From 0a463e73ac3f16da638a42c489a00f560148d802 Mon Sep 17 00:00:00 2001 From: apriestman <apriestman@basistech.com> Date: Mon, 26 Jul 2021 11:24:01 -0400 Subject: [PATCH] Fix spacing in artifact catalog. Also fix typo in param name. --- bindings/java/doxygen/artifact_catalog.dox | 54 +++++++++---------- .../src/org/sleuthkit/datamodel/Content.java | 2 +- 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/bindings/java/doxygen/artifact_catalog.dox b/bindings/java/doxygen/artifact_catalog.dox index 41a666328..5f780c912 100644 --- a/bindings/java/doxygen/artifact_catalog.dox +++ b/bindings/java/doxygen/artifact_catalog.dox @@ -26,6 +26,7 @@ Describes how a data source was used, e.g., as a SIM card or an OS drive (such a ### REQUIRED ATTRIBUTES - TSK_DESCRIPTION (Description of the usage, e.g., "OS Drive (Windows Vista)"). + --- ## TSK_ENCRYPTION_DETECTED An indication that the content is encrypted. @@ -33,6 +34,7 @@ An indication that the content is encrypted. ### REQUIRED ATTRIBUTES - TSK_COMMENT (A comment on the encryption, e.g., encryption type or password) + --- ## TSK_ENCRYPTION_SUSPECTED An indication that the content is likely encrypted. @@ -40,6 +42,7 @@ An indication that the content is likely encrypted. ### REQUIRED ATTRIBUTES - TSK_COMMENT (Reason for suspecting encryption) + --- ## TSK_EXT_MISMATCH_DETECTED An indication that the registered extensions for a file's mime type do not match the file's extension. @@ -47,6 +50,7 @@ An indication that the registered extensions for a file's mime type do not match ### REQUIRED ATTRIBUTES None + --- ## TSK_FACE_DETECTED An indication that a human face was detected in some content. @@ -54,6 +58,7 @@ An indication that a human face was detected in some content. ### REQUIRED ATTRIBUTES None + --- ## TSK_HASHSET_HIT Indicates that the MD5 hash of a file matches a set of known MD5s (possibly user defined). @@ -64,6 +69,7 @@ Indicates that the MD5 hash of a file matches a set of known MD5s (possibly user ### OPTIONAL ATTRIBUTES - TSK_COMMENT (Additional comments about the hit) + --- ## TSK_INTERESTING_ARTIFACT_HIT Indicates that the source artifact matches some set of criteria which deem it interesting. Artifacts with this meta artifact will be brought to the attention of the user. @@ -76,6 +82,7 @@ Indicates that the source artifact matches some set of criteria which deem it in - TSK_COMMENT (Comment on the reason that the source artifact is interesting) - TSK_CATEGORY (The set membership rule that was satisfied) + --- ## TSK_INTERESTING_FILE_HIT Indication that the source file matches some set of criteria (possibly user defined) which deem it interesting. Files with this artifact will be brought to the attention of the user. @@ -87,6 +94,7 @@ Indication that the source file matches some set of criteria (possibly user defi - TSK_COMMENT (Comment on the reason that the source artifact is interesting) - TSK_CATEGORY (The set membership rule that was satisfied. I.e. a particular mime) + --- ## TSK_KEYWORD_HIT Indication that the source artifact or file contains a keyword. Keywords are grouped into named sets. @@ -101,6 +109,7 @@ Indication that the source artifact or file contains a keyword. Keywords are gro ### OPTIONAL ATTRIBUTES - TSK_KEYWORD_PREVIEW (Snippet of text around keyword) + --- ## TSK_OBJECT_DETECTED Indicates that an object was detected in a media file. Typically used by computer vision software to classify images. @@ -111,6 +120,7 @@ Indicates that an object was detected in a media file. Typically used by compute ### OPTIONAL ATTRIBUTES - TSK_DESCRIPTION (Additional comments about the object or observer, e.g., what detected the object) + --- ## TSK_USER_CONTENT_SUSPECTED An indication that some media file content was generated by the user. @@ -118,6 +128,7 @@ An indication that some media file content was generated by the user. ### REQUIRED ATTRIBUTES - TSK_COMMENT (The reason why user-generated content is suspected) + --- ## TSK_VERIFICATION_FAILED An indication that some data did not pass verification. One example would be verifying a SHA-1 hash. @@ -125,6 +136,7 @@ An indication that some data did not pass verification. One example would be ver ### REQUIRED ATTRIBUTES - TSK_COMMENT (Reason for failure, what failed) + --- ## TSK_WEB_ACCOUNT_TYPE A web account type entry. @@ -134,6 +146,7 @@ A web account type entry. - TSK_TEXT (Indicates type of account (admin/moderator/user) and possible platform) - TSK_URL (URL indicating the user has an account on this domain) + --- ## TSK_WEB_CATEGORIZATION The categorization of a web host using a specific usage type, e.g. mail.google.com would correspond to Web Email. @@ -143,6 +156,7 @@ The categorization of a web host using a specific usage type, e.g. mail.google.c - TSK_DOMAIN (The domain of the host, e.g. google.com) - TSK_HOST (The full host, e.g. mail.google.com) + --- ## TSK_YARA_HIT Indicates that the some content of the file was a hit for a YARA rule match. @@ -151,6 +165,7 @@ Indicates that the some content of the file was a hit for a YARA rule match. - TSK_RULE (The rule that was a hit for this file) - TSK_SET_NAME (Name of the rule set containing the matching rule YARA rule) + --- ## TSK_METADATA_EXIF EXIF metadata found in an image or audio file. @@ -192,8 +207,8 @@ TSK_CARD_NUMBER (Credit card number) - TSK_KEYWORD_SEARCH_DOCUMENT_ID (Document ID of the Solr document that contains the TSK_CARD_NUMBER when the account is a credit card discovered by the Autopsy regular expression search for credit cards) - TSK_SET_NAME (The keyword list name, i.e., "Credit Card Numbers", when the account is a credit card discovered by the Autopsy regular expression search for credit cards) ---- +--- ## TSK_ASSOCIATED_OBJECT Provides a backwards link to an artifact that references the parent file of this artifact. Example usage is that a downloaded file will have this artifact and it will point back to the TSK_WEB_DOWNLOAD artifact that is associated with a browser's SQLite database. See \ref jni_bb_associated_object. @@ -212,7 +227,6 @@ Details about System/aplication/file backups. - TSK_DATETIME_END (Date/Time the backup ended) - --- ## TSK_BLUETOOTH_ADAPTER Details about a Bluetooth adapter. @@ -252,7 +266,6 @@ A calendar entry in an application file or database. - TSK_DATETIME_END (End of the entry, in seconds since 1970-01-01T00:00:00Z) - --- ## TSK_CALLLOG A call log record in an application file or database. @@ -270,7 +283,6 @@ A call log record in an application file or database. - TSK_NAME (The name of the caller or callee) - --- ## TSK_CLIPBOARD_CONTENT Data found on the operating system's clipboard. @@ -279,7 +291,6 @@ Data found on the operating system's clipboard. - TSK_TEXT (Text on the clipboard) - --- ## TSK_CONTACT A contact book entry in an application file or database. @@ -300,8 +311,6 @@ A contact book entry in an application file or database. - TSK_URL (e.g., the URL of an image if the contact is a vCard) - - --- ## TSK_DELETED_PROG Programs that have been deleted from the system. @@ -314,7 +323,6 @@ Programs that have been deleted from the system. - TSK_PATH (Location where the program resided before being deleted) - --- ## TSK_DEVICE_ATTACHED Details about a device that was physically attached to a data source. @@ -329,7 +337,6 @@ Details about a device that was physically attached to a data source. - TSK_MAC_ADDRESS (Mac address of the attached device) - --- ## TSK_DEVICE_INFO Details about a device data source. @@ -341,7 +348,6 @@ Details about a device data source. - TSK_IMSI (IMSI number of the device) - --- ## TSK_EMAIL_MSG An email message found in an application file or database. @@ -364,6 +370,7 @@ An email message found in an application file or database. - TSK_SUBJECT (Subject of the email message) - TSK_THREAD_ID (ID specified by the analysis module to group emails into threads for display purposes) + --- ## TSK_EXTRACTED_TEXT Text extracted from some content. @@ -371,6 +378,7 @@ Text extracted from some content. ### REQUIRED ATTRIBUTES - TSK_TEXT (The extracted text) + --- ## TSK_GEN_INFO A generic information artifact. Each content object will have at most one TSK_GEN_INFO artifact, which is easily accessed through org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact() and related methods. The TSK_GEN_INFO object is useful for storing values related to the content object without making a new artifact type. @@ -381,6 +389,7 @@ None ### OPTIONAL ATTRIBUTES - TSK_PHOTODNA_HASH (The PhotoDNA hash of an image) + --- ## TSK_GPS_AREA An outline of an area. @@ -393,6 +402,7 @@ An outline of an area. - TSK_NAME (Name of the area, e.g., Minute Man Trail) - TSK_PROG_NAME (Name of the application that was the source of the GPS route) + --- ## TSK_GPS_BOOKMARK A bookmarked GPS location or saved waypoint. @@ -409,7 +419,6 @@ A bookmarked GPS location or saved waypoint. - TSK_PROG_NAME (Name of the application that was the source of the GPS bookmark) - --- ## TSK_GPS_LAST_KNOWN_LOCATION The last known location of a GPS connected device. This may be from a perspective other than the device. @@ -425,7 +434,6 @@ The last known location of a GPS connected device. This may be from a perspectiv - TSK_NAME (The name of the last known location. Ex: Boston) - --- ## TSK_GPS_ROUTE A GPS route. @@ -440,7 +448,6 @@ A GPS route. - TSK_PROG_NAME (Name of the application that was the source of the GPS route) - --- ## TSK_GPS_SEARCH A GPS location that was known to have been searched by the device or user. @@ -456,7 +463,6 @@ A GPS location that was known to have been searched by the device or user. - TSK_NAME (The name of the target location, e.g., Boston) - --- ## TSK_GPS_TRACK A Global Positioning System (GPS) track artifact records the track, or path, of a GPS-enabled dvice as a connected series of track points. A track point is a location in a geographic coordinate system with latitude, longitude and altitude (elevation) axes. @@ -469,7 +475,6 @@ A Global Positioning System (GPS) track artifact records the track, or path, of - TSK_PROG_NAME (Name of application containing the GPS trackpoint set) - --- ## TSK_INSTALLED_PROG Details about an installed program. @@ -484,6 +489,7 @@ Details about an installed program. - TSK_PERMISSIONS (Permissions of the installed program) - TSK_VERSION (Version number of the program) + --- ## TSK_MESSAGE A message that is found in some content. @@ -506,7 +512,6 @@ A message that is found in some content. - TSK_THREAD_ID (ID for keeping threaded messages together) - --- ## TSK_METADATA General metadata for some content. @@ -525,6 +530,7 @@ None - TSK_USER_ID (Last author of the document) - TSK_VERSION (Version number of the program used to create the document) + --- ## TSK_OS_INFO Details about an operating system recovered from the data source. @@ -545,7 +551,6 @@ Details about an operating system recovered from the data source. - TSK_VERSION (Version of the OS) - --- ## TSK_PROG_NOTIFICATIONS Notifications to the user. @@ -559,7 +564,6 @@ Notifications to the user. - TSK_VALUE (Message being sent or received) - --- ## TSK_PROG_RUN The number of times a program/application was run. @@ -577,7 +581,6 @@ The number of times a program/application was run. - TSK_PATH (Path of the executable program) - --- ## TSK_RECENT_OBJECT Indicates recently accessed content. Examples: Recent Documents or Recent Downloads menu items on Windows. @@ -594,7 +597,6 @@ Indicates recently accessed content. Examples: Recent Documents or Recent Downlo - TSK_COMMENT (What the source of the attribute may be) - --- ## TSK_REMOTE_DRIVE Details about a remote drive found in the data source. @@ -606,7 +608,6 @@ Details about a remote drive found in the data source. - TSK_LOCAL_PATH (The local path of this remote drive. This path may be mapped, e.g., 'D:/' or 'F:/') - --- ## TSK_SCREEN_SHOTS Screenshots from a device or application. @@ -642,7 +643,6 @@ An application or web user account. - TSK_USER_NAME (User name of the service account) - --- ## TSK_SIM_ATTACHED Details about a SIM card that was physically attached to the device. @@ -653,7 +653,6 @@ Details about a SIM card that was physically attached to the device. - TSK_IMSI (IMSI number of this SIM card) - --- ## TSK_SPEED_DIAL_ENTRY A speed dial entry. @@ -666,7 +665,6 @@ A speed dial entry. - TSK_SHORTCUT (Keyboard shortcut) - --- ## TSK_TL_EVENT An event in the timeline of a case. @@ -676,6 +674,7 @@ An event in the timeline of a case. - TSK_DATETIME (When the event occurred, in seconds since 1970-01-01T00:00:00Z) - TSK_DESCRIPTION (A description of the event) + --- ## TSK_USER_DEVICE_EVENT Activity on the system or from an application. Example usage is a mobile device being locked and unlocked. @@ -689,6 +688,7 @@ Activity on the system or from an application. Example usage is a mobile device - TSK_PROG_NAME (Name of the program doing the activity) - TSK_VALUE (Connection type) + --- ## TSK_WEB_BOOKMARK A web bookmark entry. @@ -703,6 +703,7 @@ A web bookmark entry. - TSK_NAME (Name of the bookmark entry) - TSK_TITLE (Title of the web page that was bookmarked) + --- ## TSK_WEB_CACHE A web cache entry. The resource that was cached may or may not be present in the data source. @@ -717,6 +718,7 @@ A web cache entry. The resource that was cached may or may not be present in the - TSK_PATH_ID (Object ID of the source cache file) - TSK_DOMAIN (Domain of the URL) + --- ## TSK_WEB_COOKIE A Web cookie found. @@ -734,7 +736,6 @@ A Web cookie found. - TSK_PROG_NAME (Name of the application or application extractor that stored the Web cookie) - --- ## TSK_WEB_DOWNLOAD A Web download. The downloaded resource may or may not be present in the data source. @@ -750,7 +751,6 @@ A Web download. The downloaded resource may or may not be present in the data so - TSK_PROG_NAME (Name of the application or application extractor that downloaded this resource) - --- ## TSK_WEB_FORM_ADDRESS Contains autofill data for a person's address. Form data is usually saved by a Web browser. @@ -803,7 +803,6 @@ A Web history entry. - TSK_DATETIME_CREATED (The datetime the page was created, ie: offline pages) - --- ## TSK_WEB_SEARCH_QUERY Details about a Web search query. @@ -817,7 +816,6 @@ Details about a Web search query. - TSK_PROG_NAME (Application or application extractor that stored the Web search query) - --- ## TSK_WIFI_NETWORK Details about a WiFi network. diff --git a/bindings/java/src/org/sleuthkit/datamodel/Content.java b/bindings/java/src/org/sleuthkit/datamodel/Content.java index 39df2ae62..5993ac460 100644 --- a/bindings/java/src/org/sleuthkit/datamodel/Content.java +++ b/bindings/java/src/org/sleuthkit/datamodel/Content.java @@ -211,7 +211,7 @@ public interface Content extends SleuthkitVisitableItem { * @param justification Justification * @param attributesList Additional attributes to attach to this analysis * result artifact. - * @param dataDourcrId The data source for the analysis result + * @param dataSourceId The data source for the analysis result * * @return AnalysisResultAdded The analysis return added and the current * aggregate score of content. -- GitLab