ZLrUE1$wyUqP-4ip;L|MdyQXz9o=Bb4I6=d#dx0nfNJwTg>#=e=d{
QSvUl+oQiC@^vA&e0n?%#<NyEw

literal 0
HcmV?d00001

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-idx.xml b/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-idx.xml
index 7d897a7c0d..02ea31466a 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-idx.xml
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-idx.xml
@@ -9,4 +9,5 @@ and open the template in the editor.
     <indexitem text="Image Details Window" target="org.sleuthkit.autopsy.directorytree.image-details"/>
     <indexitem text="Volume Details Window" target="org.sleuthkit.autopsy.directorytree.volume-details"/>
     <indexitem text="File System Details Window" target="org.sleuthkit.autopsy.directorytree.filesystem-details"/>
+    <indexitem text="Unallocated Space" target="org.sleuthkit.autopsy.directorytree.unallocated-space"/>
 </index>
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-map.xml b/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-map.xml
index 64eefae2b2..b87ebd13f8 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-map.xml
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/docs/directorytree-map.xml
@@ -9,5 +9,6 @@ and open the template in the editor.
     <mapID target="org.sleuthkit.autopsy.directorytree.how-to-use-directorytree" url="how-to-use-directorytree.html"/>
     <mapID target="org.sleuthkit.autopsy.directorytree.image-details" url="image-details.html"/>
     <mapID target="org.sleuthkit.autopsy.directorytree.volume-details" url="volume-details.html"/>
-    <mapID target="org.sleuthkit.autopsy.directorytree.filesystem-details" url="filesystem-details.html"/>
+    <mapID target="org.sleuthkit.autopsy.directorytree.filesystem-details" url="filesystemm-details.html"/>
+    <mapID target="org.sleuthkit.autopsy.directorytree.unallocated-space" url="unallocated-space.html"/>
 </map>
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/docs/unallocated-space.html b/Core/src/org/sleuthkit/autopsy/directorytree/docs/unallocated-space.html
new file mode 100644
index 0000000000..d8d03299cd
--- /dev/null
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/docs/unallocated-space.html
@@ -0,0 +1,53 @@
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+    <head>
+        <title>Extracting Unallocated Space</title>
+        <link rel="stylesheet" href="nbdocs:/org/sleuthkit/autopsy/core/docs/ide.css" type="text/css">
+        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+    </head>
+    <body>
+        <h2>Extracting Unallocated Space</h2>
+        <p>
+            Unallocated space are chunks of the file system that is currently not being used for anything. 
+            Unallocated space can store deleted files and other interesting artifacts. On the actual image,
+            Unallocated space is stored in blocks with distinct locations on the system. However, because
+            of the way various carving tools work, it is more ideal to feed them a single, large unallocated
+            file.  
+            
+            Autopsy provides access to both methods of looking at unallocated space. 
+        </p>
+        <ul>
+            <li><strong>Individual Blocks</strong>
+                Underneath a volume, there is a folder named Unalloc. This folder contains all the individual unallocated blocks as the image is storing them.
+                You can right click and extract them the same way you can extract any other type of file in the Directory Tree.
+            </li>
+            <li><strong>Single Files</strong>
+                There are two ways to extract unallocated space as a single file. Right clicking on a volume and selecting "Extract Unallocated Space as Single File"
+                will concatenate all the unallocated files into a single, continuous file for the volume. 
+                The second way is to right click on an image, and select "Extract Unallocated Space to Single Files". This option will extract one single file for each
+                volume in the image.
+                
+                Progress on extraction is sent to the progress bar in the bottom right. Progress is based on number of files concatenated. 
+                
+                These files are stored in the Export folder under the case directory. 
+                Files are named according to ImageName-Unalloc-ImageObjectID-VolumeID.dat
+                This naming scheme ensures that no duplicate file names will occur even if an there are two images with the same name in a case. 
+            </li>
+        </ul>
+       
+        <p>Below is where to find the single file extraction option</p>
+        <img src="ExtractUnallocImage.png" alt="Extracting Unallocated Space from an Image" />
+    </body>
+</html>
+<!--
+    Tip: to create a link which will open in an external web browser, try:
+    <object classid="java:org.netbeans.modules.javahelp.BrowserDisplayer">
+        <param name="content" value="http://www.netbeans.org/">
+        <param name="text" value="<html><u>http://www.netbeans.org/</u></html>">
+        <param name="textFontSize" value="medium">
+        <param name="textColor" value="blue">
+    </object>
+    To create a link to a help set from another module, you need to know the code name base and path, e.g.:
+    <a href="nbdocs://org.netbeans.modules.usersguide/org/netbeans/modules/usersguide/configure/configure_options.html">Using the Options Window</a>
+    (This link will behave sanely if that module is disabled or missing.)
+!-->
\ No newline at end of file

From a69955d422f0ae20dafe4ae47e648282eb425919 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Thu, 6 Dec 2012 10:47:11 -0500
Subject: [PATCH 07/27] Added dialog to indicate when extraction of unallocated
 space finishes.

---
 .../sleuthkit/autopsy/directorytree/ExtractUnallocAction.java    | 1 +
 1 file changed, 1 insertion(+)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index bdef2a4a31..0c4ef68fe7 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -251,6 +251,7 @@ public final class ExtractUnallocAction extends AbstractAction {
             if(isImage){
                 lockedImages.remove(currentImage);
             }
+            JOptionPane.showMessageDialog(new Frame(), "Extraction of unallocated space has completed.");
         }
     }
     

From 571037fd07364989dee6533c95f4c75c7ddcaeb7 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Thu, 6 Dec 2012 11:19:08 -0500
Subject: [PATCH 08/27] Completion message shows folder that unallocated space
 was extracted to.

---
 .../autopsy/directorytree/ExtractUnallocAction.java       | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index 0c4ef68fe7..7e1a9da95b 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -18,6 +18,7 @@
  */
 package org.sleuthkit.autopsy.directorytree;
 
+import java.awt.Component;
 import java.awt.Frame;
 import java.awt.event.ActionEvent;
 import java.io.File;
@@ -29,6 +30,7 @@ import java.util.Comparator;
 import java.util.List;
 import java.util.logging.Level;
 import javax.swing.AbstractAction;
+import javax.swing.JFileChooser;
 import javax.swing.JOptionPane;
 import javax.swing.SwingWorker;
 import org.netbeans.api.progress.ProgressHandle;
@@ -95,6 +97,7 @@ public final class ExtractUnallocAction extends AbstractAction {
             List<UnallocStruct> copyList = new ArrayList<UnallocStruct>(){{
                 addAll(LstUnallocs);
             }};
+            
             for (UnallocStruct u : LstUnallocs) {
                 if (u.llf != null && u.llf.size() > 0 && !lockedVols.contains(u.getFileName())) {                    
                     //Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat                    
@@ -156,8 +159,7 @@ public final class ExtractUnallocAction extends AbstractAction {
             if (!lockedVols.contains(us.getFileName())) {
                 totalSizeinMegs = toMb(us.sizeInBytes());
                 lockedVols.add(us.getFileName());
-            }            
-            
+            } 
         }
 
         ExtractUnallocWorker(List<UnallocStruct> lst) {
@@ -251,7 +253,7 @@ public final class ExtractUnallocAction extends AbstractAction {
             if(isImage){
                 lockedImages.remove(currentImage);
             }
-            JOptionPane.showMessageDialog(new Frame(), "Extraction of unallocated space has completed.");
+            JOptionPane.showMessageDialog(new Frame(), "Completed extraction of unallocated space. Files were extracted to " + lus.get(0).getFile().getParent());
         }
     }
     

From 409bd98ef35c181a9bf03ae69350031c75f1e54b Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 12:50:49 -0500
Subject: [PATCH 09/27] news update

---
 NEWS.txt | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/NEWS.txt b/NEWS.txt
index d1c77494a3..f077bdaebd 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -1,14 +1,14 @@
----------------- VERSION Current (development) --------------
+---------------- VERSION 3.0.2 --------------
 
 New features:
+- Extraction of all unallocated blocks as a single file
+- Results bookmarks
 - Hashkeeper hash database support
-- Extraction of all unallocated blocks (from volume, image) as a single file
-- Result bookmarks
 
 Improvements:
 - File Ingest: minimized file queuing time and memory usage
 - Add Image Wizard - better work-flow, better device size reporting, info on currently processed directory
-- Reporting improvements: reorganized columns, sorted by 1st column, added logo to html report, better styling
+- Reporting: reorganized columns, sorted by 1st column, added logo, better styling
 
 Bugfixes:
 - fixed periodic keyword search during ingest, when it'd run max. 2 times only

From e1b1ee9a9649e96d3bf49aa570a698ee03b81c05 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 13:02:48 -0500
Subject: [PATCH 10/27] updates after datamodel API naming changes

---
 .../autopsy/corecomponents/DataContentViewerMedia.java |  2 +-
 .../autopsy/datamodel/AbstractContentChildren.java     |  4 ++--
 .../autopsy/datamodel/AbstractFsContentNode.java       |  4 ++--
 .../autopsy/datamodel/ContentHierarchyVisitor.java     |  4 ++--
 .../autopsy/datamodel/ContentIdHierarchyVisitor.java   |  4 ++--
 .../org/sleuthkit/autopsy/datamodel/ContentUtils.java  |  4 ++--
 .../org/sleuthkit/autopsy/datamodel/DirectoryNode.java |  2 +-
 Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java |  2 +-
 .../autopsy/datamodel/LayoutDirectoryNode.java         | 10 +++++-----
 .../autopsy/directorytree/BookmarkAction.java          |  2 +-
 .../directorytree/ExplorerNodeActionVisitor.java       |  6 +++---
 .../autopsy/directorytree/ExtractUnallocAction.java    |  8 ++++----
 .../autopsy/directorytree/ViewContextAction.java       |  4 ++--
 .../autopsy/ingest/GetFilesContentVisitor.java         |  4 ++--
 .../org/sleuthkit/autopsy/ingest/IngestScheduler.java  | 10 +++++-----
 .../org/sleuthkit/autopsy/report/ReportBodyFile.java   |  2 +-
 16 files changed, 36 insertions(+), 36 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
index b5d0cdc13c..0b8e584edc 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
@@ -332,7 +332,7 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
             return false;
         }
 
-        if (File.dirFlagToValue(file.getDir_flags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
+        if (File.dirFlagToValue(file.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
             return false;
         }
 
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
index 16940e30c9..758e13c41a 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
@@ -26,7 +26,7 @@ import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsRootNode;
 import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.SleuthkitVisitableItem;
 import org.sleuthkit.datamodel.SleuthkitItemVisitor;
 import org.sleuthkit.datamodel.TskException;
@@ -92,7 +92,7 @@ abstract class AbstractContentChildren<T> extends Keys<T> {
         }
         
         @Override
-        public AbstractContentNode visit(LayoutDirectory ld) {
+        public AbstractContentNode visit(VirtualDirectory ld) {
             return new LayoutDirectoryNode(ld);
         }
 
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
index cba598e6e4..b9c7062f98 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
@@ -241,8 +241,8 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
         map.put(FsContentPropertyType.MODE.toString(), content.getModeAsString());
         map.put(FsContentPropertyType.USER_ID.toString(), content.getUid());
         map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid());
-        map.put(FsContentPropertyType.META_ADDR.toString(), content.getMeta_addr());
-        map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttr_type()) + "-" + Long.toString(content.getAttr_id()));
+        map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr());
+        map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType()) + "-" + Long.toString(content.getAttrId()));
         map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
         map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
         map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ContentHierarchyVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/ContentHierarchyVisitor.java
index d70f95cc49..21d421b1fb 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ContentHierarchyVisitor.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ContentHierarchyVisitor.java
@@ -28,7 +28,7 @@ import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.FileSystem;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.TskException;
 import org.sleuthkit.datamodel.VolumeSystem;
 
@@ -93,7 +93,7 @@ public class ContentHierarchyVisitor extends ContentVisitor.Default<List<? exten
     }
     
     @Override
-    public List<? extends Content> visit(LayoutDirectory ldir) {
+    public List<? extends Content> visit(VirtualDirectory ldir) {
         //return getChildren(ldir);
         return Collections.singletonList(ldir);
     }
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ContentIdHierarchyVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/ContentIdHierarchyVisitor.java
index d5b866ca1b..72ded24b36 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ContentIdHierarchyVisitor.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ContentIdHierarchyVisitor.java
@@ -28,7 +28,7 @@ import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.FileSystem;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.TskException;
 import org.sleuthkit.datamodel.VolumeSystem;
 
@@ -93,7 +93,7 @@ public class ContentIdHierarchyVisitor extends ContentVisitor.Default<List<? ext
     }
     
     @Override
-    public List<? extends Long> visit(LayoutDirectory ldir) {
+    public List<? extends Long> visit(VirtualDirectory ldir) {
         //return getChildren(ldir);
         return Collections.singletonList(ldir.getId());
     }
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ContentUtils.java b/Core/src/org/sleuthkit/autopsy/datamodel/ContentUtils.java
index e136a4e2fa..21d4432cf9 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ContentUtils.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ContentUtils.java
@@ -36,7 +36,7 @@ import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.FileSystem;
 import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.ReadContentInputStream;
 import org.sleuthkit.datamodel.TskException;
@@ -155,7 +155,7 @@ public final class ContentUtils {
         }
 
         @Override
-        public List<String> visit(LayoutDirectory ld) {
+        public List<String> visit(VirtualDirectory ld) {
             List<String> path = ld.getParent().accept(this);
             path.add(toString.visit(ld));
             return path;
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
index 74a278272d..ef9e2adcec 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
@@ -39,7 +39,7 @@ public class DirectoryNode extends AbstractFsContentNode<Directory> {
         super(dir, directoryBrowseMode);
 
         // set name, display name, and icon
-        if (Directory.dirFlagToValue(dir.getDir_flags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
+        if (Directory.dirFlagToValue(dir.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
             this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png");
         } else {
             this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png");
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
index 0beb0ae483..efa01982fb 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
@@ -39,7 +39,7 @@ public class FileNode extends AbstractFsContentNode<File> {
         super(file, directoryBrowseMode);
 
         // set name, display name, and icon
-        if (file.getDir_flags() == (TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag())) {
+        if (file.getDirFlags() == (TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag())) {
             this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png");
         } else {
             this.setIconBaseWithExtension(getIconForFileType(file));
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java
index d558a3c33f..3742bea59b 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java
@@ -22,19 +22,19 @@ import java.util.LinkedHashMap;
 import java.util.Map;
 import org.openide.nodes.Sheet;
 import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.LayoutFile;
 
 /**
  * Node for layout dir
  */
-public class LayoutDirectoryNode extends AbstractAbstractFileNode<LayoutDirectory> {
+public class LayoutDirectoryNode extends AbstractAbstractFileNode<VirtualDirectory> {
 
-    public static String nameForLayoutFile(LayoutDirectory ld) {
+    public static String nameForLayoutFile(VirtualDirectory ld) {
         return ld.getName();
     }
 
-    public LayoutDirectoryNode(LayoutDirectory ld) {
+    public LayoutDirectoryNode(VirtualDirectory ld) {
         super(ld);
 
         this.setDisplayName(nameForLayoutFile(ld));
@@ -88,7 +88,7 @@ public class LayoutDirectoryNode extends AbstractAbstractFileNode<LayoutDirector
 
     //TODO consider extend AbstractFsContent node and use that
     //first need methods such as getDirType() to be pushed to AbstractFile class
-    private static void fillPropertyMap(Map<String, Object> map, LayoutDirectory content) {
+    private static void fillPropertyMap(Map<String, Object> map, VirtualDirectory content) {
         map.put(LayoutContentPropertyType.NAME.toString(), content.getName());
         map.put(LayoutContentPropertyType.SIZE.toString(), content.getSize());
         
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/BookmarkAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/BookmarkAction.java
index 36cccaed45..d350733944 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/BookmarkAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/BookmarkAction.java
@@ -88,7 +88,7 @@ public class BookmarkAction extends AbstractAction {
         }
 
         @Override
-        public AbstractFile visit(org.sleuthkit.datamodel.LayoutDirectory ld) {
+        public AbstractFile visit(org.sleuthkit.datamodel.VirtualDirectory ld) {
             return ld;
         }
 
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExplorerNodeActionVisitor.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExplorerNodeActionVisitor.java
index 2bb0c15d9c..7670d21106 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExplorerNodeActionVisitor.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExplorerNodeActionVisitor.java
@@ -284,14 +284,14 @@ class ExplorerNodeActionVisitor extends ContentVisitor.Default<List<? extends Ac
 
             Arrays.fill(rowValues, 0, 1, new Object[]{
                         fs.getId(),
-                        fs.getImg_offset(),
+                        fs.getImageOffset(),
                         fs.getParent().getId(),
-                        fs.getFs_type(),
+                        fs.getFsType(),
                         fs.getBlock_size(),
                         fs.getBlock_count(),
                         fs.getRoot_inum(),
                         fs.getFirst_inum(),
-                        fs.getLast_inum()
+                        fs.getLastInum()
                     });
 
 
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index 7e1a9da95b..93e4717a35 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -44,7 +44,7 @@ import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.FileSystem;
 import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.Volume;
@@ -332,12 +332,12 @@ public final class ExtractUnallocAction extends AbstractAction {
         }
         
         /**
-         * LayoutDirectory has all the Layout(Unallocated) files
+         * VirtualDirectory has all the Layout(Unallocated) files
          * @param ld LayoutDirectory the visitor encountered
          * @return A list<LayoutFile> containing all the LayoutFile in ld, returns null if it fails
          */
         @Override
-        public List<LayoutFile> visit(LayoutDirectory ld){
+        public List<LayoutFile> visit(VirtualDirectory ld){
             try{
                 List<LayoutFile> lflst = new ArrayList<LayoutFile>();
                 for(Content layout : ld.getChildren()){
@@ -359,7 +359,7 @@ public final class ExtractUnallocAction extends AbstractAction {
         public List<LayoutFile> visit(Directory dir) {
             try {
                 for (Content c : dir.getChildren()) {
-                    if(c instanceof LayoutDirectory){
+                    if(c instanceof VirtualDirectory){
                         return c.accept(this);
                     }
                 }
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java
index 7e50019abc..80360f1595 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ViewContextAction.java
@@ -43,7 +43,7 @@ import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.FileSystem;
 import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.TskException;
 import org.sleuthkit.datamodel.Volume;
@@ -209,7 +209,7 @@ class ViewContextAction extends AbstractAction {
         }
         
         @Override
-        public List<Content> visit(LayoutDirectory ld) {
+        public List<Content> visit(VirtualDirectory ld) {
              ret.add(ld);
              ret.addAll(ld.getParent().accept(this));
           
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/GetFilesContentVisitor.java b/Core/src/org/sleuthkit/autopsy/ingest/GetFilesContentVisitor.java
index b101db0c52..fad32d6cc4 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/GetFilesContentVisitor.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/GetFilesContentVisitor.java
@@ -29,7 +29,7 @@ import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.FileSystem;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.TskException;
 import org.sleuthkit.datamodel.Volume;
 import org.sleuthkit.datamodel.VolumeSystem;
@@ -53,7 +53,7 @@ public abstract class GetFilesContentVisitor implements ContentVisitor<Collectio
     public abstract Collection<AbstractFile> visit(LayoutFile lc);
 
     @Override
-    public Collection<AbstractFile> visit(LayoutDirectory ld) {
+    public Collection<AbstractFile> visit(VirtualDirectory ld) {
         return getAllFromChildren(ld);
     }
     
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
index 5ad1970843..dffce2aa5d 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
@@ -44,7 +44,7 @@ import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.FileSystem;
 import org.sleuthkit.datamodel.FsContent;
 import org.sleuthkit.datamodel.Image;
-import org.sleuthkit.datamodel.LayoutDirectory;
+import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
@@ -313,7 +313,7 @@ class IngestScheduler {
              * @return
              */
             private static List<ProcessTask> createFromScheduledTask(ScheduledTask scheduledTask) {
-                Collection<AbstractFile> rootObjects = new GetRootDirVisitor().visit(scheduledTask.image);
+                Collection<AbstractFile> rootObjects = scheduledTask.image.accept(new GetRootDirVisitor());
                 List<AbstractFile> firstLevelFiles = new ArrayList<AbstractFile>();
                 for (AbstractFile root : rootObjects) {
                     //TODO use more specific get AbstractFile children method
@@ -609,7 +609,7 @@ class IngestScheduler {
 
                 //skip files in root dir, starting with $, containing : (not default attributes)
                 //with meta address < 32, i.e. some special large NTFS and FAT files
-                final TskData.TSK_FS_TYPE_ENUM fsType = f.getFileSystem().getFs_type();
+                final TskData.TSK_FS_TYPE_ENUM fsType = f.getFileSystem().getFsType();
 
                 if ((fsType.getValue() & FAT_NTFS_FLAGS) == 0) {
                     //not fat or ntfs, accept all files
@@ -623,7 +623,7 @@ class IngestScheduler {
                     logger.log(Level.WARNING, "Could not check if should enqueue the file: " + f.getName(), ex);
                 }
 
-                if (isInRootDir && f.getMeta_addr() < 32) {
+                if (isInRootDir && f.getMetaAddr() < 32) {
                     String name = f.getName();
 
                     if (name.length() > 0
@@ -815,7 +815,7 @@ class IngestScheduler {
         static class GetRootDirVisitor extends GetFilesContentVisitor {
 
             @Override
-            public Collection<AbstractFile> visit(LayoutDirectory ld) {
+            public Collection<AbstractFile> visit(VirtualDirectory ld) {
                 //case when we hit a layout directory, not under a real FS
                 Collection<AbstractFile> ret = new ArrayList<AbstractFile>();
                 ret.add(ld);
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java b/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
index 1b54485211..9d341d631b 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
@@ -120,7 +120,7 @@ public class ReportBodyFile implements ReportModule {
                         out.write(file.getUniquePath());
                     }
                     out.write("|");
-                    out.write(Long.toString(file.getMeta_addr()));
+                    out.write(Long.toString(file.getMetaAddr()));
                     out.write("|");
                     if(file.getModeAsString()!=null) {
                         out.write(file.getModeAsString());

From 4cd4df7f93b739d878634311d7e8a40fd8b39f5b Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 13:10:50 -0500
Subject: [PATCH 11/27] rename node class to VirtualDirectoryNode

---
 .../autopsy/datamodel/AbstractContentChildren.java          | 2 +-
 .../org/sleuthkit/autopsy/datamodel/ContentNodeVisitor.java | 4 ++--
 .../autopsy/datamodel/DisplayableItemNodeVisitor.java       | 4 ++--
 .../{LayoutDirectoryNode.java => VirtualDirectoryNode.java} | 4 ++--
 .../autopsy/directorytree/DataResultFilterNode.java         | 6 +++---
 5 files changed, 10 insertions(+), 10 deletions(-)
 rename Core/src/org/sleuthkit/autopsy/datamodel/{LayoutDirectoryNode.java => VirtualDirectoryNode.java} (96%)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
index 758e13c41a..3f7de13f83 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractContentChildren.java
@@ -93,7 +93,7 @@ abstract class AbstractContentChildren<T> extends Keys<T> {
         
         @Override
         public AbstractContentNode visit(VirtualDirectory ld) {
-            return new LayoutDirectoryNode(ld);
+            return new VirtualDirectoryNode(ld);
         }
 
         @Override
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/ContentNodeVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/ContentNodeVisitor.java
index ce8fa29ba0..03931e9591 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/ContentNodeVisitor.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/ContentNodeVisitor.java
@@ -34,7 +34,7 @@ public interface ContentNodeVisitor<T> {
     
     T visit(LayoutFileNode lcn);
     
-    T visit(LayoutDirectoryNode lcn);
+    T visit(VirtualDirectoryNode lcn);
 
     /**
      * Visitor with an implementable default behavior for all types. Override
@@ -76,7 +76,7 @@ public interface ContentNodeVisitor<T> {
         }
         
         @Override
-        public T visit(LayoutDirectoryNode ldn) {
+        public T visit(VirtualDirectoryNode ldn) {
             return defaultVisit(ldn);
         }
     }
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java b/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java
index 9453ffbb7d..789c7094ab 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/DisplayableItemNodeVisitor.java
@@ -59,7 +59,7 @@ public interface DisplayableItemNodeVisitor<T> {
     T visit(ResultsNode rn);
     T visit(ImagesNode in);
     T visit(LayoutFileNode lcn);
-    T visit(LayoutDirectoryNode ldn);
+    T visit(VirtualDirectoryNode ldn);
 
     /**
      * Visitor with an implementable default behavior for all types. Override
@@ -191,7 +191,7 @@ public interface DisplayableItemNodeVisitor<T> {
         }
         
         @Override
-        public T visit(LayoutDirectoryNode ldn) {
+        public T visit(VirtualDirectoryNode ldn) {
             return defaultVisit(ldn);
         }
         
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
similarity index 96%
rename from Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java
rename to Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
index 3742bea59b..0cc76646ed 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/LayoutDirectoryNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
@@ -28,13 +28,13 @@ import org.sleuthkit.datamodel.LayoutFile;
 /**
  * Node for layout dir
  */
-public class LayoutDirectoryNode extends AbstractAbstractFileNode<VirtualDirectory> {
+public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirectory> {
 
     public static String nameForLayoutFile(VirtualDirectory ld) {
         return ld.getName();
     }
 
-    public LayoutDirectoryNode(VirtualDirectory ld) {
+    public VirtualDirectoryNode(VirtualDirectory ld) {
         super(ld);
 
         this.setDisplayName(nameForLayoutFile(ld));
diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java
index 0518f74898..f109926968 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/DataResultFilterNode.java
@@ -51,7 +51,7 @@ import org.sleuthkit.autopsy.datamodel.ImageNode;
 import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsKeywordNode;
 import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsListNode;
 import org.sleuthkit.autopsy.datamodel.KeywordHits.KeywordHitsRootNode;
-import org.sleuthkit.autopsy.datamodel.LayoutDirectoryNode;
+import org.sleuthkit.autopsy.datamodel.VirtualDirectoryNode;
 import org.sleuthkit.autopsy.datamodel.LayoutFileNode;
 import org.sleuthkit.autopsy.datamodel.RecentFilesFilterNode;
 import org.sleuthkit.autopsy.datamodel.RecentFilesNode;
@@ -192,7 +192,7 @@ public class DataResultFilterNode extends FilterNode {
         }
         
         @Override
-        public List<Action> visit(LayoutDirectoryNode ld) {
+        public List<Action> visit(VirtualDirectoryNode ld) {
             List<Action> actions = new ArrayList<Action>();
            
             actions.add(new BookmarkAction("Bookmark Directory", ld));
@@ -416,7 +416,7 @@ public class DataResultFilterNode extends FilterNode {
         }
         
         @Override
-        public AbstractAction visit(LayoutDirectoryNode ldn) {
+        public AbstractAction visit(VirtualDirectoryNode ldn) {
             return openChild(ldn);
         }
 

From 7743c8ef78f43b705ca50ad1288ca618cb6e69e4 Mon Sep 17 00:00:00 2001
From: Tim McIver <mciver@basistech.com>
Date: Thu, 6 Dec 2012 16:47:44 -0500
Subject: [PATCH 12/27] Updates to docs with information about Services and
 FileManager. Also renamed previous Services section to Utilities.

---
 docs/doxygen/modDev.dox           | 16 ++++++++++++----
 docs/doxygen/platformConcepts.dox |  3 ++-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/docs/doxygen/modDev.dox b/docs/doxygen/modDev.dox
index 217650b587..7ce7cfc4eb 100644
--- a/docs/doxygen/modDev.dox
+++ b/docs/doxygen/modDev.dox
@@ -101,11 +101,19 @@ TODO we should outline the process of adding a JAR file dependency for an extern
 E.g. adding jar directly to the module project, or (preferred) wrapping set of jars in another module
 e.g. NewModuleName-Libs and adding a dependency on the libs module. Add info how to bundle OS-specific dlls in the jar (work in progress).
 
+\section mod_dev_services Services
 
-\section mod_dev_services Getting Access to Services
+A Services class is provided to give developers access to the services provided by the Autopsy framework.  Currently, the following
+services are provided:
 
-Autopsy-Core module contains the core Autopsy application, and also the framework the application is built upon that other modules can use.
-Among the Core APIs there are general services available to the Autopsy modules.  The relevant packages include:
+- FileManager: the org.sleuthkit.autopsy.casemodule.services.FileManager service provides an API for easy access to files and directories for a given image.
+You can access the org.sleuthkit.autopsy.casemodule.services.FileManager service by calling the getFileManager() method of the 
+org.sleuthkit.autopsy.casemodule.services.Services class.
+
+\section mod_dev_utilities Utilities
+
+Autopsy-Core module contains the core Autopsy application and also the framework the application is built upon that other modules can use.
+Among the Core APIs there are general utilities available to the Autopsy modules.  The relevant packages include:
 
 - org.sleuthkit.autopsy.casemodule.Case class - for the module to access Case data (TSK database) and subscribe to Case change events
 - org.sleuthkit.autopsy.coreutils package has classes providing utilities for getting access to Autopsy loggers, configuration persistance API,
@@ -115,7 +123,7 @@ Relevant service classes are org.sleuthkit.autopsy.coreutils.Version,
 org.sleuthkit.autopsy.coreutils.PlatformUtil, org.sleuthkit.autopsy.coreutils.ModuleSettings, 
 org.sleuthkit.autopsy.coreutils.Logger and org.sleuthkit.autopsy.coreutils.FileUtil.
 
-TODO: Add additional info about service classes (log, Case, database, etc.)  Similar to the C++ section about services (http://sleuthkit.org/sleuthkit/docs/framework-docs/mod_devpage.html)
+TODO: Add additional info about utility classes (log, Case, database, etc.)  Similar to the C++ section about services (http://sleuthkit.org/sleuthkit/docs/framework-docs/mod_devpage.html)
 
 TODO: Move the log content from the wiki (http://wiki.sleuthkit.org/index.php?title=Autopsy_3_Logging_and_Error_Checking) to here.
 
diff --git a/docs/doxygen/platformConcepts.dox b/docs/doxygen/platformConcepts.dox
index f33fa5f460..7e51941a82 100644
--- a/docs/doxygen/platformConcepts.dox
+++ b/docs/doxygen/platformConcepts.dox
@@ -3,7 +3,8 @@
 \section platform_basics Basic Concepts
 
 - <b>Central Database</b>: All data except for the disk image is stored in a SQLite database.  This includes information about what files exist in the disk image and the output from modules. Access to this database can be found from the SleuthKitCase class. <!-- @@@ IS THAT CORRECT -->
-- <b>Services</b>: There are core services that the platform provides to modules. See the \ref mod_dev_services section for more details. 
+- <b>Utilities</b>: There are core utilities that the platform provides to modules. See the \ref mod_dev_utilities section for more details. 
+- <b>Services</b>: There are services provided by the platform. See the \ref mod_dev_services section for more details.
 - <b>Pipelines and Plug-in Modules:</b> The platform has several places where plug-in modules can be incorporated. This modular approach allows other developers to extend the functionality of the system.   See the \ref platform_frameworks section for more details. 
 - <b>Blackboard:</b> The platform uses the blackboard to enable modules to communicate with each other and to display data in the GUI. See the \ref platform_blackboard section for more details. 
 - <b>Single tree:</b> Results from the various modules can generally be found in a single tree. This makes it easy for users to find their results. 

From 260ede2db8376494eb6c52311f3a291b33a40e2d Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 17:07:51 -0500
Subject: [PATCH 13/27] Add go to any page in thumbnail view

---
 .../autopsy/corecomponents/Bundle.properties  |  2 +
 .../DataResultViewerThumbnail.form            | 29 +++++++++-
 .../DataResultViewerThumbnail.java            | 58 +++++++++++++++++--
 NEWS.txt                                      |  5 +-
 4 files changed, 84 insertions(+), 10 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
index a12d343f7a..23067adf05 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/Bundle.properties
@@ -96,3 +96,5 @@ DataResultViewerThumbnail.imagesLabel.text=Images:
 DataResultViewerThumbnail.imagesRangeLabel.text=-
 DataResultViewerThumbnail.pageNumLabel.text=-
 DataResultViewerThumbnail.filePathLabel.text=\ \ \ 
+DataResultViewerThumbnail.goToPageLabel.text=Go to Page:
+DataResultViewerThumbnail.goToPageField.text=
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.form b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.form
index 9063cdd442..48d26daaa7 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.form
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.form
@@ -20,6 +20,7 @@
           <Group type="102" attributes="0">
               <EmptySpace max="-2" attributes="0"/>
               <Group type="103" groupAlignment="0" attributes="0">
+                  <Component id="filePathLabel" alignment="0" min="-2" max="-2" attributes="0"/>
                   <Group type="102" alignment="0" attributes="0">
                       <Component id="pageLabel" min="-2" max="-2" attributes="0"/>
                       <EmptySpace max="-2" attributes="0"/>
@@ -30,12 +31,15 @@
                       <Component id="pagePrevButton" min="-2" pref="23" max="-2" attributes="0"/>
                       <EmptySpace min="0" pref="0" max="-2" attributes="0"/>
                       <Component id="pageNextButton" min="-2" pref="23" max="-2" attributes="0"/>
-                      <EmptySpace min="-2" pref="33" max="-2" attributes="0"/>
+                      <EmptySpace type="unrelated" max="-2" attributes="0"/>
+                      <Component id="goToPageLabel" min="-2" max="-2" attributes="0"/>
+                      <EmptySpace max="-2" attributes="0"/>
+                      <Component id="goToPageField" min="-2" pref="54" max="-2" attributes="0"/>
+                      <EmptySpace min="-2" pref="12" max="-2" attributes="0"/>
                       <Component id="imagesLabel" min="-2" max="-2" attributes="0"/>
                       <EmptySpace max="-2" attributes="0"/>
                       <Component id="imagesRangeLabel" min="-2" pref="91" max="-2" attributes="0"/>
                   </Group>
-                  <Component id="filePathLabel" alignment="0" min="-2" max="-2" attributes="0"/>
               </Group>
               <EmptySpace max="32767" attributes="0"/>
           </Group>
@@ -55,9 +59,11 @@
                   <Group type="103" groupAlignment="3" attributes="0">
                       <Component id="imagesLabel" alignment="3" min="-2" max="-2" attributes="0"/>
                       <Component id="imagesRangeLabel" alignment="3" min="-2" max="-2" attributes="0"/>
+                      <Component id="goToPageLabel" alignment="3" min="-2" max="-2" attributes="0"/>
+                      <Component id="goToPageField" alignment="3" min="-2" max="-2" attributes="0"/>
                   </Group>
               </Group>
-              <EmptySpace max="-2" attributes="0"/>
+              <EmptySpace min="0" pref="0" max="-2" attributes="0"/>
               <Component id="thumbnailScrollPanel" max="32767" attributes="0"/>
               <EmptySpace max="-2" attributes="0"/>
               <Component id="filePathLabel" min="-2" max="-2" attributes="0"/>
@@ -173,5 +179,22 @@
         </Property>
       </Properties>
     </Component>
+    <Component class="javax.swing.JLabel" name="goToPageLabel">
+      <Properties>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="DataResultViewerThumbnail.goToPageLabel.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+    </Component>
+    <Component class="javax.swing.JTextField" name="goToPageField">
+      <Properties>
+        <Property name="text" type="java.lang.String" editor="org.netbeans.modules.i18n.form.FormI18nStringEditor">
+          <ResourceString bundle="org/sleuthkit/autopsy/corecomponents/Bundle.properties" key="DataResultViewerThumbnail.goToPageField.text" replaceFormat="org.openide.util.NbBundle.getMessage({sourceFileName}.class, &quot;{key}&quot;)"/>
+        </Property>
+      </Properties>
+      <Events>
+        <EventHandler event="actionPerformed" listener="java.awt.event.ActionListener" parameters="java.awt.event.ActionEvent" handler="goToPageFieldActionPerformed"/>
+      </Events>
+    </Component>
   </SubComponents>
 </Form>
diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.java
index 4011222e88..b3e50a81fd 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataResultViewerThumbnail.java
@@ -23,6 +23,7 @@ import java.awt.Cursor;
 import java.awt.EventQueue;
 import java.beans.PropertyChangeEvent;
 import java.util.logging.Level;
+import javax.swing.JOptionPane;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import javax.swing.ListSelectionModel;
 import javax.swing.SwingWorker;
@@ -94,6 +95,8 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
         imagesRangeLabel = new javax.swing.JLabel();
         pageNumLabel = new javax.swing.JLabel();
         filePathLabel = new javax.swing.JLabel();
+        goToPageLabel = new javax.swing.JLabel();
+        goToPageField = new javax.swing.JTextField();
 
         thumbnailScrollPanel.setPreferredSize(new java.awt.Dimension(582, 348));
 
@@ -134,6 +137,15 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
 
         filePathLabel.setText(org.openide.util.NbBundle.getMessage(DataResultViewerThumbnail.class, "DataResultViewerThumbnail.filePathLabel.text")); // NOI18N
 
+        goToPageLabel.setText(org.openide.util.NbBundle.getMessage(DataResultViewerThumbnail.class, "DataResultViewerThumbnail.goToPageLabel.text")); // NOI18N
+
+        goToPageField.setText(org.openide.util.NbBundle.getMessage(DataResultViewerThumbnail.class, "DataResultViewerThumbnail.goToPageField.text")); // NOI18N
+        goToPageField.addActionListener(new java.awt.event.ActionListener() {
+            public void actionPerformed(java.awt.event.ActionEvent evt) {
+                goToPageFieldActionPerformed(evt);
+            }
+        });
+
         javax.swing.GroupLayout layout = new javax.swing.GroupLayout(this);
         this.setLayout(layout);
         layout.setHorizontalGroup(
@@ -142,6 +154,7 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
             .addGroup(layout.createSequentialGroup()
                 .addContainerGap()
                 .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.LEADING)
+                    .addComponent(filePathLabel)
                     .addGroup(layout.createSequentialGroup()
                         .addComponent(pageLabel)
                         .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
@@ -152,11 +165,14 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
                         .addComponent(pagePrevButton, javax.swing.GroupLayout.PREFERRED_SIZE, 23, javax.swing.GroupLayout.PREFERRED_SIZE)
                         .addGap(0, 0, 0)
                         .addComponent(pageNextButton, javax.swing.GroupLayout.PREFERRED_SIZE, 23, javax.swing.GroupLayout.PREFERRED_SIZE)
-                        .addGap(33, 33, 33)
+                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.UNRELATED)
+                        .addComponent(goToPageLabel)
+                        .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                        .addComponent(goToPageField, javax.swing.GroupLayout.PREFERRED_SIZE, 54, javax.swing.GroupLayout.PREFERRED_SIZE)
+                        .addGap(12, 12, 12)
                         .addComponent(imagesLabel)
                         .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
-                        .addComponent(imagesRangeLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 91, javax.swing.GroupLayout.PREFERRED_SIZE))
-                    .addComponent(filePathLabel))
+                        .addComponent(imagesRangeLabel, javax.swing.GroupLayout.PREFERRED_SIZE, 91, javax.swing.GroupLayout.PREFERRED_SIZE)))
                 .addContainerGap())
         );
         layout.setVerticalGroup(
@@ -171,8 +187,10 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
                     .addComponent(pageNextButton, javax.swing.GroupLayout.PREFERRED_SIZE, 23, javax.swing.GroupLayout.PREFERRED_SIZE)
                     .addGroup(layout.createParallelGroup(javax.swing.GroupLayout.Alignment.BASELINE)
                         .addComponent(imagesLabel)
-                        .addComponent(imagesRangeLabel)))
-                .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
+                        .addComponent(imagesRangeLabel)
+                        .addComponent(goToPageLabel)
+                        .addComponent(goToPageField, javax.swing.GroupLayout.PREFERRED_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.PREFERRED_SIZE)))
+                .addGap(0, 0, 0)
                 .addComponent(thumbnailScrollPanel, javax.swing.GroupLayout.DEFAULT_SIZE, javax.swing.GroupLayout.DEFAULT_SIZE, Short.MAX_VALUE)
                 .addPreferredGap(javax.swing.LayoutStyle.ComponentPlacement.RELATED)
                 .addComponent(filePathLabel))
@@ -186,8 +204,15 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
     private void pageNextButtonActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_pageNextButtonActionPerformed
         nextPage();
     }//GEN-LAST:event_pageNextButtonActionPerformed
+
+    private void goToPageFieldActionPerformed(java.awt.event.ActionEvent evt) {//GEN-FIRST:event_goToPageFieldActionPerformed
+        goToPage(goToPageField.getText());
+    }//GEN-LAST:event_goToPageFieldActionPerformed
+
     // Variables declaration - do not modify//GEN-BEGIN:variables
     private javax.swing.JLabel filePathLabel;
+    private javax.swing.JTextField goToPageField;
+    private javax.swing.JLabel goToPageLabel;
     private javax.swing.JLabel imagesLabel;
     private javax.swing.JLabel imagesRangeLabel;
     private javax.swing.JLabel pageLabel;
@@ -309,6 +334,26 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
             switchPage();
         }
     }
+    
+    private void goToPage(String pageNumText) {
+        int newPage;
+        try {
+            newPage = Integer.parseInt(pageNumText);
+        }
+        catch (NumberFormatException e) {
+            //ignore input
+            return;
+        }
+        
+        if (newPage > totalPages || newPage < 1) {
+            JOptionPane.showMessageDialog(this, "Please enter a valid page number between 1 and " + totalPages,
+                    "Invalid page number", JOptionPane.WARNING_MESSAGE);
+            return;
+        }
+        
+        curPage = newPage;
+        switchPage();
+    }
 
     private void switchPage() {
 
@@ -327,6 +372,7 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
             protected Object doInBackground() throws Exception {
                 pagePrevButton.setEnabled(false);
                 pageNextButton.setEnabled(false);
+                goToPageField.setEnabled(false);
                 progress = ProgressHandleFactory.createHandle("Generating Thumbnails...");
                 progress.start();
                 progress.switchToIndeterminate();
@@ -352,6 +398,7 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
         if (totalPages == 0) {
             pagePrevButton.setEnabled(false);
             pageNextButton.setEnabled(false);
+            goToPageField.setEnabled(false);
             pageNumLabel.setText("");
             imagesRangeLabel.setText("");
         } else {
@@ -362,6 +409,7 @@ public final class DataResultViewerThumbnail extends AbstractDataResultViewer {
 
             pageNextButton.setEnabled(!(curPage == totalPages));
             pagePrevButton.setEnabled(!(curPage == 1));
+            goToPageField.setEnabled(totalPages>1);
 
         }
 
diff --git a/NEWS.txt b/NEWS.txt
index f077bdaebd..f4d494cc20 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -6,12 +6,13 @@ New features:
 - Hashkeeper hash database support
 
 Improvements:
-- File Ingest: minimized file queuing time and memory usage
+- File Ingest: minimized file queuing time and memory usage, also improving ingest stability
+- Jump to arbitrary page in Thumbnail View
 - Add Image Wizard - better work-flow, better device size reporting, info on currently processed directory
 - Reporting: reorganized columns, sorted by 1st column, added logo, better styling
 
 Bugfixes:
-- fixed periodic keyword search during ingest, when it'd run max. 2 times only
+- fixed periodic keyword search during ingest, when it would only search max. 2 times
 - fixed Downloads "target" in Recent Activity
 - fixed missing hash and keyword search hits in reports
 - fixed deselecting NSRL database for hash ingest

From c4acb7b464e9a11bebe991b9e223af013198206f Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Thu, 6 Dec 2012 18:02:40 -0500
Subject: [PATCH 14/27] Changed references from LayoutDirectory to
 VirtualDirectory

---
 .../directorytree/ExtractUnallocAction.java   | 262 ++++++++++--------
 1 file changed, 148 insertions(+), 114 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index 93e4717a35..65154b0221 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -61,12 +61,13 @@ public final class ExtractUnallocAction extends AbstractAction {
     private long currentImage = 0L;
     private static final Logger logger = Logger.getLogger(ExtractUnallocAction.class.getName());
     private boolean isImage = false;
-    
-    public ExtractUnallocAction(String title, Volume volu){
+
+    public ExtractUnallocAction(String title, Volume volu) {
         super(title);
         UnallocStruct us = new UnallocStruct(volu);
         LstUnallocs.add(us);
-    }    
+    }
+
     public ExtractUnallocAction(String title, Image img) {
         super(title);
         isImage = true;
@@ -81,54 +82,71 @@ public final class ExtractUnallocAction extends AbstractAction {
             LstUnallocs.add(us);
         }
     }
-    
 
     /**
-     * Writes the unallocated files to $CaseDir/Export/ImgName-Unalloc-ImgObjectID-VolumeID.dat
-     * @param e 
+     * Writes the unallocated files to
+     * $CaseDir/Export/ImgName-Unalloc-ImgObjectID-VolumeID.dat
+     *
+     * @param e
      */
     @Override
     public void actionPerformed(ActionEvent e) {
         if (LstUnallocs != null && LstUnallocs.size() > 0) {
             if (lockedImages.contains(currentImage)) {
-                JOptionPane.showMessageDialog(new Frame(), "Unallocated Space is already running on this Image. Please select a different Image.");
+                JOptionPane.showMessageDialog(new Frame(), "Unallocated Space is already being extracted on this Image. Please select a different Image.");
                 return;
             }
-            List<UnallocStruct> copyList = new ArrayList<UnallocStruct>(){{
-                addAll(LstUnallocs);
-            }};
-            
-            for (UnallocStruct u : LstUnallocs) {
-                if (u.llf != null && u.llf.size() > 0 && !lockedVols.contains(u.getFileName())) {                    
-                    //Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat                    
-                    if (u.FileInstance.exists()) {
-                        int res = JOptionPane.showConfirmDialog(new Frame(), "The Unalloc File for this volume, " + u.getFileName() + " already exists, do you want to replace it?");
-                        if (res == JOptionPane.YES_OPTION) {
-                            u.FileInstance.delete();
-                        } else {
-                            copyList.remove(u);
-                        }
-                    }
-                    if (!isImage) {                        
-                        ExtractUnallocWorker uw = new ExtractUnallocWorker(u);
-                        uw.execute();
-                    }
-                } else {
-                    logger.log(Level.WARNING, "Tried to get unallocated content from volume ID " + u.VolumeId + ", but its list of unallocated files was empty or null");
+            List<UnallocStruct> copyList = new ArrayList<UnallocStruct>() {
+                {
+                    addAll(LstUnallocs);
+                }
+            };
+
+
+            JFileChooser fc = new JFileChooser();
+            fc.setCurrentDirectory(new File(Case.getCurrentCase().getCaseDirectory()));
+            fc.setDialogTitle("Select directory to save to");
+            fc.setFileSelectionMode(JFileChooser.DIRECTORIES_ONLY);
+            fc.setAcceptAllFileFilterUsed(false);
+            int returnValue = fc.showSaveDialog((Component) e.getSource());
+            if (returnValue == JFileChooser.APPROVE_OPTION) {
+                String destination = fc.getSelectedFile().getPath();
+
+                for (UnallocStruct u : LstUnallocs) {
+                    u.setPath(destination);
+                    if (u.llf != null && u.llf.size() > 0 && !lockedVols.contains(u.getFileName())) {
+                        //Format for single Unalloc File is ImgName-Unalloc-ImgObjectID-VolumeID.dat                    
+                        if (u.FileInstance.exists()) {
+                            int res = JOptionPane.showConfirmDialog(new Frame(), "The Unalloc File for this volume, " + u.getFileName() + " already exists, do you want to replace it?");
+                            if (res == JOptionPane.YES_OPTION) {
+                                u.FileInstance.delete();
+                            } else {
+                                copyList.remove(u);
+                            }
+                        }
+                        if (!isImage) {
+                            ExtractUnallocWorker uw = new ExtractUnallocWorker(u);
+                            uw.execute();
+                        }
+                    } else {
+                        logger.log(Level.WARNING, "Tried to get unallocated content from volume ID " + u.VolumeId + ", but its list of unallocated files was empty or null");
+                    }
+                }
+                if (isImage && !copyList.isEmpty()) {
+                    ExtractUnallocWorker uw = new ExtractUnallocWorker(copyList);
+                    uw.execute();
                 }
-            }
-            if (isImage) {
-                ExtractUnallocWorker uw = new ExtractUnallocWorker(copyList);
-                uw.execute();
             }
         }
 
     }
 
     /**
-     * Gets all the unallocated files in a given Content. 
-     * @param c Content to get Unallocated Files from 
-     * @return A list<LayoutFile> if it didn't crash List may be empty. Returns null on failure.
+     * Gets all the unallocated files in a given Content.
+     *
+     * @param c Content to get Unallocated Files from
+     * @return A list<LayoutFile> if it didn't crash List may be empty. Returns
+     * null on failure.
      */
     private List<LayoutFile> getUnallocFiles(Content c) {
         UnallocVisitor uv = new UnallocVisitor();
@@ -139,13 +157,11 @@ public final class ExtractUnallocAction extends AbstractAction {
         }
         return null;
     }
-    
-        
+
     /**
      * Private class for dispatching the file IO in a background thread.
      */
     private class ExtractUnallocWorker extends SwingWorker<Integer, Integer> {
-        
 
         private ProgressHandle progress;
         private boolean canceled = false;
@@ -159,7 +175,7 @@ public final class ExtractUnallocAction extends AbstractAction {
             if (!lockedVols.contains(us.getFileName())) {
                 totalSizeinMegs = toMb(us.sizeInBytes());
                 lockedVols.add(us.getFileName());
-            } 
+            }
         }
 
         ExtractUnallocWorker(List<UnallocStruct> lst) {
@@ -176,11 +192,10 @@ public final class ExtractUnallocAction extends AbstractAction {
             lockedImages.add(currentImage);
         }
 
-        
         private int toMb(long bytes) {
             if (bytes > 1024 && (bytes / 1024.0) <= Double.MAX_VALUE) {
-                double Mb = ((bytes / 1024.0)/1024.0);//Bytes -> Megabytes
-                if (((bytes / 1024.0)/1024.0) <= Integer.MAX_VALUE) { 
+                double Mb = ((bytes / 1024.0) / 1024.0);//Bytes -> Megabytes
+                if (Mb <= Integer.MAX_VALUE) {
                     return (int) Math.floor(Mb);
                 }
             }
@@ -200,15 +215,15 @@ public final class ExtractUnallocAction extends AbstractAction {
                         }
                         return true;
                     }
-                });                
+                });
                 int MAX_BYTES = 8192;
                 byte[] buf = new byte[MAX_BYTES];    //read 8kb at a time                         
-    
-                
+
+
                 //Begin the actual File IO
                 progress.start(totalSizeinMegs);
                 int kbs = 0; //Each completion of the while loop adds one to kbs. 8kb * 128 = 1mb. 
-                int mbs = 0; //Increments every 128 kbs
+                int mbs = 0; //Increments every 128th tick of  kbs
                 for (UnallocStruct u : this.lus) {
                     currentlyProcessing = u.getFile();
                     logger.log(Level.INFO, "Writing Unalloc file to " + currentlyProcessing.getPath());
@@ -231,13 +246,15 @@ public final class ExtractUnallocAction extends AbstractAction {
 
                     if (canceled) {
                         u.getFile().delete();
-                        logger.log(Level.INFO, "Canceled extraction of " + u.getFile().getName() + " and deleted file");
+                        logger.log(Level.INFO, "Canceled extraction of " + u.getFileName() + " and deleted file");
                     } else {
                         logger.log(Level.INFO, "Finished writing unalloc file " + u.getFile().getPath());
                     }
                     lockedVols.remove(u.FileName);
                 }
                 progress.finish();
+
+
             } catch (IOException ioe) {
                 logger.log(Level.WARNING, "Could not create Unalloc File; error writing file", ioe);
                 return -1;
@@ -247,41 +264,44 @@ public final class ExtractUnallocAction extends AbstractAction {
             }
             return 1;
         }
-        
+
         @Override
-        protected void done(){
-            if(isImage){
+        protected void done() {
+            if (isImage) {
                 lockedImages.remove(currentImage);
             }
             JOptionPane.showMessageDialog(new Frame(), "Completed extraction of unallocated space. Files were extracted to " + lus.get(0).getFile().getParent());
         }
     }
-    
+
     /**
      * Determines if an image has a volume system or not.
+     *
      * @param img The Image to analyze
      * @return True if there are Volume Systems present
      */
-    private boolean hasVolumeSystem(Image img){
-        try{
-         return (img.getChildren().get(0) instanceof VolumeSystem);
-        } catch(TskCoreException tce){
+    private boolean hasVolumeSystem(Image img) {
+        try {
+            return (img.getChildren().get(0) instanceof VolumeSystem);
+        } catch (TskCoreException tce) {
             logger.log(Level.WARNING, "Unable to determine if image has a volume system, extraction may be incomplete", tce);
             return false;
         }
     }
-    
+
     /**
      * Gets the volumes on an given image.
+     *
      * @param img The image to analyze
-     * @return A list of volumes from the image. Returns an empty list if no matches.
+     * @return A list of volumes from the image. Returns an empty list if no
+     * matches.
      */
     private List<Volume> getVolumes(Image img) {
         List<Volume> lstVol = new ArrayList<Volume>();
         try {
             for (Content v : img.getChildren().get(0).getChildren()) {
-                if(v instanceof Volume){
-                    lstVol.add((Volume)v);
+                if (v instanceof Volume) {
+                    lstVol.add((Volume) v);
                 }
             }
         } catch (TskCoreException tce) {
@@ -289,17 +309,17 @@ public final class ExtractUnallocAction extends AbstractAction {
         }
         return lstVol;
     }
-        
-        
-
 
     /**
-     * Private visitor class for going through a Content file and grabbing unallocated files.
+     * Private visitor class for going through a Content file and grabbing
+     * unallocated files.
      */
     private static class UnallocVisitor extends ContentVisitor.Default<List<LayoutFile>> {
 
         /**
-         * If the volume has no FileSystem, then it will call this method to return the single instance of unallocated space.
+         * If the volume has no FileSystem, then it will call this method to
+         * return the single instance of unallocated space.
+         *
          * @param lf the LayoutFile the visitor encountered
          * @return A list<LayoutFile> of size 1, returns null if it fails
          */
@@ -313,16 +333,19 @@ public final class ExtractUnallocAction extends AbstractAction {
         }
 
         /**
-         * If the visitor finds a FileSystem, it will filter the results for directories and return on the Root Dir.
+         * If the visitor finds a FileSystem, it will filter the results for
+         * directories and return on the Root Dir.
+         *
          * @param fs the FileSystem the visitor encountered
-         * @return A list<LayoutFile> containing the layout files from subsequent Visits(), returns null if it fails
+         * @return A list<LayoutFile> containing the layout files from
+         * subsequent Visits(), returns null if it fails
          */
         @Override
         public List<LayoutFile> visit(FileSystem fs) {
             try {
-                for (Content c : fs.getChildren()){
-                    if(((AbstractFile)c).isRoot()){
-                       return c.accept(this);
+                for (Content c : fs.getChildren()) {
+                    if (((AbstractFile) c).isRoot()) {
+                        return c.accept(this);
                     }
                 }
             } catch (TskCoreException tce) {
@@ -330,40 +353,45 @@ public final class ExtractUnallocAction extends AbstractAction {
             }
             return null;
         }
-        
+
         /**
-         * VirtualDirectory has all the Layout(Unallocated) files
+         * LayoutDirectory has all the Layout(Unallocated) files
+         *
          * @param ld LayoutDirectory the visitor encountered
-         * @return A list<LayoutFile> containing all the LayoutFile in ld, returns null if it fails
+         * @return A list<LayoutFile> containing all the LayoutFile in ld,
+         * returns null if it fails
          */
         @Override
-        public List<LayoutFile> visit(VirtualDirectory ld){
-            try{
+        public List<LayoutFile> visit(VirtualDirectory vd) {
+            try {
                 List<LayoutFile> lflst = new ArrayList<LayoutFile>();
-                for(Content layout : ld.getChildren()){
-                    lflst.add((LayoutFile)layout);
+                for (Content layout : vd.getChildren()) {
+                    lflst.add((LayoutFile) layout);
                 }
                 return lflst;
-            } catch(TskCoreException tce){
+            } catch (TskCoreException tce) {
                 logger.log(Level.WARNING, "Could not get list of Layout Files, failed at visiting Layout Directory", tce);
             }
             return null;
         }
 
         /**
-         * The only time this visitor should ever encounter a directory is when parsing over Root
+         * The only time this visitor should ever encounter a directory is when
+         * parsing over Root
+         *
          * @param dir the directory this visitor encountered
-         * @return A list<LayoutFile> containing LayoutFiles encountered during subsequent Visits(), returns null if it fails
+         * @return A list<LayoutFile> containing LayoutFiles encountered during
+         * subsequent Visits(), returns null if it fails
          */
         @Override
         public List<LayoutFile> visit(Directory dir) {
             try {
                 for (Content c : dir.getChildren()) {
-                    if(c instanceof VirtualDirectory){
+                    if (c instanceof VirtualDirectory) {
                         return c.accept(this);
                     }
                 }
-            }catch (TskCoreException tce) {
+            } catch (TskCoreException tce) {
                 logger.log(Level.WARNING, "Couldn't get a list of Unallocated Files, failed at visiting Directory " + dir.getId(), tce);
             }
             return null;
@@ -374,47 +402,48 @@ public final class ExtractUnallocAction extends AbstractAction {
             return null;
         }
     }
-   
-    
+
     /**
      * Comparator for sorting lists of LayoutFiles based on their Object ID
-     * Ensures that the single Unalloc File is in proper order, and that the bytes
-     * are continuous.
+     * Ensures that the single Unalloc File is in proper order, and that the
+     * bytes are continuous.
      */
-    private class SortObjId implements Comparator<LayoutFile>{
-        
+    private class SortObjId implements Comparator<LayoutFile> {
+
         @Override
         public int compare(LayoutFile o1, LayoutFile o2) {
-            if(o1.getId() == o2.getId()){
+            if (o1.getId() == o2.getId()) {
                 return 0;
-            } 
-            if(o1.getId() > o2.getId()){
-                return -1;
             }
-            else{
+            if (o1.getId() > o2.getId()) {
+                return -1;
+            } else {
                 return 1;
             }
         }
     }
-    
+
     /**
-     * Private class for assisting in the running the action over an image with multiple volumes.
+     * Private class for assisting in the running the action over an image with
+     * multiple volumes.
      */
-    private class UnallocStruct{
+    private class UnallocStruct {
+
         private List<LayoutFile> llf;
         private long VolumeId;
         private long ImageId;
         private String ImageName;
         private String FileName;
         private File FileInstance;
-        
-       
+
         /**
          * Contingency constructor in event no VolumeSystem exists on an Image.
+         *
          * @param img Image file to be analyzed
          */
-        UnallocStruct(Image img){
+        UnallocStruct(Image img) {
             this.llf = getUnallocFiles(img);
+            Collections.sort(llf, new SortObjId());
             this.VolumeId = 0;
             this.ImageId = img.getId();
             this.ImageName = img.getName();
@@ -424,6 +453,7 @@ public final class ExtractUnallocAction extends AbstractAction {
 
         /**
          * Default constructor for extracting info from Volumes.
+         *
          * @param volu Volume file to be analyzed
          */
         UnallocStruct(Volume volu) {
@@ -446,37 +476,41 @@ public final class ExtractUnallocAction extends AbstractAction {
         int size() {
             return llf.size();
         }
-        
-        long sizeInBytes(){
+
+        long sizeInBytes() {
             long size = 0L;
-            for(LayoutFile f : llf){
-                size+= f.getSize();
+            for (LayoutFile f : llf) {
+                size += f.getSize();
             }
             return size;
         }
-        long getVolumeId(){
+
+        long getVolumeId() {
             return this.VolumeId;
         }
-        long getImageId(){
+
+        long getImageId() {
             return this.ImageId;
         }
-        String getImageName(){
+
+        String getImageName() {
             return this.ImageName;
         }
-        List<LayoutFile> getLayouts(){
+
+        List<LayoutFile> getLayouts() {
             return this.llf;
         }
-        
-        String getFileName(){
+
+        String getFileName() {
             return this.FileName;
         }
-        
-        File getFile(){
+
+        File getFile() {
             return this.FileInstance;
         }
-        
-        
-        
-    }
 
+        void setPath(String path) {
+            this.FileInstance = new File(path + File.separator + this.FileName);
+        }
+    }
 }

From d58666df1c692c25038e2f268866c516a6fdb733 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Thu, 6 Dec 2012 23:00:11 -0500
Subject: [PATCH 15/27] update module versions

---
 Core/manifest.mf                            | 4 ++--
 Core/nbproject/project.properties           | 2 +-
 ExifParser/manifest.mf                      | 2 +-
 ExifParser/nbproject/project.xml            | 4 ++--
 HashDatabase/manifest.mf                    | 2 +-
 HashDatabase/nbproject/project.properties   | 2 +-
 HashDatabase/nbproject/project.xml          | 4 ++--
 KeywordSearch/manifest.mf                   | 4 ++--
 KeywordSearch/nbproject/project.properties  | 2 +-
 KeywordSearch/nbproject/project.xml         | 4 ++--
 RecentActivity/manifest.mf                  | 4 ++--
 RecentActivity/nbproject/project.properties | 2 +-
 RecentActivity/nbproject/project.xml        | 4 ++--
 Testing/manifest.mf                         | 2 +-
 Testing/nbproject/project.properties        | 2 +-
 Testing/nbproject/project.xml               | 4 ++--
 thunderbirdparser/manifest.mf               | 2 +-
 thunderbirdparser/nbproject/project.xml     | 4 ++--
 18 files changed, 27 insertions(+), 27 deletions(-)

diff --git a/Core/manifest.mf b/Core/manifest.mf
index 4eb28aaa23..45cb2dbed0 100644
--- a/Core/manifest.mf
+++ b/Core/manifest.mf
@@ -1,8 +1,8 @@
 Manifest-Version: 1.0
-OpenIDE-Module: org.sleuthkit.autopsy.core/4
+OpenIDE-Module: org.sleuthkit.autopsy.core/5
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/core/Bundle.properties
 OpenIDE-Module-Layer: org/sleuthkit/autopsy/core/layer.xml
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Requires: org.openide.windows.WindowManager, org.netbeans.api.javahelp.Help
 AutoUpdate-Show-In-Client: true
 AutoUpdate-Essential-Module: true
diff --git a/Core/nbproject/project.properties b/Core/nbproject/project.properties
index 713c9fbdc6..977c65838c 100644
--- a/Core/nbproject/project.properties
+++ b/Core/nbproject/project.properties
@@ -5,5 +5,5 @@ license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/
 nbm.module.author=Brian Carrier
 nbm.needs.restart=true
-spec.version.base=2.0
+spec.version.base=3.0
 
diff --git a/ExifParser/manifest.mf b/ExifParser/manifest.mf
index 61c3730eaa..e613aa76c2 100644
--- a/ExifParser/manifest.mf
+++ b/ExifParser/manifest.mf
@@ -1,6 +1,6 @@
 Manifest-Version: 1.0
 AutoUpdate-Show-In-Client: true
 OpenIDE-Module: org.sleuthkit.autopsy.exifparser/3
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Layer: org/sleuthkit/autopsy/exifparser/layer.xml
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/exifparser/Bundle.properties
diff --git a/ExifParser/nbproject/project.xml b/ExifParser/nbproject/project.xml
index ec520cd8f4..9542df9bcf 100644
--- a/ExifParser/nbproject/project.xml
+++ b/ExifParser/nbproject/project.xml
@@ -11,8 +11,8 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <release-version>4</release-version>
-                        <specification-version>2.0</specification-version>
+                        <release-version>5</release-version>
+                        <specification-version>3.0</specification-version>
                     </run-dependency>
                 </dependency>
             </module-dependencies>
diff --git a/HashDatabase/manifest.mf b/HashDatabase/manifest.mf
index d177146724..0b3c75a34a 100644
--- a/HashDatabase/manifest.mf
+++ b/HashDatabase/manifest.mf
@@ -1,7 +1,7 @@
 Manifest-Version: 1.0
 AutoUpdate-Show-In-Client: true
 OpenIDE-Module: org.sleuthkit.autopsy.hashdatabase/3
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Layer: org/sleuthkit/autopsy/hashdatabase/layer.xml
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/hashdatabase/Bundle.properties
 
diff --git a/HashDatabase/nbproject/project.properties b/HashDatabase/nbproject/project.properties
index 5e95dbce94..9dcdea211c 100644
--- a/HashDatabase/nbproject/project.properties
+++ b/HashDatabase/nbproject/project.properties
@@ -3,4 +3,4 @@ javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/autopsy/
 nbm.needs.restart=true
-spec.version.base=1.0
+spec.version.base=1.1
diff --git a/HashDatabase/nbproject/project.xml b/HashDatabase/nbproject/project.xml
index db79488f5c..1a3d2b30a5 100644
--- a/HashDatabase/nbproject/project.xml
+++ b/HashDatabase/nbproject/project.xml
@@ -77,8 +77,8 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <release-version>4</release-version>
-                        <specification-version>2.0</specification-version>
+                        <release-version>5</release-version>
+                        <specification-version>3.0</specification-version>
                     </run-dependency>
                 </dependency>
             </module-dependencies>
diff --git a/KeywordSearch/manifest.mf b/KeywordSearch/manifest.mf
index f8cfb2cab6..91df9c8471 100644
--- a/KeywordSearch/manifest.mf
+++ b/KeywordSearch/manifest.mf
@@ -1,7 +1,7 @@
 Manifest-Version: 1.0
 AutoUpdate-Show-In-Client: true
-OpenIDE-Module: org.sleuthkit.autopsy.keywordsearch/3
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module: org.sleuthkit.autopsy.keywordsearch/4
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Install: org/sleuthkit/autopsy/keywordsearch/Installer.class
 OpenIDE-Module-Layer: org/sleuthkit/autopsy/keywordsearch/layer.xml
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/keywordsearch/Bundle.properties
diff --git a/KeywordSearch/nbproject/project.properties b/KeywordSearch/nbproject/project.properties
index 9dcdea211c..71755d2104 100644
--- a/KeywordSearch/nbproject/project.properties
+++ b/KeywordSearch/nbproject/project.properties
@@ -3,4 +3,4 @@ javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/autopsy/
 nbm.needs.restart=true
-spec.version.base=1.1
+spec.version.base=2.0
diff --git a/KeywordSearch/nbproject/project.xml b/KeywordSearch/nbproject/project.xml
index a49c7e4c11..72869c4a41 100644
--- a/KeywordSearch/nbproject/project.xml
+++ b/KeywordSearch/nbproject/project.xml
@@ -95,8 +95,8 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <release-version>4</release-version>
-                        <specification-version>2.0</specification-version>
+                        <release-version>5</release-version>
+                        <specification-version>3.0</specification-version>
                     </run-dependency>
                 </dependency>
             </module-dependencies>
diff --git a/RecentActivity/manifest.mf b/RecentActivity/manifest.mf
index 48e3171c78..aeb6503d27 100644
--- a/RecentActivity/manifest.mf
+++ b/RecentActivity/manifest.mf
@@ -1,6 +1,6 @@
 Manifest-Version: 1.0
-OpenIDE-Module: org.sleuthkit.autopsy.recentactivity/3
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module: org.sleuthkit.autopsy.recentactivity/4
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Layer: org/sleuthkit/autopsy/recentactivity/layer.xml
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/recentactivity/Bundle.properties
 OpenIDE-Module-Requires: 
diff --git a/RecentActivity/nbproject/project.properties b/RecentActivity/nbproject/project.properties
index ffdd87b7d0..eae0cc9761 100644
--- a/RecentActivity/nbproject/project.properties
+++ b/RecentActivity/nbproject/project.properties
@@ -4,4 +4,4 @@ javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/autopsy/
 nbm.needs.restart=true
-spec.version.base=1.1
+spec.version.base=2.0
diff --git a/RecentActivity/nbproject/project.xml b/RecentActivity/nbproject/project.xml
index 222c9f7b57..1a7c1f9578 100644
--- a/RecentActivity/nbproject/project.xml
+++ b/RecentActivity/nbproject/project.xml
@@ -35,8 +35,8 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <release-version>4</release-version>
-                        <specification-version>2.0</specification-version>
+                        <release-version>5</release-version>
+                        <specification-version>3.0</specification-version>
                     </run-dependency>
                 </dependency>
             </module-dependencies>
diff --git a/Testing/manifest.mf b/Testing/manifest.mf
index 0a7372fd55..1c4e9da69f 100644
--- a/Testing/manifest.mf
+++ b/Testing/manifest.mf
@@ -1,6 +1,6 @@
 Manifest-Version: 1.0
 AutoUpdate-Show-In-Client: false
 OpenIDE-Module: org.sleuthkit.autopsy.testing/3
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/testing/Bundle.properties
 
diff --git a/Testing/nbproject/project.properties b/Testing/nbproject/project.properties
index 5e95dbce94..9dcdea211c 100644
--- a/Testing/nbproject/project.properties
+++ b/Testing/nbproject/project.properties
@@ -3,4 +3,4 @@ javac.compilerargs=-Xlint -Xlint:-serial
 license.file=../LICENSE-2.0.txt
 nbm.homepage=http://www.sleuthkit.org/autopsy/
 nbm.needs.restart=true
-spec.version.base=1.0
+spec.version.base=1.1
diff --git a/Testing/nbproject/project.xml b/Testing/nbproject/project.xml
index 4526a6b590..aed542547c 100644
--- a/Testing/nbproject/project.xml
+++ b/Testing/nbproject/project.xml
@@ -11,8 +11,8 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <release-version>4</release-version>
-                        <specification-version>2.0</specification-version>
+                        <release-version>5</release-version>
+                        <specification-version>3.0</specification-version>
                     </run-dependency>
                 </dependency>
             </module-dependencies>
diff --git a/thunderbirdparser/manifest.mf b/thunderbirdparser/manifest.mf
index 265703b61a..d3cf213ff2 100644
--- a/thunderbirdparser/manifest.mf
+++ b/thunderbirdparser/manifest.mf
@@ -1,7 +1,7 @@
 Manifest-Version: 1.0
 AutoUpdate-Show-In-Client: true
 OpenIDE-Module: org.sleuthkit.autopsy.thunderbirdparser/3
-OpenIDE-Module-Implementation-Version: 2
+OpenIDE-Module-Implementation-Version: 3
 OpenIDE-Module-Layer: org/sleuthkit/autopsy/thunderbirdparser/layer.xml
 OpenIDE-Module-Localizing-Bundle: org/sleuthkit/autopsy/thunderbirdparser/Bundle.properties
 
diff --git a/thunderbirdparser/nbproject/project.xml b/thunderbirdparser/nbproject/project.xml
index 515dccc008..8215e4c344 100644
--- a/thunderbirdparser/nbproject/project.xml
+++ b/thunderbirdparser/nbproject/project.xml
@@ -11,8 +11,8 @@
                     <build-prerequisite/>
                     <compile-dependency/>
                     <run-dependency>
-                        <release-version>4</release-version>
-                        <specification-version>2.0</specification-version>
+                        <release-version>5</release-version>
+                        <specification-version>3.0</specification-version>
                     </run-dependency>
                 </dependency>
             </module-dependencies>

From 41f2ac3f78a8daaa9275d404e9587ec4384d5e85 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Fri, 7 Dec 2012 10:48:21 -0500
Subject: [PATCH 16/27] Unalloc will not longer show a success box if user
 cancels the operation

---
 .../sleuthkit/autopsy/directorytree/ExtractUnallocAction.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index 65154b0221..f963cdf1ec 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -270,7 +270,9 @@ public final class ExtractUnallocAction extends AbstractAction {
             if (isImage) {
                 lockedImages.remove(currentImage);
             }
-            JOptionPane.showMessageDialog(new Frame(), "Completed extraction of unallocated space. Files were extracted to " + lus.get(0).getFile().getParent());
+            if (!canceled) {
+                JOptionPane.showMessageDialog(new Frame(), "Completed extraction of unallocated space. Files were extracted to " + lus.get(0).getFile().getParent());
+            }
         }
     }
 

From 58bdbd8d4e88e6eb0d0e09faf3adfca607f86493 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 11:15:48 -0500
Subject: [PATCH 17/27] update version

---
 nbproject/project.properties | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nbproject/project.properties b/nbproject/project.properties
index bb17c836a3..8b3a6d6092 100644
--- a/nbproject/project.properties
+++ b/nbproject/project.properties
@@ -4,7 +4,7 @@ app.title=Autopsy
 ### lowercase version of above
 app.name=autopsy
 ### if left unset, version will default to today's date
-#app.version=3.0.0
+#app.version=3.0.2
 ### Build type isn't used at this point, but it may be useful
 ### Must be one of: DEVELOPMENT, RELEASE
 #build.type=RELEASE

From a2616adb495e506ba60ea77822e6ee2c75501e80 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Fri, 7 Dec 2012 11:25:40 -0500
Subject: [PATCH 18/27] Better cancel support

---
 .../autopsy/directorytree/ExtractUnallocAction.java    | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index f963cdf1ec..881c6aa476 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -129,7 +129,7 @@ public final class ExtractUnallocAction extends AbstractAction {
                             uw.execute();
                         }
                     } else {
-                        logger.log(Level.WARNING, "Tried to get unallocated content from volume ID " + u.VolumeId + ", but its list of unallocated files was empty or null");
+                        logger.log(Level.WARNING, "Tried to get unallocated content from volume ID but " + u.VolumeId + u.llf == null ? "its list of unallocated files was null" : "the volume is locked" );
                     }
                 }
                 if (isImage && !copyList.isEmpty()) {
@@ -250,7 +250,6 @@ public final class ExtractUnallocAction extends AbstractAction {
                     } else {
                         logger.log(Level.INFO, "Finished writing unalloc file " + u.getFile().getPath());
                     }
-                    lockedVols.remove(u.FileName);
                 }
                 progress.finish();
 
@@ -270,10 +269,13 @@ public final class ExtractUnallocAction extends AbstractAction {
             if (isImage) {
                 lockedImages.remove(currentImage);
             }
-            if (!canceled) {
+            for (UnallocStruct u : lus) {
+                lockedVols.remove(u.getFileName());
+            }
+            if (!canceled && !lus.isEmpty()) {
                 JOptionPane.showMessageDialog(new Frame(), "Completed extraction of unallocated space. Files were extracted to " + lus.get(0).getFile().getParent());
             }
-        }
+        }        
     }
 
     /**

From b99f16ca526690979db39b827f2574ca00389a74 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 12:47:33 -0500
Subject: [PATCH 19/27] add more info to report name

---
 Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java b/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
index 9d341d631b..e32dff834d 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
@@ -168,7 +168,7 @@ public class ReportBodyFile implements ReportModule {
 
     @Override
     public String getName() {
-        String name = "Body File";
+        String name = "Body File (Timeline Report)";
         return name;
     }
 

From f2ed498ae53ea2ee9708d127470218b9ea4ac4c8 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 13:08:35 -0500
Subject: [PATCH 20/27] enable regripper to run on linux, if user has deps
 installed

---
 .../sleuthkit/autopsy/recentactivity/ExtractRegistry.java | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
index 3432d17ea8..ea0d994650 100644
--- a/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
+++ b/RecentActivity/src/org/sleuthkit/autopsy/recentactivity/ExtractRegistry.java
@@ -36,6 +36,7 @@ import javax.xml.parsers.ParserConfigurationException;
 import org.openide.modules.InstalledFileLocator;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.autopsy.coreutils.PlatformUtil;
 import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import org.sleuthkit.autopsy.ingest.IngestImageWorkerController;
 import org.sleuthkit.autopsy.ingest.IngestModuleImage;
@@ -88,7 +89,12 @@ public class ExtractRegistry extends Extract implements IngestModuleImage {
         final String rrHome = rrRoot.getAbsolutePath();
         logger.log(Level.INFO, "RegRipper home: " + rrHome);
 
-        RR_PATH = rrHome + File.separator + "rip.exe";
+        if (PlatformUtil.isWindowsOS()) {
+            RR_PATH = rrHome + File.separator + "rip.exe";
+        }
+        else {
+            RR_PATH = "perl " + rrHome + File.separator + "rip.pl";
+        }
     }
 
     @Override

From e9a9eeab6b1ccde90bacfadc577d14c99f8fc46f Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 13:19:45 -0500
Subject: [PATCH 21/27] do not display column with id of artifact in tag in
 results table

---
 .../sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
index 5354dd0c50..8493dc2cc5 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
@@ -124,7 +124,10 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
         try {
             for (BlackboardAttribute attribute : artifact.getAttributes()) {
                 final int attributeTypeID= attribute.getAttributeTypeID();
-                if (attributeTypeID == ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID()) {
+                //skip some internal attributes that user shouldn't see
+                if (attributeTypeID == ATTRIBUTE_TYPE.TSK_PATH_ID.getTypeID()
+                        || attributeTypeID == ATTRIBUTE_TYPE.TSK_TAGGED_ARTIFACT.getTypeID())
+                         {
                     continue;
                 } else {
                     switch (attribute.getValueType()) {

From fa8e62eb483e2fe0481535e8ee01f08ba1f3c9b3 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 13:22:45 -0500
Subject: [PATCH 22/27] rename File Name column to Source for artifact nodes

---
 .../sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
index 8493dc2cc5..e92946f283 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
@@ -89,8 +89,8 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
         Map<String, Object> map = new LinkedHashMap<String, Object>();
         fillPropertyMap(map, artifact);
 
-        ss.put(new NodeProperty("File Name",
-                "File Name",
+        ss.put(new NodeProperty("Source",
+                "Source",
                 NO_DESCR,
                 associated.getName()));
 

From b59549697a2a428b8fba0552dac16aac4a174282 Mon Sep 17 00:00:00 2001
From: 0xNF <nflower@basistech.com>
Date: Fri, 7 Dec 2012 13:24:51 -0500
Subject: [PATCH 23/27] Unalloc will no longer disregard user command to not
 overwrite files on single volumes.

---
 .../sleuthkit/autopsy/directorytree/ExtractUnallocAction.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
index 881c6aa476..8513140675 100644
--- a/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
+++ b/Core/src/org/sleuthkit/autopsy/directorytree/ExtractUnallocAction.java
@@ -124,7 +124,7 @@ public final class ExtractUnallocAction extends AbstractAction {
                                 copyList.remove(u);
                             }
                         }
-                        if (!isImage) {
+                        if (!isImage & !copyList.isEmpty()) {
                             ExtractUnallocWorker uw = new ExtractUnallocWorker(u);
                             uw.execute();
                         }

From cba50d3286a743ad0172d9681d2ba17ff63c6fe7 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 13:33:16 -0500
Subject: [PATCH 24/27] rename to "Source File" for consistency with report

---
 .../sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java   | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
index e92946f283..ecb955911c 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/BlackboardArtifactNode.java
@@ -89,8 +89,8 @@ public class BlackboardArtifactNode extends DisplayableItemNode {
         Map<String, Object> map = new LinkedHashMap<String, Object>();
         fillPropertyMap(map, artifact);
 
-        ss.put(new NodeProperty("Source",
-                "Source",
+        ss.put(new NodeProperty("Source File",
+                "Source File",
                 NO_DESCR,
                 associated.getName()));
 

From 19347bf911aac0e23f32d3dd83d3847c1312e398 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 13:37:21 -0500
Subject: [PATCH 25/27] more info on bookmarks in news

---
 NEWS.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/NEWS.txt b/NEWS.txt
index f4d494cc20..4473b3a07a 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -2,7 +2,7 @@
 
 New features:
 - Extraction of all unallocated blocks as a single file
-- Results bookmarks
+- Results bookmarks with comments and basic bookmark reporting
 - Hashkeeper hash database support
 
 Improvements:

From 7a52c97c70e14ad4f69ad3dc026859bbd77e2f28 Mon Sep 17 00:00:00 2001
From: adam-m <amalinowski@basistech.com>
Date: Fri, 7 Dec 2012 16:48:21 -0500
Subject: [PATCH 26/27] news for next release

---
 NEWS.txt | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/NEWS.txt b/NEWS.txt
index 4473b3a07a..80438d494a 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -1,3 +1,12 @@
+---------------- VERSION Current (dev) --------------
+New features:
+
+
+Improvements:
+
+
+Bugfixes:
+
 ---------------- VERSION 3.0.2 --------------
 
 New features:

From 279b268dda50776e95ab66f29d0f40a80fd94fed Mon Sep 17 00:00:00 2001
From: Tim McIver <mciver@basistech.com>
Date: Mon, 10 Dec 2012 14:22:12 -0500
Subject: [PATCH 27/27] Updates to code that were required as a result of
 changes to DataModel that were in support of AUT-669.

---
 .../DataContentViewerMedia.java               |  4 +-
 .../datamodel/AbstractFsContentNode.java      | 14 +++----
 .../autopsy/datamodel/DirectoryNode.java      |  4 +-
 .../sleuthkit/autopsy/datamodel/FileNode.java |  4 +-
 .../datamodel/VirtualDirectoryNode.java       | 41 +++++++++++++++----
 .../autopsy/ingest/IngestScheduler.java       |  9 ++--
 .../autopsy/report/ReportBodyFile.java        |  6 ++-
 7 files changed, 54 insertions(+), 28 deletions(-)

diff --git a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
index 0b8e584edc..6afbc66aae 100644
--- a/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
+++ b/Core/src/org/sleuthkit/autopsy/corecomponents/DataContentViewerMedia.java
@@ -40,7 +40,7 @@ import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.corecomponentinterfaces.DataContentViewer;
 import org.sleuthkit.autopsy.datamodel.ContentUtils;
 import org.sleuthkit.datamodel.File;
-import org.sleuthkit.datamodel.TskData;
+import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
 
 /**
  *
@@ -332,7 +332,7 @@ public class DataContentViewerMedia extends javax.swing.JPanel implements DataCo
             return false;
         }
 
-        if (File.dirFlagToValue(file.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
+        if (file.getDirFlag() == TSK_FS_NAME_FLAG_ENUM.UNALLOC) {
             return false;
         }
 
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
index b9c7062f98..73233bfe91 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/AbstractFsContentNode.java
@@ -18,11 +18,11 @@
  */
 package org.sleuthkit.autopsy.datamodel;
 
-import java.text.SimpleDateFormat;
 import java.util.LinkedHashMap;
 import java.util.Map;
 import org.openide.nodes.Sheet;
 import org.sleuthkit.datamodel.FsContent;
+import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
 
 /**
  * Abstract class that implements the commonality between File and Directory
@@ -236,15 +236,15 @@ public abstract class AbstractFsContentNode<T extends FsContent> extends Abstrac
         map.put(FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(content.getAtime(), content));
         map.put(FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(content.getCrtime(), content));
         map.put(FsContentPropertyType.SIZE.toString(), content.getSize());
-        map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
-        map.put(FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
-        map.put(FsContentPropertyType.MODE.toString(), content.getModeAsString());
+        map.put(FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlag().toString());
+        map.put(FsContentPropertyType.FLAGS_META.toString(), Integer.toString(content.getMetaFlagsInt()));
+        map.put(FsContentPropertyType.MODE.toString(), TSK_FS_META_MODE_ENUM.toString(content.getModes(), content.getMetaType()));
         map.put(FsContentPropertyType.USER_ID.toString(), content.getUid());
         map.put(FsContentPropertyType.GROUP_ID.toString(), content.getGid());
         map.put(FsContentPropertyType.META_ADDR.toString(), content.getMetaAddr());
-        map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType()) + "-" + Long.toString(content.getAttrId()));
-        map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
-        map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
+        map.put(FsContentPropertyType.ATTR_ADDR.toString(), Long.toString(content.getAttrType().getValue()) + "-" + Long.toString(content.getAttrId()));
+        map.put(FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().getLabel());
+        map.put(FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
         map.put(FsContentPropertyType.KNOWN.toString(), content.getKnown().getName());
         map.put(FsContentPropertyType.MD5HASH.toString(), content.getMd5Hash() == null ? "" : content.getMd5Hash());
     }
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
index ef9e2adcec..d52d477176 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/DirectoryNode.java
@@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
 
 import javax.swing.Action;
 import org.sleuthkit.datamodel.Directory;
-import org.sleuthkit.datamodel.TskData;
+import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
 
 /**
  * This class is used to represent the "Node" for the directory.
@@ -39,7 +39,7 @@ public class DirectoryNode extends AbstractFsContentNode<Directory> {
         super(dir, directoryBrowseMode);
 
         // set name, display name, and icon
-        if (Directory.dirFlagToValue(dir.getDirFlags()).equals(TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.toString())) {
+        if (dir.getDirFlag() == TSK_FS_NAME_FLAG_ENUM.UNALLOC) {
             this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/folder-icon-deleted.png");
         } else {
             this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/Folder-icon.png");
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
index efa01982fb..7ba667cb99 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/FileNode.java
@@ -20,7 +20,7 @@ package org.sleuthkit.autopsy.datamodel;
 
 import javax.swing.Action;
 import org.sleuthkit.datamodel.File;
-import org.sleuthkit.datamodel.TskData;
+import org.sleuthkit.datamodel.TskData.TSK_FS_NAME_FLAG_ENUM;
 
 /**
  * This class is used to represent the "Node" for the file. It has no children.
@@ -39,7 +39,7 @@ public class FileNode extends AbstractFsContentNode<File> {
         super(file, directoryBrowseMode);
 
         // set name, display name, and icon
-        if (file.getDirFlags() == (TskData.TSK_FS_NAME_FLAG_ENUM.TSK_FS_NAME_FLAG_UNALLOC.getDirFlag())) {
+        if (file.getDirFlag() == TSK_FS_NAME_FLAG_ENUM.UNALLOC) {
             this.setIconBaseWithExtension("org/sleuthkit/autopsy/images/file-icon-deleted.png");
         } else {
             this.setIconBaseWithExtension(getIconForFileType(file));
diff --git a/Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java b/Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
index 0cc76646ed..5e9ab5dc8c 100644
--- a/Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
+++ b/Core/src/org/sleuthkit/autopsy/datamodel/VirtualDirectoryNode.java
@@ -23,7 +23,7 @@ import java.util.Map;
 import org.openide.nodes.Sheet;
 import org.sleuthkit.autopsy.datamodel.LayoutFileNode.LayoutContentPropertyType;
 import org.sleuthkit.datamodel.VirtualDirectory;
-import org.sleuthkit.datamodel.LayoutFile;
+import org.sleuthkit.datamodel.TskData;
 
 /**
  * Node for layout dir
@@ -83,8 +83,6 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
     public boolean isLeafTypeNode() {
         return true;
     }
-    
-    
 
     //TODO consider extend AbstractFsContent node and use that
     //first need methods such as getDirType() to be pushed to AbstractFile class
@@ -97,9 +95,38 @@ public class VirtualDirectoryNode extends AbstractAbstractFileNode<VirtualDirect
         map.put(AbstractFsContentNode.FsContentPropertyType.CHANGED_TIME.toString(), ContentUtils.getStringTime(0, content));
         map.put(AbstractFsContentNode.FsContentPropertyType.ACCESS_TIME.toString(), ContentUtils.getStringTime(0, content));
         map.put(AbstractFsContentNode.FsContentPropertyType.CREATED_TIME.toString(), ContentUtils.getStringTime(0, content));
-        map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlagsAsString());
-        map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), content.getMetaFlagsAsString());
-        map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirTypeAsString());
-        map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaTypeAsString());
+        map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_DIR.toString(), content.getDirFlags().toString());
+        map.put(AbstractFsContentNode.FsContentPropertyType.FLAGS_META.toString(), metaFlagToString(content.getMetaFlags()));
+        map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_DIR.toString(), content.getDirType().toString());
+        map.put(AbstractFsContentNode.FsContentPropertyType.TYPE_META.toString(), content.getMetaType().toString());
+    }
+    
+    /**
+     * Convert meta flag long to user-readable string / label
+     *
+     * @param metaFlag to convert
+     * @return string formatted meta flag representation
+     */
+    public static String metaFlagToString(short metaFlag) {
+
+        String result = "";
+
+        short allocFlag = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.getValue();
+        short unallocFlag = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.getValue();
+
+        // some variables that might be needed in the future
+        //long usedFlag = TskData.TSK_FS_META_FLAG_ENUM.USED.getMetaFlag();
+        //long unusedFlag = TskData.TSK_FS_META_FLAG_ENUM.UNUSED.getMetaFlag();
+        //long compFlag = TskData.TSK_FS_META_FLAG_ENUM.COMP.getMetaFlag();
+        //long orphanFlag = TskData.TSK_FS_META_FLAG_ENUM.ORPHAN.getMetaFlag();
+
+        if ((metaFlag & allocFlag) == allocFlag) {
+            result = TskData.TSK_FS_META_FLAG_ENUM.ALLOC.toString();
+        }
+        if ((metaFlag & unallocFlag) == unallocFlag) {
+            result = TskData.TSK_FS_META_FLAG_ENUM.UNALLOC.toString();
+        }
+
+        return result;
     }
 }
diff --git a/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java b/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
index dffce2aa5d..482fdd9762 100644
--- a/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
+++ b/Core/src/org/sleuthkit/autopsy/ingest/IngestScheduler.java
@@ -22,7 +22,6 @@ import java.sql.ResultSet;
 import java.sql.SQLException;
 import java.util.ArrayList;
 import java.util.Collection;
-import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashSet;
 import java.util.Iterator;
@@ -42,15 +41,13 @@ import org.sleuthkit.datamodel.ContentVisitor;
 import org.sleuthkit.datamodel.Directory;
 import org.sleuthkit.datamodel.File;
 import org.sleuthkit.datamodel.FileSystem;
-import org.sleuthkit.datamodel.FsContent;
 import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.VirtualDirectory;
 import org.sleuthkit.datamodel.LayoutFile;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
-import org.sleuthkit.datamodel.Volume;
-import org.sleuthkit.datamodel.VolumeSystem;
+import org.sleuthkit.datamodel.TskData.TSK_FS_META_TYPE_ENUM;
 
 /**
  * Schedules images and files with their associated modules for ingest, and
@@ -745,8 +742,8 @@ class IngestScheduler {
                 queryB.append("SELECT COUNT(*) FROM tsk_files WHERE ( (fs_obj_id = ").append(fs.getId());
                 //queryB.append(") OR (fs_obj_id = NULL) )");
                 queryB.append(") )");
-                queryB.append(" AND ( (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getMetaType());
-                queryB.append(") OR (meta_type = ").append(TskData.TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getMetaType());
+                queryB.append(" AND ( (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_REG.getValue());
+                queryB.append(") OR (meta_type = ").append(TSK_FS_META_TYPE_ENUM.TSK_FS_META_TYPE_DIR.getValue());
                 queryB.append(" AND (name != '.') AND (name != '..')");
                 queryB.append(") )");
 
diff --git a/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java b/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
index 9d341d631b..ef29e36d7d 100644
--- a/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
+++ b/Core/src/org/sleuthkit/autopsy/report/ReportBodyFile.java
@@ -42,6 +42,7 @@ import org.sleuthkit.autopsy.coreutils.Logger;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.ingest.IngestManager;
 import org.sleuthkit.datamodel.*;
+import org.sleuthkit.datamodel.TskData.TSK_FS_META_MODE_ENUM;
 
 /**
  * ReportBodyFile generates a report in the body file format specified on
@@ -122,8 +123,9 @@ public class ReportBodyFile implements ReportModule {
                     out.write("|");
                     out.write(Long.toString(file.getMetaAddr()));
                     out.write("|");
-                    if(file.getModeAsString()!=null) {
-                        out.write(file.getModeAsString());
+                    String modeString = TSK_FS_META_MODE_ENUM.toString(file.getModes(), file.getMetaType());
+                    if(modeString != null) {
+                        out.write(modeString);
                     }
                     out.write("|");
                     out.write(Long.toString(file.getUid()));