Merge pull request #6986 from gdicristofaro/7592-analysisResultsScore

7592 analysis results score

Core/src/org/sleuthkit/autopsy/centralrepository/eventlisteners/IngestEventsListener.java

@@ -37,7 +37,6 @@ import org.apache.commons.lang3.StringUtils;
 import org.openide.util.NbBundle;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
-import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepoAccount;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeInstance;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeNormalizationException;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CorrelationAttributeUtil;
@@ -63,12 +62,9 @@ import org.sleuthkit.datamodel.Image;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.autopsy.centralrepository.datamodel.CentralRepository;
-import org.sleuthkit.autopsy.centralrepository.datamodel.Persona;
-import org.sleuthkit.autopsy.centralrepository.datamodel.PersonaAccount;
-import org.sleuthkit.datamodel.Account;
-import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT;
-import org.sleuthkit.datamodel.CommunicationsUtils;
 import org.sleuthkit.datamodel.Score;
+import org.sleuthkit.datamodel.Score.MethodCategory;
+import org.sleuthkit.datamodel.Score.Significance;
 
 /**
  * Listen for ingest events and update entries in the Central Repository
@@ -76,7 +72,7 @@ import org.sleuthkit.datamodel.Score;
  */
 @NbBundle.Messages({"IngestEventsListener.ingestmodule.name=Central Repository"})
 public class IngestEventsListener {
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Significance.LIKELY_NOTABLE, MethodCategory.AUTO);
     private static final Logger LOGGER = Logger.getLogger(CorrelationAttributeInstance.class.getName());
     private static final Set<IngestManager.IngestJobEvent> INGEST_JOB_EVENTS_OF_INTEREST = EnumSet.of(IngestManager.IngestJobEvent.DATA_SOURCE_ANALYSIS_COMPLETED);
     private static final Set<IngestManager.IngestModuleEvent> INGEST_MODULE_EVENTS_OF_INTEREST = EnumSet.of(DATA_ADDED);
@@ -216,17 +212,17 @@ public class IngestEventsListener {
     @NbBundle.Messages({"IngestEventsListener.prevTaggedSet.text=Previously Tagged As Notable (Central Repository)",
         "IngestEventsListener.prevCaseComment.text=Previous Case: "})
     static private void makeAndPostPreviousNotableArtifact(BlackboardArtifact originalArtifact, List<String> caseDisplayNames) {
-
+        Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList(
-        Collection<BlackboardAttribute> attributesForNewArtifact = Arrays.asList(new BlackboardAttribute(
+                new BlackboardAttribute(
-                TSK_SET_NAME, MODULE_NAME,
+                        TSK_SET_NAME, MODULE_NAME,
-                Bundle.IngestEventsListener_prevTaggedSet_text()),
+                        Bundle.IngestEventsListener_prevTaggedSet_text()),
                 new BlackboardAttribute(
                         TSK_COMMENT, MODULE_NAME,
                         Bundle.IngestEventsListener_prevCaseComment_text() + caseDisplayNames.stream().distinct().collect(Collectors.joining(","))),
                 new BlackboardAttribute(
                         TSK_ASSOCIATED_ARTIFACT, MODULE_NAME,
                         originalArtifact.getArtifactID()));
-        makeAndPostInterestingArtifact(originalArtifact, attributesForNewArtifact);
+        makeAndPostInterestingArtifact(originalArtifact, attributesForNewArtifact, Bundle.IngestEventsListener_prevTaggedSet_text());
     }
 
     /**
@@ -251,26 +247,28 @@ public class IngestEventsListener {
                 new BlackboardAttribute(
                         TSK_ASSOCIATED_ARTIFACT, MODULE_NAME,
                         originalArtifact.getArtifactID()));
-        makeAndPostInterestingArtifact(originalArtifact, attributesForNewArtifact);
+        makeAndPostInterestingArtifact(originalArtifact, attributesForNewArtifact, Bundle.IngestEventsListener_prevExists_text());
     }
-
+    
+    
     /**
      * Make an interesting item artifact to flag the passed in artifact.
      *
      * @param originalArtifact         Artifact in current case we want to flag
      * @param attributesForNewArtifact Attributes to assign to the new
      *                                 Interesting items artifact
+     * @param configuration            The configuration to be specified for the new interesting artifact hit
      */
-    private static void makeAndPostInterestingArtifact(BlackboardArtifact originalArtifact, Collection<BlackboardAttribute> attributesForNewArtifact) {
+    private static void makeAndPostInterestingArtifact(BlackboardArtifact originalArtifact, Collection<BlackboardAttribute> attributesForNewArtifact, String configuration) {
         try {
             SleuthkitCase tskCase = originalArtifact.getSleuthkitCase();
             AbstractFile abstractFile = tskCase.getAbstractFileById(originalArtifact.getObjectID());
             Blackboard blackboard = tskCase.getBlackboard();
             // Create artifact if it doesn't already exist.
             if (!blackboard.artifactExists(abstractFile, TSK_INTERESTING_ARTIFACT_HIT, attributesForNewArtifact)) {
-                BlackboardArtifact newInterestingArtifact = abstractFile.newAnalysisResult(
+                  BlackboardArtifact newInterestingArtifact = abstractFile.newAnalysisResult(
-                        new BlackboardArtifact.Type(TSK_INTERESTING_ARTIFACT_HIT),
+                        BlackboardArtifact.Type.TSK_INTERESTING_ARTIFACT_HIT, LIKELY_NOTABLE_SCORE, 
-                        Score.SCORE_UNKNOWN, null, null, null, attributesForNewArtifact)
+                        null, configuration, null, attributesForNewArtifact)
                         .getAnalysisResult();
 
                 try {

Core/src/org/sleuthkit/autopsy/centralrepository/ingestmodule/CentralRepoIngestModule.java

@@ -67,7 +67,7 @@ import org.sleuthkit.datamodel.Score;
 final class CentralRepoIngestModule implements FileIngestModule {
 
     private static final String MODULE_NAME = CentralRepoIngestModuleFactory.getModuleName();
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
     static final boolean DEFAULT_FLAG_TAGGED_NOTABLE_ITEMS = false;
     static final boolean DEFAULT_FLAG_PREVIOUS_DEVICES = false;
     static final boolean DEFAULT_CREATE_CR_PROPERTIES = true;
@@ -334,7 +334,6 @@ final class CentralRepoIngestModule implements FileIngestModule {
      * @param caseDisplayNames Case names to be added to a TSK_COMMON attribute.
      */
     private void postCorrelatedBadFileToBlackboard(AbstractFile abstractFile, List<String> caseDisplayNames) {
-
         Collection<BlackboardAttribute> attributes = Arrays.asList(
                 new BlackboardAttribute(
                         TSK_SET_NAME, MODULE_NAME,
@@ -347,8 +346,8 @@ final class CentralRepoIngestModule implements FileIngestModule {
             // Create artifact if it doesn't already exist.
             if (!blackboard.artifactExists(abstractFile, TSK_INTERESTING_FILE_HIT, attributes)) {
                 BlackboardArtifact tifArtifact = abstractFile.newAnalysisResult(
-                        new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), 
+                        BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE, 
-                        Score.SCORE_UNKNOWN, null, null, null, attributes)
+                        null, Bundle.CentralRepoIngestModule_prevTaggedSet_text(), null, attributes)
                         .getAnalysisResult();
                 try {
                     // index the artifact for keyword search

Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java

@@ -29,7 +29,6 @@ import java.nio.file.Path;
 import java.nio.file.Paths;
 import java.util.ArrayList;
 import java.util.Arrays;
-import java.util.Collection;
 import java.util.HashMap;
 import java.util.Iterator;
 import java.util.List;
@@ -37,7 +36,6 @@ import java.util.Map;
 import java.util.logging.Level;
 import javax.annotation.concurrent.GuardedBy;
 import org.apache.commons.io.FileUtils;
-import org.openide.util.Exceptions;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -102,6 +100,8 @@ final class AddLogicalImageTask implements Runnable {
         }
     }
 
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    
     private final static Logger LOGGER = Logger.getLogger(AddLogicalImageTask.class.getName());
     private final static String SEARCH_RESULTS_TXT = "SearchResults.txt"; //NON-NLS
     private final static String USERS_TXT = "_users.txt"; //NON-NLS
@@ -445,13 +445,9 @@ final class AddLogicalImageTask implements Runnable {
         BlackboardArtifact artifact;
         try {
             artifact = this.blackboard.newAnalysisResult(
-                    BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT,
+                    BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, fileId, dataSourceId,
-                    fileId,
+                    LIKELY_NOTABLE_SCORE,
-                    dataSourceId,
+                    null, ruleSetName, null,
-                    Score.SCORE_UNKNOWN,
-                    null,
-                    null,
-                    null,
                     Arrays.asList(
                             new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),
                             new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName)

Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java

@@ -51,6 +51,7 @@ import org.sleuthkit.datamodel.TskDataException;
  */
 public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
 
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
     private static final Logger logger = Logger.getLogger(DataSourceIntegrityIngestModule.class.getName());
     private static final long DEFAULT_CHUNK_SIZE = 32 * 1024;
     private static final IngestServices services = IngestServices.getInstance();
@@ -294,10 +295,10 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
             if (!verified) {
                 try {
                     BlackboardArtifact verificationFailedArtifact = Case.getCurrentCase().getSleuthkitCase().getBlackboard().newAnalysisResult(
-                            new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_VERIFICATION_FAILED),
+                            BlackboardArtifact.Type.TSK_VERIFICATION_FAILED,
                             img.getId(), img.getId(),
-                            Score.SCORE_UNKNOWN,
+                            NOTABLE_SCORE,
-                            null, null, null,
+                            null, null, artifactComment,
                             Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
                                     DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)))
                             .getAnalysisResult();

Core/src/org/sleuthkit/autopsy/modules/embeddedfileextractor/SevenZipExtractor.java

@@ -89,7 +89,9 @@ class SevenZipExtractor {
     private static final Logger logger = Logger.getLogger(SevenZipExtractor.class.getName());
 
     private static final String MODULE_NAME = EmbeddedFileExtractorModuleFactory.getModuleName();
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
+    
     //encryption type strings
     private static final String ENCRYPTION_FILE_LEVEL = NbBundle.getMessage(EmbeddedFileExtractorIngestModule.class,
             "EmbeddedFileExtractorIngestModule.ArchiveExtractor.encryptionFileLevel");
@@ -302,11 +304,13 @@ class SevenZipExtractor {
     private void flagRootArchiveAsZipBomb(Archive rootArchive, AbstractFile archiveFile, String details, String escapedFilePath) {
         rootArchive.flagAsZipBomb();
         logger.log(Level.INFO, details);
+        
+        String setName = "Possible Zip Bomb";
         try {
             Collection<BlackboardAttribute> attributes = Arrays.asList(
                     new BlackboardAttribute(
                             TSK_SET_NAME, MODULE_NAME,
-                            "Possible Zip Bomb"),
+                            setName),
                     new BlackboardAttribute(
                             TSK_DESCRIPTION, MODULE_NAME,
                             Bundle.SevenZipExtractor_zipBombArtifactCreation_text(archiveFile.getName())),
@@ -315,9 +319,13 @@ class SevenZipExtractor {
                             details));
 
             if (!blackboard.artifactExists(archiveFile, TSK_INTERESTING_FILE_HIT, attributes)) {
-                BlackboardArtifact artifact = rootArchive.getArchiveFile().newAnalysisResult(
+ 
-                        new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                BlackboardArtifact artifact = archiveFile.newAnalysisResult(
+                        BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE, 
+                        null, setName, null, 
+                        attributes)
                         .getAnalysisResult();
+
                 try {
                     /*
                      * post the artifact which will index the artifact for
@@ -855,8 +863,9 @@ class SevenZipExtractor {
             String encryptionType = fullEncryption ? ENCRYPTION_FULL : ENCRYPTION_FILE_LEVEL;
             try {
                 BlackboardArtifact artifact = archiveFile.newAnalysisResult(
-                        new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED), Score.SCORE_UNKNOWN, 
+                        new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED), 
-                        null, null, null, 
+                        NOTABLE_SCORE, 
+                        null, null, encryptionType, 
                         Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, encryptionType)))
                         .getAnalysisResult();
 

Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionDataSourceIngestModule.java

@@ -47,6 +47,8 @@ import org.sleuthkit.datamodel.VolumeSystem;
  */
 final class EncryptionDetectionDataSourceIngestModule implements DataSourceIngestModule {
 
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
     private final IngestServices services = IngestServices.getInstance();
     private final Logger logger = services.getLogger(EncryptionDetectionModuleFactory.getModuleName());
     private Blackboard blackboard;
@@ -104,14 +106,16 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
                             return ProcessResult.OK;
                         }
                         if (BitlockerDetection.isBitlockerVolume(volume)) {
-                            return flagVolume(volume, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED, Bundle.EncryptionDetectionDataSourceIngestModule_artifactComment_bitlocker());
+                            return flagVolume(volume, BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, NOTABLE_SCORE, 
+                                    Bundle.EncryptionDetectionDataSourceIngestModule_artifactComment_bitlocker());
                         }
 
                         if (context.dataSourceIngestIsCancelled()) {
                             return ProcessResult.OK;
                         }
                         if (isVolumeEncrypted(volume)) {
-                            return flagVolume(volume, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_SUSPECTED, String.format(Bundle.EncryptionDetectionDataSourceIngestModule_artifactComment_suspected(), calculatedEntropy));
+                            return flagVolume(volume, BlackboardArtifact.Type.TSK_ENCRYPTION_SUSPECTED, LIKELY_NOTABLE_SCORE,
+                                    String.format(Bundle.EncryptionDetectionDataSourceIngestModule_artifactComment_suspected(), calculatedEntropy));
                         }
                     }
                     // Update progress bar
@@ -148,19 +152,20 @@ final class EncryptionDetectionDataSourceIngestModule implements DataSourceInges
      * @param volume       The volume to be processed.
      * @param artifactType The type of artifact to create. This is assumed to be
      *                     an analysis result type.
+     * @param score        The score of the analysis result.
      * @param comment      A comment to be attached to the artifact.
      *
      * @return 'OK' if the volume was processed successfully, or 'ERROR' if
      *         there was a problem.
      */
-    private IngestModule.ProcessResult flagVolume(Volume volume, BlackboardArtifact.ARTIFACT_TYPE artifactType, String comment) {
+    private IngestModule.ProcessResult flagVolume(Volume volume, BlackboardArtifact.Type artifactType, Score score, String comment) {
 
         if (context.dataSourceIngestIsCancelled()) {
             return ProcessResult.OK;
         }
 
         try {
-            BlackboardArtifact artifact = volume.newAnalysisResult(new BlackboardArtifact.Type(artifactType), Score.SCORE_UNKNOWN, null, null, null, 
+            BlackboardArtifact artifact = volume.newAnalysisResult(artifactType, score, null, null, comment, 
                     Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, EncryptionDetectionModuleFactory.getModuleName(), comment)))
                     .getAnalysisResult();
             

Core/src/org/sleuthkit/autopsy/modules/encryptiondetection/EncryptionDetectionFileIngestModule.java

@@ -28,7 +28,6 @@ import com.healthmarketscience.jackcess.util.MemFileChannel;
 import java.io.BufferedInputStream;
 import java.io.IOException;
 import java.io.InputStream;
-import java.nio.BufferUnderflowException;
 import java.util.Arrays;
 import java.util.logging.Level;
 import org.apache.tika.exception.EncryptedDocumentException;
@@ -65,7 +64,9 @@ import org.xml.sax.SAXException;
 final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter {
 
     private static final int FILE_SIZE_MODULUS = 512;
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
+    
     private static final String DATABASE_FILE_EXTENSION = "db";
     private static final int MINIMUM_DATABASE_FILE_SIZE = 65536; //64 KB
 
@@ -157,10 +158,11 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
                  */
                 String mimeType = fileTypeDetector.getMIMEType(file);
                 if (mimeType.equals("application/octet-stream") && isFileEncryptionSuspected(file)) {
-                    return flagFile(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_SUSPECTED,
+                    return flagFile(file, BlackboardArtifact.Type.TSK_ENCRYPTION_SUSPECTED, LIKELY_NOTABLE_SCORE,
                             String.format(Bundle.EncryptionDetectionFileIngestModule_artifactComment_suspected(), calculatedEntropy));
                 } else if (isFilePasswordProtected(file)) {
-                    return flagFile(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED, Bundle.EncryptionDetectionFileIngestModule_artifactComment_password());
+                    return flagFile(file, BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, NOTABLE_SCORE, 
+                    Bundle.EncryptionDetectionFileIngestModule_artifactComment_password());
                 }
             }
         } catch (ReadContentInputStreamException | SAXException | TikaException | UnsupportedCodecException ex) {
@@ -191,18 +193,19 @@ final class EncryptionDetectionFileIngestModule extends FileIngestModuleAdapter
      * @param file         The file to be processed.
      * @param artifactType The type of artifact to create. Assumed to be an
      *                     analysis result type.
+     * @param score        The score of the analysis result.
      * @param comment      A comment to be attached to the artifact.
      *
      * @return 'OK' if the file was processed successfully, or 'ERROR' if there
      *         was a problem.
      */
-    private IngestModule.ProcessResult flagFile(AbstractFile file, BlackboardArtifact.ARTIFACT_TYPE artifactType, String comment) {
+    private IngestModule.ProcessResult flagFile(AbstractFile file, BlackboardArtifact.Type artifactType, Score score, String comment) {
         try {
             if (context.fileIngestIsCancelled()) {
                 return IngestModule.ProcessResult.OK;
             }
 
-            BlackboardArtifact artifact = file.newAnalysisResult(new BlackboardArtifact.Type(artifactType), Score.SCORE_UNKNOWN, null, null, null, 
+            BlackboardArtifact artifact = file.newAnalysisResult(artifactType, score, null, null, comment, 
                     Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
                     EncryptionDetectionModuleFactory.getModuleName(), comment)))
                     .getAnalysisResult();

Core/src/org/sleuthkit/autopsy/modules/fileextmismatch/FileExtMismatchIngestModule.java

@@ -18,6 +18,7 @@
  */
 package org.sleuthkit.autopsy.modules.fileextmismatch;
 
+import java.text.MessageFormat;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Set;
@@ -52,7 +53,8 @@ import org.sleuthkit.datamodel.TskException;
     "FileExtMismatchIngestModule.readError.message=Could not read settings."
 })
 public class FileExtMismatchIngestModule implements FileIngestModule {
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    
     private static final Logger logger = Logger.getLogger(FileExtMismatchIngestModule.class.getName());
     private final IngestServices services = IngestServices.getInstance();
     private final FileExtMismatchDetectorModuleSettings settings;
@@ -141,9 +143,12 @@ public class FileExtMismatchIngestModule implements FileIngestModule {
             addToTotals(jobId, System.currentTimeMillis() - startTime);
 
             if (mismatchDetected) {
+                String justification = MessageFormat.format("File has MIME type of {0}", detector.getMIMEType(abstractFile));
+                
                 // add artifact               
                 BlackboardArtifact bart = abstractFile.newAnalysisResult(
-                        new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_EXT_MISMATCH_DETECTED), Score.SCORE_UNKNOWN, null, null, null, Collections.emptyList())
+                        BlackboardArtifact.Type.TSK_EXT_MISMATCH_DETECTED, LIKELY_NOTABLE_SCORE, 
+                        null, null, justification, Collections.emptyList())
                         .getAnalysisResult();
 
                 try {

Core/src/org/sleuthkit/autopsy/modules/filetypeid/FileTypeIdIngestModule.java

@@ -49,7 +49,8 @@ import org.sleuthkit.datamodel.TskCoreException;
  */
 @NbBundle.Messages({"CannotRunFileTypeDetection=Unable to run file type detection."})
 public class FileTypeIdIngestModule implements FileIngestModule {
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    
     private static final Logger logger = Logger.getLogger(FileTypeIdIngestModule.class.getName());
     private static final HashMap<Long, IngestJobTotals> totalsForIngestJobs = new HashMap<>();
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
@@ -164,9 +165,10 @@ public class FileTypeIdIngestModule implements FileIngestModule {
             // Create artifact if it doesn't already exist.
             if (!tskBlackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
                 BlackboardArtifact artifact = file.newAnalysisResult(
-                        new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                        BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE, 
+                        null, fileType.getInterestingFilesSetName(), null, 
+                        attributes)
                         .getAnalysisResult();
-                
                 try {
                     /*
                      * post the artifact which will index the artifact for

Core/src/org/sleuthkit/autopsy/modules/hashdatabase/HashDbIngestModule.java

@@ -49,6 +49,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.HashHitInfo;
 import org.sleuthkit.datamodel.HashUtility;
 import org.sleuthkit.datamodel.Score;
+import org.sleuthkit.datamodel.Score.Significance;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
@@ -382,9 +383,8 @@ public class HashDbIngestModule implements FileIngestModule {
 
                     totalCount.incrementAndGet();
                     file.setKnown(statusIfFound);
-                    String hashSetName = db.getDisplayName();
                     String comment = generateComment(hashInfo);
-                    if (!createArtifactIfNotExists(hashSetName, file, comment, db)) {
+                    if (!createArtifactIfNotExists(file, comment, db)) {
                         wasError = true;
                     }
                 }
@@ -427,24 +427,23 @@ public class HashDbIngestModule implements FileIngestModule {
     /**
      * Creates a BlackboardArtifact if artifact does not already exist.
      *
-     * @param hashSetName The name of the hashset found.
      * @param file        The file that had a hash hit.
      * @param comment     The comment to associate with this artifact.
      * @param db          the database in which this file was found.
      *
      * @return True if the operation occurred successfully and without error.
      */
-    private boolean createArtifactIfNotExists(String hashSetName, AbstractFile file, String comment, HashDb db) {
+    private boolean createArtifactIfNotExists(AbstractFile file, String comment, HashDb db) {
         /*
          * We have a match. Now create an artifact if it is determined that one
          * hasn't been created yet.
          */
         List<BlackboardAttribute> attributesList = new ArrayList<>();
-        attributesList.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, HashLookupModuleFactory.getModuleName(), hashSetName));
+        attributesList.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, HashLookupModuleFactory.getModuleName(), db.getDisplayName()));
         try {
             Blackboard tskBlackboard = skCase.getBlackboard();
             if (tskBlackboard.artifactExists(file, BlackboardArtifact.ARTIFACT_TYPE.TSK_HASHSET_HIT, attributesList) == false) {
-                postHashSetHitToBlackboard(file, file.getMd5Hash(), hashSetName, comment, db.getSendIngestMessages());
+                postHashSetHitToBlackboard(file, file.getMd5Hash(), db, comment);
             }
         } catch (TskCoreException ex) {
             logger.log(Level.SEVERE, String.format(
@@ -501,33 +500,53 @@ public class HashDbIngestModule implements FileIngestModule {
         totals.totalCalctime.addAndGet(delta);
     }
 
+    /**
+     * Converts HashDb.KnownFilesType to a Score to be used to create an analysis result.
+     * @param knownFilesType The HashDb KnownFilesType to convert.
+     * @return The Score to use when creating an AnalysisResult.
+     */
+    private Score getScore(HashDb.KnownFilesType knownFilesType) {
+        if (knownFilesType == null) {
+            return Score.SCORE_UNKNOWN;
+        }
+        switch (knownFilesType) {
+            case KNOWN:
+                return new Score(Significance.NONE, Score.MethodCategory.AUTO);
+            case KNOWN_BAD:
+                return new Score(Significance.NOTABLE, Score.MethodCategory.AUTO);
+            default:
+            case NO_CHANGE:
+                return Score.SCORE_UNKNOWN;
+        }
+    }
     /**
      * Post a hash set hit to the blackboard.
      *
      * @param abstractFile     The file to be processed.
      * @param md5Hash          The MD5 hash value of the file.
-     * @param hashSetName      The name of the hash set with which to associate
+     * @param db               The database in which this file was found.
-     *                         the hit.
      * @param comment          A comment to be attached to the artifact.
-     * @param showInboxMessage Show a message in the inbox?
      */
     @Messages({
         "HashDbIngestModule.indexError.message=Failed to index hashset hit artifact for keyword search."
     })
-    private void postHashSetHitToBlackboard(AbstractFile abstractFile, String md5Hash, String hashSetName, String comment, boolean showInboxMessage) {
+    private void postHashSetHitToBlackboard(AbstractFile abstractFile, String md5Hash, HashDb db, String comment) {
         try {
             String moduleName = HashLookupModuleFactory.getModuleName();
             
-            Collection<BlackboardAttribute> attributes = new ArrayList<>();
+            List<BlackboardAttribute> attributes = Arrays.asList(
-            //TODO Revisit usage of deprecated constructor as per TSK-583
+                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, db.getDisplayName()),
-            //BlackboardAttribute att2 = new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME.getTypeID(), MODULE_NAME, "Known Bad", hashSetName);
+                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5, moduleName, md5Hash),
-            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_SET_NAME, moduleName, hashSetName));
+                new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, moduleName, comment)
-            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_HASH_MD5, moduleName, md5Hash));
+            );
-            attributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, moduleName, comment));
 
+            // BlackboardArtifact.Type artifactType, Score score, String conclusion, String configuration, String justification, Collection<BlackboardAttribute> attributesList
             BlackboardArtifact badFile = abstractFile.newAnalysisResult(
-                    new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_HASHSET_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                    BlackboardArtifact.Type.TSK_HASHSET_HIT, getScore(db.getKnownFilesType()), 
-                    .getAnalysisResult();
+                    null, db.getDisplayName(), null,
+                    attributes
+            ).getAnalysisResult();
+
             try {
                 /*
                  * post the artifact which will index the artifact for keyword
@@ -540,7 +559,7 @@ public class HashDbIngestModule implements FileIngestModule {
                         Bundle.HashDbIngestModule_indexError_message(), badFile.getDisplayName());
             }
 
-            if (showInboxMessage) {
+            if (db.getSendIngestMessages()) {
                 StringBuilder detailsSb = new StringBuilder();
                 //details
                 detailsSb.append("<table border='0' cellpadding='4' width='280'>"); //NON-NLS
@@ -565,7 +584,7 @@ public class HashDbIngestModule implements FileIngestModule {
                 detailsSb.append("<th>") //NON-NLS
                         .append(NbBundle.getMessage(this.getClass(), "HashDbIngestModule.postToBB.hashsetName"))
                         .append("</th>"); //NON-NLS
-                detailsSb.append("<td>").append(hashSetName).append("</td>"); //NON-NLS
+                detailsSb.append("<td>").append(db.getDisplayName()).append("</td>"); //NON-NLS
                 detailsSb.append("</tr>"); //NON-NLS
 
                 detailsSb.append("</table>"); //NON-NLS

Core/src/org/sleuthkit/autopsy/modules/interestingitems/FilesIdentifierIngestModule.java

@@ -53,7 +53,8 @@ import org.sleuthkit.datamodel.TskData;
  */
 @NbBundle.Messages({"FilesIdentifierIngestModule.getFilesError=Error getting interesting files sets from file."})
 final class FilesIdentifierIngestModule implements FileIngestModule {
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    
     private static final Object sharedResourcesLock = new Object();
     private static final Logger logger = Logger.getLogger(FilesIdentifierIngestModule.class.getName());
     private static final IngestModuleReferenceCounter refCounter = new IngestModuleReferenceCounter();
@@ -144,9 +145,10 @@ final class FilesIdentifierIngestModule implements FileIngestModule {
                     // Create artifact if it doesn't already exist.
                     if (!blackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
                         BlackboardArtifact artifact = file.newAnalysisResult(
-                                new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                                BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE, 
+                                null, filesSet.getName(), null, 
+                                attributes)
                                 .getAnalysisResult();
-
                         try {
 
                             // Post thet artifact to the blackboard.

Core/src/org/sleuthkit/autopsy/modules/pictureanalyzer/impls/EXIFProcessor.java

@@ -153,7 +153,7 @@ public class EXIFProcessor implements PictureProcessor {
                 final BlackboardArtifact exifArtifact = file.newDataArtifact(new BlackboardArtifact.Type(TSK_METADATA_EXIF), attributes);
                 
                 final BlackboardArtifact userSuspectedArtifact = file.newAnalysisResult(
-                        new BlackboardArtifact.Type(TSK_USER_CONTENT_SUSPECTED), Score.SCORE_UNKNOWN, null, null, null,
+                        BlackboardArtifact.Type.TSK_USER_CONTENT_SUSPECTED, Score.SCORE_UNKNOWN, null, null, null,
                         Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT, MODULE_NAME, Bundle.ExifProcessor_userContent_description())))
                         .getAnalysisResult();
                 

Core/src/org/sleuthkit/autopsy/modules/yara/YaraIngestHelper.java

@@ -35,7 +35,6 @@ import org.sleuthkit.autopsy.yara.YaraJNIWrapper;
 import org.sleuthkit.autopsy.yara.YaraWrapperException;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.BlackboardArtifact;
-import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_YARA_HIT;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME;
 import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_RULE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
@@ -46,7 +45,8 @@ import org.sleuthkit.datamodel.TskCoreException;
  * Methods for scanning files for yara rule matches.
  */
 final class YaraIngestHelper {
-
+    
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
     private static final String YARA_DIR = "yara";
     private static final String YARA_C_EXE = "yarac64.exe";
     private static final String MODULE_NAME = YaraIngestModuleFactory.getModuleName();
@@ -207,7 +207,7 @@ final class YaraIngestHelper {
             attributes.add(new BlackboardAttribute(TSK_SET_NAME, MODULE_NAME, ruleSetName));
             attributes.add(new BlackboardAttribute(TSK_RULE, MODULE_NAME, rule));
 
-            BlackboardArtifact artifact = abstractFile.newAnalysisResult(new BlackboardArtifact.Type(TSK_YARA_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+            BlackboardArtifact artifact = abstractFile.newAnalysisResult(BlackboardArtifact.Type.TSK_YARA_HIT, NOTABLE_SCORE, null, ruleSetName, rule, attributes)
                     .getAnalysisResult();
 
             artifacts.add(artifact);

Core/src/org/sleuthkit/autopsy/report/modules/stix/StixArtifactData.java

@@ -42,7 +42,7 @@ import org.sleuthkit.datamodel.TskCoreException;
  *
  */
 class StixArtifactData {
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
     private static final String MODULE_NAME = "Stix";
 
     private AbstractFile file;
@@ -89,8 +89,10 @@ class StixArtifactData {
         // Create artifact if it doesn't already exist.
         if (!blackboard.artifactExists(file, TSK_INTERESTING_FILE_HIT, attributes)) {
             BlackboardArtifact bba = file.newAnalysisResult(
-                    new BlackboardArtifact.Type(TSK_INTERESTING_FILE_HIT), 
+                    BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE, 
-                    Score.SCORE_UNKNOWN, null, null, null, attributes).getAnalysisResult();
+                    null, setName, null, 
+                    attributes)
+                    .getAnalysisResult();
 
             try {
                 /*

Experimental/src/org/sleuthkit/autopsy/experimental/objectdetection/ObjectDetectectionFileIngestModule.java

@@ -47,7 +47,6 @@ import org.sleuthkit.autopsy.ingest.IngestServices;
 import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
-import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_OBJECT_DETECTED;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
@@ -171,7 +170,7 @@ public class ObjectDetectectionFileIngestModule extends FileIngestModuleAdapter
                         );
                         
                         BlackboardArtifact artifact = file.newAnalysisResult(
-                                new BlackboardArtifact.Type(TSK_OBJECT_DETECTED), Score.SCORE_UNKNOWN, null, null, null, attributes)
+                                BlackboardArtifact.Type.TSK_OBJECT_DETECTED, Score.SCORE_UNKNOWN, null, null, null, attributes)
                                 .getAnalysisResult();
                         
                         try {

Experimental/src/org/sleuthkit/autopsy/experimental/volatilityDSP/VolatilityProcessor.java

@@ -56,7 +56,8 @@ import org.sleuthkit.datamodel.TskData.TSK_DB_FILES_TYPE_ENUM;
  * artifacts.
  */
 class VolatilityProcessor {
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    
     private static final Logger logger = Logger.getLogger(VolatilityProcessor.class.getName());
     private static final String VOLATILITY = "Volatility"; //NON-NLS
     private static final String VOLATILITY_EXECUTABLE = "volatility_2.6_win64_standalone.exe"; //NON-NLS
@@ -377,17 +378,15 @@ class VolatilityProcessor {
                     }
                     try {
 
-                        Collection<BlackboardAttribute> attributes = singleton(
+                        String setName = Bundle.VolatilityProcessor_artifactAttribute_interestingFileSet(pluginName);
-                                new BlackboardAttribute(
+                        Collection<BlackboardAttribute> attributes = singleton(new BlackboardAttribute(TSK_SET_NAME, VOLATILITY, setName));
-                                        TSK_SET_NAME, VOLATILITY,
-                                        Bundle.VolatilityProcessor_artifactAttribute_interestingFileSet(pluginName))
-                        );
 
                         // Create artifact if it doesn't already exist.
                         if (!blackboard.artifactExists(resolvedFile, BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, attributes)) {
                             BlackboardArtifact volArtifact = resolvedFile.newAnalysisResult(
-                                    new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT), 
+                                    BlackboardArtifact.Type.TSK_INTERESTING_FILE_HIT, LIKELY_NOTABLE_SCORE, 
-                                    Score.SCORE_UNKNOWN, null, null, null, attributes)
+                                    null, setName, null, 
+                                    attributes)
                                     .getAnalysisResult();
 
                             try {

KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/LuceneQuery.java

@@ -61,6 +61,7 @@ class LuceneQuery implements KeywordSearchQuery {
     static final int SNIPPET_LENGTH = 50;
     static final String HIGHLIGHT_FIELD = Server.Schema.TEXT.toString();
 
+    private static final Score KEYWORD_SEARCH_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
     private static final boolean DEBUG = (Version.getBuildType() == Version.Type.DEVELOPMENT);
 
     /**
@@ -263,7 +264,10 @@ class LuceneQuery implements KeywordSearchQuery {
         );
 
         try {
-            return content.newAnalysisResult(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_KEYWORD_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+            return content.newAnalysisResult(
+                    BlackboardArtifact.Type.TSK_KEYWORD_HIT, KEYWORD_SEARCH_SCORE, 
+                    null, listName, null, 
+                    attributes)
                     .getAnalysisResult();
         } catch (TskCoreException e) {
             logger.log(Level.WARNING, "Error adding bb artifact for keyword hit", e); //NON-NLS

KeywordSearch/src/org/sleuthkit/autopsy/keywordsearch/RegexQuery.java

@@ -48,7 +48,6 @@ import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Account;
 import org.sleuthkit.datamodel.AccountFileInstance;
 import org.sleuthkit.datamodel.BlackboardArtifact;
-import org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.Content;
@@ -73,7 +72,8 @@ import org.sleuthkit.datamodel.TskData;
 final class RegexQuery implements KeywordSearchQuery {
 
     public static final Logger LOGGER = Logger.getLogger(RegexQuery.class.getName());
-
+    private static final Score LIKELY_NOTABLE_SCORE = new Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO);
+    
     /**
      * Lucene regular expressions do not support the following Java predefined
      * and POSIX character classes. There are other valid Java character classes
@@ -614,7 +614,9 @@ final class RegexQuery implements KeywordSearchQuery {
         }
 
         try {
-            return content.newAnalysisResult(new BlackboardArtifact.Type(ARTIFACT_TYPE.TSK_KEYWORD_HIT), Score.SCORE_UNKNOWN, null, null, null, attributes)
+            return content.newAnalysisResult(
+                    BlackboardArtifact.Type.TSK_KEYWORD_HIT, LIKELY_NOTABLE_SCORE, 
+                    null, listName, null, attributes)
                     .getAnalysisResult();
         } catch (TskCoreException e) {
             LOGGER.log(Level.SEVERE, "Error adding bb attributes for terms search artifact", e); //NON-NLS

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Chromium.java

@@ -41,6 +41,7 @@ import java.util.List;
 import java.util.Map;
 import java.util.HashMap;
 import java.util.ArrayList;
+import java.util.Arrays;
 import org.apache.commons.io.FilenameUtils;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -59,6 +60,7 @@ import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE;
 import org.sleuthkit.datamodel.Content;
 import org.sleuthkit.datamodel.ReadContentInputStream.ReadContentInputStreamException;
+import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.TskCoreException;
 import org.sleuthkit.datamodel.TskData;
 import org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper;
@@ -67,7 +69,8 @@ import org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper;
  * Chromium recent activity extraction
  */
 class Chromium extends Extract {
-
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
+    
     private static final String HISTORY_QUERY = "SELECT urls.url, urls.title, urls.visit_count, urls.typed_count, " //NON-NLS
             + "last_visit_time, urls.hidden, visits.visit_time, (SELECT urls.url FROM urls WHERE urls.id=visits.url) AS from_visit, visits.transition FROM urls, visits WHERE urls.id = visits.url"; //NON-NLS
     private static final String COOKIE_QUERY = "SELECT name, value, host_key, expires_utc,last_access_utc, creation_utc FROM cookies"; //NON-NLS
@@ -823,11 +826,15 @@ class Chromium extends Extract {
                 // get form address atifacts
                 getFormAddressArtifacts(webDataFile, tempFilePath, isSchemaV8X);
                 if (databaseEncrypted) {
-                   Collection<BlackboardAttribute> bbattributes = new ArrayList<>(); 
+                    String comment = String.format("%s Autofill Database Encryption Detected", browser);
-                   bbattributes.add(new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT,
+                   Collection<BlackboardAttribute> bbattributes = Arrays.asList(
-                            RecentActivityExtracterModuleFactory.getModuleName(), 
+                           new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_COMMENT, 
-                            String.format("%s Autofill Database Encryption Detected", browser)));
+                                   RecentActivityExtracterModuleFactory.getModuleName(), comment));
-                   bbartifacts.add(createArtifactWithAttributes(ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED, webDataFile, bbattributes)); 
+
+                   bbartifacts.add(
+                           webDataFile.newAnalysisResult(
+                                   BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, NOTABLE_SCORE, 
+                                   null, null, comment, bbattributes).getAnalysisResult()); 
                 }
             } catch (NoCurrentCaseException | TskCoreException | Blackboard.BlackboardException ex) {
                 logger.log(Level.SEVERE, String.format("Error adding artifacts to the case database "

RecentActivity/src/org/sleuthkit/autopsy/recentactivity/Extract.java

@@ -34,7 +34,6 @@ import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
-import java.util.Optional;
 import java.util.logging.Level;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
@@ -51,7 +50,6 @@ import org.sleuthkit.datamodel.BlackboardArtifact;
 import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_ASSOCIATED_OBJECT;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.Content;
-import org.sleuthkit.datamodel.OsAccount;
 import org.sleuthkit.datamodel.Score;
 import org.sleuthkit.datamodel.SleuthkitCase;
 import org.sleuthkit.datamodel.TskCoreException;

pythonExamples/dataSourceIngestModule.py

@@ -37,6 +37,7 @@ from java.lang import System
 from java.util.logging import Level
 from org.sleuthkit.datamodel import SleuthkitCase
 from org.sleuthkit.datamodel import AbstractFile
+from org.sleuthkit.datamodel import Score
 from org.sleuthkit.datamodel import ReadContentInputStream
 from org.sleuthkit.datamodel import BlackboardArtifact
 from org.sleuthkit.datamodel import BlackboardAttribute
@@ -85,6 +86,7 @@ class SampleJythonDataSourceIngestModuleFactory(IngestModuleFactoryAdapter):
 # Data Source-level ingest module.  One gets created per data source.
 # TODO: Rename this to something more specific. Could just remove "Factory" from above name.
 class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
+    LIKELY_NOTABLE_SCORE = Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO)
 
     _logger = Logger.getLogger(SampleJythonDataSourceIngestModuleFactory.moduleName)
 
@@ -142,7 +144,7 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
             # artfiact.  Refer to the developer docs for other examples.
             attrs = ArrayList()
             attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file"))
-            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, self.LIKELY_NOTABLE_SCORE, None, "Test file", None, attrs)
 
             try:
                 # index the artifact for keyword search

pythonExamples/fileIngestModule.py

@@ -35,6 +35,7 @@ import jarray
 import inspect
 from java.lang import System
 from java.util.logging import Level
+from org.sleuthkit.datamodel import Score
 from org.sleuthkit.datamodel import SleuthkitCase
 from org.sleuthkit.datamodel import AbstractFile
 from org.sleuthkit.datamodel import ReadContentInputStream
@@ -88,6 +89,7 @@ class SampleJythonFileIngestModuleFactory(IngestModuleFactoryAdapter):
 # TODO: Rename this to something more specific. Could just remove "Factory" from above name.
 # Looks at the attributes of the passed in file.
 class SampleJythonFileIngestModule(FileIngestModule):
+    LIKELY_NOTABLE_SCORE = Score(Score.Significance.LIKELY_NOTABLE, Score.MethodCategory.AUTO)
 
     _logger = Logger.getLogger(SampleJythonFileIngestModuleFactory.moduleName)
 
@@ -130,7 +132,7 @@ class SampleJythonFileIngestModule(FileIngestModule):
             attrs = ArrayList()
             attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
                   SampleJythonFileIngestModuleFactory.moduleName, "Text Files"))
-            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, self.LIKELY_NOTABLE_SCORE, None, "Text Files", None, attrs)
 
 
             try:

thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java

@@ -75,6 +75,7 @@ import org.sleuthkit.datamodel.blackboardutils.attributes.MessageAttachments.Fil
  * structure and metadata.
  */
 public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
+    private static final Score NOTABLE_SCORE = new Score(Score.Significance.NOTABLE, Score.MethodCategory.AUTO);
 
     private static final Logger logger = Logger.getLogger(ThunderbirdMboxFileIngestModule.class.getName());
     private final IngestServices services = IngestServices.getInstance();
@@ -242,13 +243,14 @@ public final class ThunderbirdMboxFileIngestModule implements FileIngestModule {
                     // encrypted pst: Add encrypted file artifact
                     try {
 
+                    String encryptionFileLevel = NbBundle.getMessage(this.getClass(), 
+                                        "ThunderbirdMboxFileIngestModule.encryptionFileLevel");
                     BlackboardArtifact artifact = abstractFile.newAnalysisResult(
-                            new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_ENCRYPTION_DETECTED), 
+                            BlackboardArtifact.Type.TSK_ENCRYPTION_DETECTED, 
-                            Score.SCORE_UNKNOWN, null, null, null, Arrays.asList(
+                            NOTABLE_SCORE, null, null, encryptionFileLevel, Arrays.asList(
                                 new BlackboardAttribute(ATTRIBUTE_TYPE.TSK_NAME, 
                                         EmailParserModuleFactory.getModuleName(), 
-                                        NbBundle.getMessage(this.getClass(), 
+                                        encryptionFileLevel)
-                                        "ThunderbirdMboxFileIngestModule.encryptionFileLevel"))
                             ))
                             .getAnalysisResult();