diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
index 1722c4b3c8b6778302ee56016dce2881607ee6f3..162f3a5af568ab8023833f53e5d02f1e753e7425 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
@@ -74,8 +74,10 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
TSK_GPS_LAST_KNOWN_LOCATION(30, "TSK_GPS_LAST_KNOWN_LOCATION", "GPS Last Known Location"), // GPS Last known location
TSK_GPS_SEARCH(31, "TSK_GPS_SEARCH", "GPS Searches"), // GPS Searches
TSK_PROG_RUN(32, "TSK_PROG_RUN", "Run Programs"), ///< Application run information
-
-
+ TSK_ENCRYPTION_DETECTED(33, "TSK_ENCRYPTION_DETECTED", "Encryption Detected"), ///< Encrypted File
+ TSK_EXT_MISMATCH_DETECTED(34, "TSK_EXT_MISMATCH_DETECTED", "Extension Mismatch Detected."), ///< Extension Mismatch
+ TSK_INTERESTING_ARTIFACT_HIT(35, "TSK_INTERESTING_ARTIFACT_HIT", "Interesting Results"), // Any artifact that should be called out
+
;
/* SEE ABOVE -- KEEP C++ CODE IN SYNC */
private String label;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
index 3b9bb4a673c5cd70bcb4b971dc04f1a7539525c8..5c3ee446dda25815135dd91ffeb56a3de6260939 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
@@ -127,13 +127,18 @@ public enum ATTRIBUTE_TYPE {
TSK_TEXT_LANGUAGE(28, "TSK_TEXT_LANGUAGE", "Text Language"),
TSK_ENTROPY(29, "TSK_ENTROPY", "Entropy"),
TSK_HASHSET_NAME(30, "TSK_HASHSET_NAME", "Hashset Name"), // @@@ Deprecated
- TSK_INTERESTING_FILE(31, "TSK_INTERESTING_FILE", "Interesting File"),
+ /*
+ * @deprecated Use TSK_INTERSTING_FILE_HIT artifact instead.
+ */
+ @Deprecated
+ TSK_INTERESTING_FILE(31, "TSK_INTERESTING_FILE", "Interesting File"), // @@@ Deprecated
TSK_REFERRER(32, "TSK_REFERRER", "Referrer URL"),
TSK_DATETIME_ACCESSED(33, "TSK_DATETIME_ACCESSED", "Date Accessed"),
TSK_IP_ADDRESS(34, "TSK_IP_ADDRESS", "IP Address"),
TSK_PHONE_NUMBER(35, "TSK_PHONE_NUMBER", "Phone Number"),
TSK_PATH_ID(36, "TSK_PATH_ID", "Path ID"),
TSK_SET_NAME(37, "TSK_SET_NAME", "Set Name"),
+ @Deprecated
TSK_ENCRYPTION_DETECTED(38, "TSK_ENCRYPTION_DETECTED", "Encryption Detected"),
TSK_MALWARE_DETECTED(39, "TSK_MALWARE_DETECTED", "Malware Detected"),
TSK_STEG_DETECTED(40, "TSK_STEG_DETECTED", "Steganography Detected"),
@@ -192,8 +197,7 @@ public enum ATTRIBUTE_TYPE {
TSK_MIN_COUNT(93, "TSK_MIN_COUNT", "Minimum Count"), // Minimum number/count
TSK_PATH_SOURCE(94, "TSK_PATH_SOURCE", "Path Source"), // Path to a source file related to the artifact
TSK_PERMISSIONS(95, "TSK_PERMISSIONS", "Permissions"), // Permissions
- TSK_PROG_LAUNCHED(96, "TSK_PROG_LAUNCHED", "Program Launched"), // Flag for whether a program has been run
- TSK_ASSOCIATED_ARTIFACT(97, "TSK_ASSOCIATED_ARTIFACT", "Associated Artifact"), // Artifact ID of a related artifact
+ TSK_ASSOCIATED_ARTIFACT(96, "TSK_ASSOCIATED_ARTIFACT", "Associated Artifact"), // Artifact ID of a related artifact
;
diff --git a/framework/tsk/framework/services/TskBlackboard.cpp b/framework/tsk/framework/services/TskBlackboard.cpp
index cb074063ed35e0a7862959e2bc19d6735e8f237f..828f5515201e829a9cc9cae2d0c7d432d0faa7cc 100755
--- a/framework/tsk/framework/services/TskBlackboard.cpp
+++ b/framework/tsk/framework/services/TskBlackboard.cpp
@@ -44,6 +44,9 @@ map<int, TskArtifactNames> initializeArtifactTypeMap(){
retval.insert(pair<int, TskArtifactNames>(TSK_GPS_LAST_KNOWN_LOCATION, TskArtifactNames("TSK_GPS_LAST_KNOWN_LOCATION", "GPS Last Known Location")));
retval.insert(pair<int, TskArtifactNames>(TSK_GPS_SEARCH, TskArtifactNames("TSK_GPS_SEARCH", "GPS Searches")));
retval.insert(pair<int, TskArtifactNames>(TSK_PROG_RUN, TskArtifactNames("TSK_PROG_RUN", "Run Programs")));
+ retval.insert(pair<int, TskArtifactNames>(TSK_ENCRYPTION_DETECTED, TskArtifactNames("TSK_ENCRYPTION_DETECTED", "Encryption Detected")));
+ retval.insert(pair<int, TskArtifactNames>(TSK_EXT_MISMATCH_DETECTED, TskArtifactNames("TSK_EXT_MISMATCH_DETECTED", "Extension Mismatch Detected")));
+ retval.insert(pair<int, TskArtifactNames>(TSK_INTERESTING_ARTIFACT_HIT, TskArtifactNames("TSK_INTERESTING_ARTIFACT_HIT", "Interesting Results")));
return retval;
}
@@ -142,7 +145,6 @@ map<int, TskAttributeNames> initializeAttributeTypeMap(){
retval.insert(pair<int, TskAttributeNames>(TSK_MIN_COUNT, TskAttributeNames("TSK_MIN_COUNT", "Minimum Count")));
retval.insert(pair<int, TskAttributeNames>(TSK_PATH_SOURCE, TskAttributeNames("TSK_PATH_SOURCE", "Path Source")));
retval.insert(pair<int, TskAttributeNames>(TSK_PERMISSIONS, TskAttributeNames("TSK_PERMISSIONS", "Permissions")));
- retval.insert(pair<int, TskAttributeNames>(TSK_PROG_LAUNCHED, TskAttributeNames("TSK_PROG_LAUNCHED", "Program Launched")));
retval.insert(pair<int, TskAttributeNames>(TSK_ASSOCIATED_ARTIFACT, TskAttributeNames("TSK_ASSOCIATED_ARTIFACT", "Associated Artifact")));
return retval;
diff --git a/framework/tsk/framework/services/TskBlackboard.h b/framework/tsk/framework/services/TskBlackboard.h
index 7176fa5cc05184633b20156bf086d4b1b0b71106..72e8d6c097b4892be8eb0c595538469f93ac93ac 100755
--- a/framework/tsk/framework/services/TskBlackboard.h
+++ b/framework/tsk/framework/services/TskBlackboard.h
@@ -78,7 +78,9 @@ enum TSK_ARTIFACT_TYPE {
TSK_GPS_LAST_KNOWN_LOCATION = 30, ///< GPS Last known location
TSK_GPS_SEARCH = 31, ///< GPS Searches
TSK_PROG_RUN = 32, ///< Application run information
-
+ TSK_ENCRYPTION_DETECTED = 33, ///< Encrypted File
+ TSK_EXT_MISMATCH_DETECTED = 34, ///< Extension Mismatch
+ TSK_INTERESTING_ARTIFACT_HIT = 35, ///< Any artifact interesting enough that it should be called out in the UI.
/* SEE ABOVE:
* - KEEP JAVA CODE IN SYNC
@@ -127,14 +129,14 @@ enum TSK_ATTRIBUTE_TYPE {
TSK_TEXT_LANGUAGE = 28,///< String of the detected language in ISO 639-3 language code of TskBlackboard::TSK_TEXT data in the same artifact (TSK_EXTRACTED_TEXT, for example).
TSK_ENTROPY = 29,///< DOUBLE: Entropy value of file
TSK_HASHSET_NAME = 30,///< String of the name or file name of the hashset -- Deprecated in favor of TSK_SET_NAME
- TSK_INTERESTING_FILE = 31,///< An interesting file hit, potentially file id, name, or path
+ TSK_INTERESTING_FILE = 31,///< An interesting file hit, potentially file id, name, or path -- Deprecated, use TSK_INTERESTING_FILE_HIT artifact instead.
TSK_REFERRER = 32,///< String of referrer URL
TSK_DATETIME_ACCESSED = 33,///<datetime last time accessed
TSK_IP_ADDRESS = 34,///<String of IP Address
TSK_PHONE_NUMBER = 35,///<String of phone number
TSK_PATH_ID = 36,///< Object ID from database that a TSK_PATH attribute corresponds to. Set to -1 if path is for a file that is not in database (i.e. deleted).
TSK_SET_NAME = 37,///< STRING: The name of a set that was used to find this artifact (to be used for hash hits, keyword hits, interesting files, etc.)
- TSK_ENCRYPTION_DETECTED = 38,///< STRING: The type of encryption that is believed to have been used on the file.
+ //TSK_ENCRYPTION_DETECTED = 38,///< \deprecated STRING: The type of encryption that is believed to have been used on the file.
TSK_MALWARE_DETECTED = 39,///< STRING: The name of the malware that was detected in this file.
TSK_STEG_DETECTED = 40,///< STRING: The name of the steganography technique that was detected in this file.
TSK_EMAIL_TO = 41, ///< String of an e-mail address that a message is being sent to directly (not cc:).
@@ -192,8 +194,7 @@ enum TSK_ATTRIBUTE_TYPE {
TSK_MIN_COUNT = 93, ///< Minimum number/count
TSK_PATH_SOURCE = 94, ///< Path to a source file related to the artifact
TSK_PERMISSIONS = 95, ///< Permissions
- TSK_PROG_LAUNCHED = 96, ///< Flag for whether a program has been run
- TSK_ASSOCIATED_ARTIFACT = 97, ///< Artifact ID of a related artifact
+ TSK_ASSOCIATED_ARTIFACT = 96, ///< Artifact ID of a related artifact
/* SEE ABOVE:
* - KEEP JAVA CODE IN SYNC