Skip to content
Snippets Groups Projects
Commit 3fd814a1 authored by Kelly Kelly's avatar Kelly Kelly
Browse files

Updated timeline events and artifact catalog

parent bf46dbef
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
bindings/java/doxygen/artifact_catalog.dox
+ 2
5
View file @ 3fd814a1
...@@ -286,9 +286,7 @@ A contact book entry in an application file or database. ...@@ -286,9 +286,7 @@ A contact book entry in an application file or database.
Programs that have been deleted from the system. Programs that have been deleted from the system.
### REQUIRED ATTRIBUTES ### REQUIRED ATTRIBUTES
- TSK_DATETIME_DELETED (Date/Time the program was deleted) - TSK_DATETIME
or
TSK_DATETIME
- TSK_PROG_NAME (Program that was deleted) - TSK_PROG_NAME (Program that was deleted)
### OPTIONAL Attributes ### OPTIONAL Attributes
...@@ -459,8 +457,7 @@ Details about an installed program. ...@@ -459,8 +457,7 @@ Details about an installed program.
- TSK_PROG_NAME (Name of the installed program) - TSK_PROG_NAME (Name of the installed program)
### OPTIONAL ATTRIBUTES ### OPTIONAL ATTRIBUTES
- TSK_DATETIME (A date and time associated with the installed program, e.g., the last modified time, in seconds since 1970-01-01T00:00:00Z) - TSK_DATETIME (When the program was installed, in seconds since 1970-01-01T00:00:00Z)
- TSK_DATETIME_CREATED (When the program was installed, in seconds since 1970-01-01T00:00:00Z)
- TSK_PATH (Path to the installed program in the data source) - TSK_PATH (Path to the installed program in the data source)
- TSK_PATH_SOURCE (Path to an Android Package Kit (APK) file for an Android program) - TSK_PATH_SOURCE (Path to an Android Package Kit (APK) file for an Android program)
- TSK_PERMISSIONS (Permissions of the installed program) - TSK_PERMISSIONS (Permissions of the installed program)
......
bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+ 3
3
View file @ 3fd814a1
...@@ -336,7 +336,7 @@ MiscTypes.CallsEnd.name=Call End ...@@ -336,7 +336,7 @@ MiscTypes.CallsEnd.name=Call End
MiscTypes.Email.name=Email Sent MiscTypes.Email.name=Email Sent
MiscTypes.EmailRcvd.name=Email Received MiscTypes.EmailRcvd.name=Email Received
MiscTypes.recentDocuments.name=Recent Documents MiscTypes.recentDocuments.name=Recent Documents
MiscTypes.installedPrograms.name=Installed Programs MiscTypes.installedPrograms.name=Program Installed
MiscTypes.exif.name=Exif MiscTypes.exif.name=Exif
MiscTypes.devicesAttached.name=Devices Attached MiscTypes.devicesAttached.name=Devices Attached
MiscTypes.LogEntry.name=Log Entry MiscTypes.LogEntry.name=Log Entry
...@@ -348,7 +348,7 @@ MiscTypes.GPSTrack.name=GPS Track ...@@ -348,7 +348,7 @@ MiscTypes.GPSTrack.name=GPS Track
MiscTypes.metadataLastPrinted.name=Document Last Printed MiscTypes.metadataLastPrinted.name=Document Last Printed
MiscTypes.metadataLastSaved.name=Document Last Saved MiscTypes.metadataLastSaved.name=Document Last Saved
MiscTypes.metadataCreated.name=Document Created MiscTypes.metadataCreated.name=Document Created
MiscTypes.programexecuted.name=Program Execution MiscTypes.programexecuted.name=Program Executed
RootEventType.eventTypes.name=Event Types RootEventType.eventTypes.name=Event Types
WebTypes.webDownloads.name=Web Downloads WebTypes.webDownloads.name=Web Downloads
WebTypes.webCookies.name=Web Cookies Create WebTypes.webCookies.name=Web Cookies Create
...@@ -429,7 +429,7 @@ TimelineEventType.UserDeviceEventEnd.txt=User Device Event End ...@@ -429,7 +429,7 @@ TimelineEventType.UserDeviceEventEnd.txt=User Device Event End
TimelineEventType.ServiceAccount.txt=Service Account TimelineEventType.ServiceAccount.txt=Service Account
TimelineEventType.WIFINetwork.txt=Wifi Network TimelineEventType.WIFINetwork.txt=Wifi Network
TimelineEventType.WebCache.text=Web Cache TimelineEventType.WebCache.text=Web Cache
TimelineEventType.InstalledProgram.txt=Installed Program TimelineEventType.InstalledProgram.txt=Program Installed
TimelineEventType.BluetoothAdapter.txt=Bluetooth Adapter TimelineEventType.BluetoothAdapter.txt=Bluetooth Adapter
BaseTypes.geolocation.name=Geolocation BaseTypes.geolocation.name=Geolocation
BaseTypes.communication.name=Communication BaseTypes.communication.name=Communication
......
bindings/java/src/org/sleuthkit/datamodel/Bundle.properties-MERGED
+ 3
3
View file @ 3fd814a1
...@@ -336,7 +336,7 @@ MiscTypes.CallsEnd.name=Call End ...@@ -336,7 +336,7 @@ MiscTypes.CallsEnd.name=Call End
MiscTypes.Email.name=Email Sent MiscTypes.Email.name=Email Sent
MiscTypes.EmailRcvd.name=Email Received MiscTypes.EmailRcvd.name=Email Received
MiscTypes.recentDocuments.name=Recent Documents MiscTypes.recentDocuments.name=Recent Documents
MiscTypes.installedPrograms.name=Installed Programs MiscTypes.installedPrograms.name=Program Installed
MiscTypes.exif.name=Exif MiscTypes.exif.name=Exif
MiscTypes.devicesAttached.name=Devices Attached MiscTypes.devicesAttached.name=Devices Attached
MiscTypes.LogEntry.name=Log Entry MiscTypes.LogEntry.name=Log Entry
...@@ -348,7 +348,7 @@ MiscTypes.GPSTrack.name=GPS Track ...@@ -348,7 +348,7 @@ MiscTypes.GPSTrack.name=GPS Track
MiscTypes.metadataLastPrinted.name=Document Last Printed MiscTypes.metadataLastPrinted.name=Document Last Printed
MiscTypes.metadataLastSaved.name=Document Last Saved MiscTypes.metadataLastSaved.name=Document Last Saved
MiscTypes.metadataCreated.name=Document Created MiscTypes.metadataCreated.name=Document Created
MiscTypes.programexecuted.name=Program Execution MiscTypes.programexecuted.name=Program Executed
RootEventType.eventTypes.name=Event Types RootEventType.eventTypes.name=Event Types
WebTypes.webDownloads.name=Web Downloads WebTypes.webDownloads.name=Web Downloads
WebTypes.webCookies.name=Web Cookies Create WebTypes.webCookies.name=Web Cookies Create
...@@ -429,7 +429,7 @@ TimelineEventType.UserDeviceEventEnd.txt=User Device Event End ...@@ -429,7 +429,7 @@ TimelineEventType.UserDeviceEventEnd.txt=User Device Event End
TimelineEventType.ServiceAccount.txt=Service Account TimelineEventType.ServiceAccount.txt=Service Account
TimelineEventType.WIFINetwork.txt=Wifi Network TimelineEventType.WIFINetwork.txt=Wifi Network
TimelineEventType.WebCache.text=Web Cache TimelineEventType.WebCache.text=Web Cache
TimelineEventType.InstalledProgram.txt=Installed Program TimelineEventType.InstalledProgram.txt=Program Installed
TimelineEventType.BluetoothAdapter.txt=Bluetooth Adapter TimelineEventType.BluetoothAdapter.txt=Bluetooth Adapter
BaseTypes.geolocation.name=Geolocation BaseTypes.geolocation.name=Geolocation
BaseTypes.communication.name=Communication BaseTypes.communication.name=Communication
......
bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
+ 15
30
View file @ 3fd814a1
...@@ -231,10 +231,10 @@ public int compare(TimelineEventType o1, TimelineEventType o2) { ...@@ -231,10 +231,10 @@ public int compare(TimelineEventType o1, TimelineEventType o2) {
METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, PROGRAM_EXECUTION, METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, PROGRAM_EXECUTION,
RECENT_DOCUMENTS, REGISTRY, BACKUP_EVENT_START, BACKUP_EVENT, BACKUP_EVENT_END, RECENT_DOCUMENTS, REGISTRY, BACKUP_EVENT_START, BACKUP_EVENT, BACKUP_EVENT_END,
BLUETOOTH_PAIRING, CALENDAR_ENTRY_START, CALENDAR_ENTRY_END, BLUETOOTH_PAIRING, CALENDAR_ENTRY_START, CALENDAR_ENTRY_END,
DELETE_PROGRAM, DELETE_PROGRAM_DELETED, DELETE_PROGRAM,
OS_INFO, WIFI_NETWORK, USER_DEVICE_EVENT, USER_DEVICE_EVENT_START, USER_DEVICE_EVENT_END, OS_INFO, WIFI_NETWORK, USER_DEVICE_EVENT, USER_DEVICE_EVENT_START, USER_DEVICE_EVENT_END,
SERVICE_ACCOUNT, SCREEN_SHOT, PROGRAM_NOTIFICATION, SERVICE_ACCOUNT, SCREEN_SHOT, PROGRAM_NOTIFICATION,
BLUETOOTH_PAIRING_ACCESSED, BLUETOOTH_ADAPTER, INSTALLED_PROG); BLUETOOTH_PAIRING_ACCESSED, BLUETOOTH_ADAPTER);
return builder.build(); return builder.build();
} }
...@@ -722,38 +722,30 @@ public SortedSet< TimelineEventType> getChildren() { ...@@ -722,38 +722,30 @@ public SortedSet< TimelineEventType> getChildren() {
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_DELETED_PROG), new BlackboardArtifact.Type(TSK_DELETED_PROG),
new BlackboardAttribute.Type(TSK_DATETIME), new BlackboardAttribute.Type(TSK_DATETIME),
new BlackboardAttribute.Type(TSK_PROG_NAME)); new BlackboardAttribute.Type(TSK_PROG_NAME));
TimelineEventType DELETE_PROGRAM_DELETED = new TimelineEventArtifactTypeSingleDescription(50,
getBundle().getString("TimelineEventType.DeletedProgramDeleted.txt"),//NON-NLS
MISC_TYPES,
new BlackboardArtifact.Type(TSK_DELETED_PROG),
new BlackboardAttribute.Type(TSK_DATETIME_DELETED),
new BlackboardAttribute.Type(TSK_PROG_NAME));
TimelineEventType OS_INFO = new TimelineEventArtifactTypeSingleDescription(51, TimelineEventType OS_INFO = new TimelineEventArtifactTypeSingleDescription(50,
getBundle().getString("TimelineEventType.OSInfo.txt"),//NON-NLS getBundle().getString("TimelineEventType.OSInfo.txt"),//NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_OS_INFO), new BlackboardArtifact.Type(TSK_OS_INFO),
new BlackboardAttribute.Type(TSK_DATETIME), new BlackboardAttribute.Type(TSK_DATETIME),
new BlackboardAttribute.Type(TSK_PROG_NAME)); new BlackboardAttribute.Type(TSK_PROG_NAME));
TimelineEventType PROGRAM_NOTIFICATION = new TimelineEventArtifactTypeSingleDescription(52, TimelineEventType PROGRAM_NOTIFICATION = new TimelineEventArtifactTypeSingleDescription(51,
getBundle().getString("TimelineEventType.ProgramNotification.txt"),//NON-NLS getBundle().getString("TimelineEventType.ProgramNotification.txt"),//NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_PROG_NOTIFICATIONS), new BlackboardArtifact.Type(TSK_PROG_NOTIFICATIONS),
new BlackboardAttribute.Type(TSK_DATETIME), new BlackboardAttribute.Type(TSK_DATETIME),
new BlackboardAttribute.Type(TSK_PROG_NAME)); new BlackboardAttribute.Type(TSK_PROG_NAME));
TimelineEventType SCREEN_SHOT = new TimelineEventArtifactTypeSingleDescription(53, TimelineEventType SCREEN_SHOT = new TimelineEventArtifactTypeSingleDescription(52,
getBundle().getString("TimelineEventType.ScreenShot.txt"),//NON-NLS getBundle().getString("TimelineEventType.ScreenShot.txt"),//NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_SCREEN_SHOTS), new BlackboardArtifact.Type(TSK_SCREEN_SHOTS),
new BlackboardAttribute.Type(TSK_DATETIME), new BlackboardAttribute.Type(TSK_DATETIME),
new BlackboardAttribute.Type(TSK_PROG_NAME)); new BlackboardAttribute.Type(TSK_PROG_NAME));
TimelineEventType SERVICE_ACCOUNT = new TimelineEventArtifactTypeImpl(54, TimelineEventType SERVICE_ACCOUNT = new TimelineEventArtifactTypeImpl(53,
getBundle().getString("TimelineEventType.ServiceAccount.txt"),// NON-NLS getBundle().getString("TimelineEventType.ServiceAccount.txt"),// NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_SERVICE_ACCOUNT), new BlackboardArtifact.Type(TSK_SERVICE_ACCOUNT),
...@@ -766,7 +758,7 @@ public SortedSet< TimelineEventType> getChildren() { ...@@ -766,7 +758,7 @@ public SortedSet< TimelineEventType> getChildren() {
new EmptyExtractor(), new EmptyExtractor(),
new EmptyExtractor()); new EmptyExtractor());
TimelineEventType USER_DEVICE_EVENT = new TimelineEventArtifactTypeImpl(55, TimelineEventType USER_DEVICE_EVENT = new TimelineEventArtifactTypeImpl(54,
getBundle().getString("TimelineEventType.UserDeviceEvent.txt"),// NON-NLS getBundle().getString("TimelineEventType.UserDeviceEvent.txt"),// NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT), new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT),
...@@ -780,7 +772,7 @@ public SortedSet< TimelineEventType> getChildren() { ...@@ -780,7 +772,7 @@ public SortedSet< TimelineEventType> getChildren() {
new EmptyExtractor(), new EmptyExtractor(),
new EmptyExtractor()); new EmptyExtractor());
TimelineEventType USER_DEVICE_EVENT_START = new TimelineEventArtifactTypeImpl(56, TimelineEventType USER_DEVICE_EVENT_START = new TimelineEventArtifactTypeImpl(55,
getBundle().getString("TimelineEventType.UserDeviceEventStart.txt"),// NON-NLS getBundle().getString("TimelineEventType.UserDeviceEventStart.txt"),// NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT), new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT),
...@@ -794,7 +786,7 @@ public SortedSet< TimelineEventType> getChildren() { ...@@ -794,7 +786,7 @@ public SortedSet< TimelineEventType> getChildren() {
new EmptyExtractor(), new EmptyExtractor(),
new EmptyExtractor()); new EmptyExtractor());
TimelineEventType USER_DEVICE_EVENT_END = new TimelineEventArtifactTypeImpl(57, TimelineEventType USER_DEVICE_EVENT_END = new TimelineEventArtifactTypeImpl(56,
getBundle().getString("TimelineEventType.UserDeviceEventEnd.txt"),// NON-NLS getBundle().getString("TimelineEventType.UserDeviceEventEnd.txt"),// NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT), new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT),
...@@ -808,42 +800,35 @@ public SortedSet< TimelineEventType> getChildren() { ...@@ -808,42 +800,35 @@ public SortedSet< TimelineEventType> getChildren() {
new EmptyExtractor(), new EmptyExtractor(),
new EmptyExtractor()); new EmptyExtractor());
TimelineEventType WEB_CACHE = new URLArtifactEventType(58, TimelineEventType WEB_CACHE = new URLArtifactEventType(57,
getBundle().getString("TimelineEventType.WebCache.text"),// NON-NLS getBundle().getString("TimelineEventType.WebCache.text"),// NON-NLS
WEB_ACTIVITY, WEB_ACTIVITY,
new BlackboardArtifact.Type(TSK_WEB_CACHE), new BlackboardArtifact.Type(TSK_WEB_CACHE),
new Type(TSK_DATETIME_CREATED), new Type(TSK_DATETIME_CREATED),
new Type(TSK_URL)); new Type(TSK_URL));
TimelineEventType WIFI_NETWORK = new TimelineEventArtifactTypeSingleDescription(59, TimelineEventType WIFI_NETWORK = new TimelineEventArtifactTypeSingleDescription(58,
getBundle().getString("TimelineEventType.WIFINetwork.txt"),//NON-NLS getBundle().getString("TimelineEventType.WIFINetwork.txt"),//NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_WIFI_NETWORK), new BlackboardArtifact.Type(TSK_WIFI_NETWORK),
new BlackboardAttribute.Type(TSK_DATETIME), new BlackboardAttribute.Type(TSK_DATETIME),
new BlackboardAttribute.Type(TSK_SSID)); new BlackboardAttribute.Type(TSK_SSID));
TimelineEventType INSTALLED_PROG = new TimelineEventArtifactTypeSingleDescription(60, TimelineEventType WEB_HISTORY_CREATED = new URLArtifactEventType(59,
getBundle().getString("TimelineEventType.InstalledProgram.txt"),//NON-NLS
MISC_TYPES,
new BlackboardArtifact.Type(TSK_INSTALLED_PROG),
new BlackboardAttribute.Type(TSK_DATETIME_CREATED),
new BlackboardAttribute.Type(TSK_PROG_NAME));
TimelineEventType WEB_HISTORY_CREATED = new URLArtifactEventType(61,
getBundle().getString("WebTypes.webHistoryCreated.name"),// NON-NLS getBundle().getString("WebTypes.webHistoryCreated.name"),// NON-NLS
WEB_ACTIVITY, WEB_ACTIVITY,
new BlackboardArtifact.Type(TSK_WEB_HISTORY), new BlackboardArtifact.Type(TSK_WEB_HISTORY),
new Type(TSK_DATETIME_CREATED), new Type(TSK_DATETIME_CREATED),
new Type(TSK_URL)); new Type(TSK_URL));
TimelineEventType BLUETOOTH_ADAPTER = new TimelineEventArtifactTypeSingleDescription(62, TimelineEventType BLUETOOTH_ADAPTER = new TimelineEventArtifactTypeSingleDescription(60,
getBundle().getString("TimelineEventType.BluetoothAdapter.txt"),//NON-NLS getBundle().getString("TimelineEventType.BluetoothAdapter.txt"),//NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_BLUETOOTH_ADAPTER), new BlackboardArtifact.Type(TSK_BLUETOOTH_ADAPTER),
new BlackboardAttribute.Type(TSK_DATETIME), new BlackboardAttribute.Type(TSK_DATETIME),
new BlackboardAttribute.Type(TSK_NAME)); new BlackboardAttribute.Type(TSK_NAME));
TimelineEventType BLUETOOTH_PAIRING_ACCESSED = new TimelineEventArtifactTypeSingleDescription(63, TimelineEventType BLUETOOTH_PAIRING_ACCESSED = new TimelineEventArtifactTypeSingleDescription(61,
getBundle().getString("TimelineEventType.BluetoothPairingLastConnection.txt"),//NON-NLS getBundle().getString("TimelineEventType.BluetoothPairingLastConnection.txt"),//NON-NLS
MISC_TYPES, MISC_TYPES,
new BlackboardArtifact.Type(TSK_BLUETOOTH_PAIRING), new BlackboardArtifact.Type(TSK_BLUETOOTH_PAIRING),
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment