bug fixes

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYContactsFileParser.java

@@ -24,6 +24,7 @@ import java.util.List;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
 import static org.sleuthkit.autopsy.datasourceprocessors.xry.AbstractSingleEntityParser.PARSER_NAME;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Account;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYDeviceGenInfoFileParser.java

@@ -25,6 +25,7 @@ import java.util.Map;
 import java.util.Optional;
 import java.util.logging.Level;
 import org.sleuthkit.autopsy.coreutils.Logger;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard;
 import org.sleuthkit.datamodel.BlackboardArtifact;
 import org.sleuthkit.datamodel.BlackboardAttribute;
@@ -106,7 +107,7 @@ final class XRYDeviceGenInfoFileParser extends AbstractSingleEntityParser {
         }
         if(!attributes.isEmpty()) {
             if (parent instanceof AbstractFile) {
-                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes)
+                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes);
             } else {
                 parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_DEVICE_INFO), attributes, null);
             }

Core/src/org/sleuthkit/autopsy/datasourceprocessors/xry/XRYWebBookmarksFileParser.java

@@ -23,6 +23,7 @@ import java.util.Map;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Optional;
+import org.sleuthkit.datamodel.AbstractFile;
 import org.sleuthkit.datamodel.Blackboard.BlackboardException;
 import org.sleuthkit.datamodel.BlackboardAttribute;
 import org.sleuthkit.datamodel.BlackboardArtifact;
@@ -79,7 +80,7 @@ final class XRYWebBookmarksFileParser extends AbstractSingleEntityParser {
         }
         if(!attributes.isEmpty()) {
             if (parent instanceof AbstractFile) {
-                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes)
+                ((AbstractFile) parent).newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes);
             } else {
                 parent.newDataArtifact(new BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_WEB_BOOKMARK), attributes, null);
             }

Core/src/org/sleuthkit/autopsy/logicalimager/dsp/AddLogicalImageTask.java

@@ -37,6 +37,7 @@ import java.util.Map;
 import java.util.logging.Level;
 import javax.annotation.concurrent.GuardedBy;
 import org.apache.commons.io.FileUtils;
+import org.openide.util.Exceptions;
 import org.openide.util.NbBundle.Messages;
 import org.sleuthkit.autopsy.casemodule.Case;
 import org.sleuthkit.autopsy.casemodule.NoCurrentCaseException;
@@ -443,18 +444,24 @@ final class AddLogicalImageTask implements Runnable {
     }
 
     private void addInterestingFileToArtifacts(long fileId, long dataSourceId, String ruleSetName, String ruleName, List<BlackboardArtifact> artifacts) throws TskCoreException {
-        BlackboardArtifact artifact = this.blackboard.newAnalysisResult(
+        BlackboardArtifact artifact;
-                INTERESTING_FILE_TYPE,
+        try {
-                fileId,
+            artifact = this.blackboard.newAnalysisResult(
-                dataSourceId,
+                    INTERESTING_FILE_TYPE,
-                Score.SCORE_UNKNOWN,
+                    fileId,
-                null,
+                    dataSourceId,
-                null,
+                    Score.SCORE_UNKNOWN,
-                null,
+                    null,
-                Arrays.asList(
+                    null,
-                        new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),
+                    null,
-                        new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName)
+                    Arrays.asList(
-                ));
+                            new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, MODULE_NAME, ruleSetName),
+                            new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_CATEGORY, MODULE_NAME, ruleName)
+                    ))
+                    .getAnalysisResult();
+        } catch (Blackboard.BlackboardException ex) {
+            throw new TskCoreException("Unable to create analysis result.", ex);
+        }
 
         artifacts.add(artifact);
     }

Core/src/org/sleuthkit/autopsy/modules/dataSourceIntegrity/DataSourceIntegrityIngestModule.java

@@ -299,7 +299,8 @@ public class DataSourceIntegrityIngestModule implements DataSourceIngestModule {
                             Score.SCORE_UNKNOWN,
                             null, null, null,
                             Arrays.asList(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT,
-                                    DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)));
+                                    DataSourceIntegrityModuleFactory.getModuleName(), artifactComment)))
+                            .getAnalysisResult();
 
                     Case.getCurrentCase().getServices().getArtifactsBlackboard()
                             .postArtifact(verificationFailedArtifact, DataSourceIntegrityModuleFactory.getModuleName());

InternalPythonModules/GPX_Module/GPX_Parser_Module.py

@@ -199,9 +199,6 @@ class GPXParserFileIngestModule(FileIngestModule):
             for waypoint in gpx.waypoints:
 
                 try:
-                    art = file.newArtifact(
-                        BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
-
                     attributes = ArrayList()
                     attributes.add(BlackboardAttribute(
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE.getTypeID(), self.moduleName, waypoint.latitude))
@@ -213,7 +210,8 @@ class GPXParserFileIngestModule(FileIngestModule):
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self.moduleName, waypoint.name))
                     attributes.add(BlackboardAttribute(
                         BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME.getTypeID(), self.moduleName, "GPXParser"))
-                    art.addAttributes(attributes)
+
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
 
                     self.blackboard.postArtifact(art, self.moduleName)
 

InternalPythonModules/android/browserlocation.py

@@ -95,11 +95,11 @@ class BrowserLocationAnalyzer(general.AndroidComponentAnalyzer):
                 longitude = Double.valueOf(resultSet.getString("longitude"))
 
                 attributes = ArrayList()
-                artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
                 attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME, "Browser Location History"))
+                artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
                 # artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(),moduleName, accuracy))
                 # NOTE: originally commented out
 

InternalPythonModules/android/cachelocation.py

@@ -91,14 +91,13 @@ class CacheLocationAnalyzer(general.AndroidComponentAnalyzer):
                     i = i + 1
 
                     attributes = ArrayList()
-                    artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, general.MODULE_NAME, latitude))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, general.MODULE_NAME, longitude))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, general.MODULE_NAME, timestamp))
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, general.MODULE_NAME,
                         abstractFile.getName() + " Location History"))
 
-                    artifact.addAttributes(attributes)
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
                     #Not storing these for now.
                     #    artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_VALUE.getTypeID(), AndroidModuleFactorymodule.moduleName, accuracy))
                     #    artifact.addAttribute(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_COMMENT.getTypeID(), AndroidModuleFactorymodule.moduleName, confidence))

InternalPythonModules/android/oruxmaps.py

@@ -86,7 +86,6 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
                         altitude = poisResultSet.getDouble("poialt")
 
                         attributes = ArrayList()
-                        artifact = abstractFile.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK)
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_DATETIME, self._MODULE_NAME, time))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LATITUDE, self._MODULE_NAME, latitude))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_LONGITUDE, self._MODULE_NAME, longitude))
@@ -94,6 +93,8 @@ class OruxMapsAnalyzer(general.AndroidComponentAnalyzer):
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, self._MODULE_NAME, name))
                         attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, self._MODULE_NAME, self._PROGRAM_NAME))
 						
+                        artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_BOOKMARK), attributes)
+
                         artifact.addAttributes(attributes)
                         try:
                             # index the artifact for keyword search

InternalPythonModules/android/viber.py

@@ -129,9 +129,8 @@ class ViberAnalyzer(general.AndroidComponentAnalyzer):
                 elif (not(not contacts_parser.get_contact_name() or contacts_parser.get_contact_name().isspace())):
                     current_case = Case.getCurrentCase().getSleuthkitCase()
                     attributes = ArrayList()
-                    artifact = contacts_db.getDBFile().newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT)
                     attributes.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME.getTypeID(), self._PARSER_NAME, contacts_parser.get_contact_name()))
-                    artifact.addAttributes(attributes)
+                    artifact = abstractFile.newDataArtifact(BlackboardArtifact.Type(BlackboardArtifact.ARTIFACT_TYPE.TSK_CONTACT), attributes)
                     
                     # Post the artifact to blackboard
                     current_case.getBlackboard().postArtifact(artifact, self._PARSER_NAME)

pythonExamples/dataSourceIngestModule.py

@@ -52,7 +52,8 @@ from org.sleuthkit.autopsy.casemodule import Case
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
-
+from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from org.sleuthkit.datamodel import Score
 
 # Factory that defines the name and details of the module and allows Autopsy
 # to create instances of the modules that will do the analysis.
@@ -138,9 +139,9 @@ class SampleJythonDataSourceIngestModule(DataSourceIngestModule):
 
             # Make an artifact on the blackboard.  TSK_INTERESTING_FILE_HIT is a generic type of
             # artfiact.  Refer to the developer docs for other examples.
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
+            attrs = ArrayList()
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file")
+            attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME, SampleJythonDataSourceIngestModuleFactory.moduleName, "Test file"))
-            art.addAttribute(att)
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
 
             try:
                 # index the artifact for keyword search

pythonExamples/fileIngestModule.py

@@ -54,6 +54,7 @@ from org.sleuthkit.autopsy.casemodule import Case
 from org.sleuthkit.autopsy.casemodule.services import Services
 from org.sleuthkit.autopsy.casemodule.services import FileManager
 from org.sleuthkit.autopsy.casemodule.services import Blackboard
+from org.sleuthkit.datamodel import Score
 
 # Factory that defines the name and details of the module and allows Autopsy
 # to create instances of the modules that will do the anlaysis.
@@ -125,10 +126,11 @@ class SampleJythonFileIngestModule(FileIngestModule):
 
             # Make an artifact on the blackboard.  TSK_INTERESTING_FILE_HIT is a generic type of
             # artifact.  Refer to the developer docs for other examples.
-            art = file.newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT)
+            attrs = ArrayList()
-            att = BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
+            attrs.add(BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_SET_NAME,
-                  SampleJythonFileIngestModuleFactory.moduleName, "Text Files")
+                  SampleJythonFileIngestModuleFactory.moduleName, "Text Files"))
-            art.addAttribute(att)
+            art = file.newAnalysisResult(BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT, Score.SCORE_UNKNOWN, None, None, None, attrs)
+
 
             try:
                 # index the artifact for keyword search

thunderbirdparser/src/org/sleuthkit/autopsy/thunderbirdparser/ThunderbirdMboxFileIngestModule.java

@@ -21,6 +21,7 @@ package org.sleuthkit.autopsy.thunderbirdparser;
 import java.io.File;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;