Merge pull request #1955 from...

Merge pull request #1955 from markmckinnon/6155-Create-background-activity-moderator-TSK_PROG_RUN-artifacts 6155-Create-background-activity-moderator-TSK_PROG_RUN-artifacts-Timeline

Merge pull request #1955 from...
1f2d3ede · Richard Cordovano · GitHub · 3d56eeeb · 742f3cfc · 1f2d3ede
Unverified Commit 1f2d3ede authored 4 years ago by Richard Cordovano Committed by GitHub 4 years ago
--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
@@ -327,6 +327,7 @@ MiscTypes.GPSTrack.name=GPS Track
 MiscTypes.metadataLastPrinted.name=Document Last Printed
 MiscTypes.metadataLastSaved.name=Document Last Saved
 MiscTypes.metadataCreated.name=Document Created
+MiscTypes.programexecuted.name=Program Execution
 RootEventType.eventTypes.name=Event Types
 WebTypes.webDownloads.name=Web Downloads
 WebTypes.webCookies.name=Web Cookies

--- a/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
@@ -224,7 +224,8 @@ public int compare(TimelineEventType o1, TimelineEventType o2) {
 			builder.add(CALL_LOG, DEVICES_ATTACHED, EMAIL,
 					EXIF, GPS_BOOKMARK, GPS_LAST_KNOWN_LOCATION, GPS_TRACKPOINT,
 					GPS_ROUTE, GPS_SEARCH, GPS_TRACK, INSTALLED_PROGRAM, LOG_ENTRY, MESSAGE,
-					METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, RECENT_DOCUMENTS, REGISTRY);
+					METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, PROGRAM_EXECUTION,
+					RECENT_DOCUMENTS, REGISTRY);

 			return builder.build();
 		}
@@ -544,7 +545,7 @@ public SortedSet< TimelineEventType> getChildren() {
 			new BlackboardAttribute.Type(TSK_DATETIME_MODIFIED),
            artf -> {return getBundle().getString("MiscTypes.metadataLastSaved.name");},
 	        new EmptyExtractor(),
-	        new EmptyExtractor());
+	       new EmptyExtractor());

 	TimelineEventType METADATA_CREATED = new TimelineEventArtifactTypeImpl(35,
 			getBundle().getString("MiscTypes.metadataCreated.name"),// NON-NLS
@@ -554,6 +555,20 @@ public SortedSet< TimelineEventType> getChildren() {
            artf -> {return getBundle().getString("MiscTypes.metadataCreated.name");},
 	        new EmptyExtractor(),
 	        new EmptyExtractor());
+
+	TimelineEventType PROGRAM_EXECUTION = new TimelineEventArtifactTypeImpl(36,
+			getBundle().getString("MiscTypes.programexecuted.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_PROG_RUN),
+			new Type(TSK_DATETIME),
+			new AttributeExtractor(new Type(TSK_PROG_NAME)),
+            artf -> {
+	                 String userName = stringValueOf(getAttributeSafe(artf, new Type(TSK_USER_NAME)));
+				     if (userName != null) {
+					    return userName;
+				     }
+	                 return "";},
+			new AttributeExtractor(new Type(TSK_COMMENT)));
 			
 	static SortedSet<? extends TimelineEventType> getCategoryTypes() {
 		return ROOT_EVENT_TYPE.getChildren();