Merge pull request #1942 from markmckinnon/6037-Populate-TSK_METADATA-artifacts-for-extracted-text

6037 Populate TSK_METADATA artifacts for extracted text

Merge pull request #1942 from markmckinnon/6037-Populate-TSK_METADATA-artifacts-for-extracted-text
459afed1 · Richard Cordovano · GitHub · fc8a10ea · 3158af16 · 459afed1
Unverified Commit 459afed1 authored 4 years ago by Richard Cordovano Committed by GitHub 4 years ago
--- a/bindings/java/doxygen/artifact_catalog.dox
+++ b/bindings/java/doxygen/artifact_catalog.dox
@@ -422,7 +422,16 @@ General metadata for some content.
 ### REQUIRED ATTRIBUTES
 None

-
+### OPTIONAL ATTRIBUTES
+- TSK_DATETIME_CREATED  (Timestamp the document was created)
+- TSK_DATETIME_MODIFIED (Timestamp the document was modified)
+- TSK_DESCRIPTION (Title of the document)
+- TSK_LAST_PRINTED_DATETIME (Timestamp when document was last printed)
+- TSK_ORGANIZATION (Organization/Company who owns the document)
+- TSK_OWNER (Author of the document)
+- TSK_PROG_NAME (Program used to create the document)
+- TSK_USER_ID (Last author of the document)
+- TSK_VERSION (Version number of the program used to create the document)

 ---
 ## TSK_METADATA_EXIF

--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
@@ -1411,7 +1411,12 @@ public enum ATTRIBUTE_TYPE {
 		
 		TSK_BYTES_RECEIVED(148, "TSK_BYTES_RECEIVED",
 	        bundle.getString("BlackboardAttribute.tskbytesreceived.text"),
-	        TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG)
+	        TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG),
+		
+		TSK_LAST_PRINTED_DATETIME(149, "TSK_LAST_PRINTED_DATETIME",
+	        bundle.getString("BlackboardAttribute.tsklastprinteddatetime.text"),
+	        TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME),
+		
 		
 		;


--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
@@ -198,6 +198,7 @@ BlackboardAttribute.tskdistancefromhome.text=Distance from Homepoint
 BlackboardAttribute.tskhashphotodna.text=PhotoDNA Hash
 BlackboardAttribute.tskbytessent.text=Bytes Sent
 BlackboardAttribute.tskbytesreceived.text=Bytes Received
+BlackboardAttribute.tsklastprinteddatetime.text=Last Printed Date
 AbstractFile.readLocal.exception.msg4.text=Error reading local file\: {0}
 AbstractFile.readLocal.exception.msg1.text=Error reading local file, local path is not set
 AbstractFile.readLocal.exception.msg2.text=Error reading local file, it does not exist at local path\: {0}
@@ -323,6 +324,9 @@ MiscTypes.GPSBookmark.name=GPS Bookmark
 MiscTypes.GPSLastknown.name=GPS Last Known Location
 MiscTypes.GPSearch.name=GPS Search
 MiscTypes.GPSTrack.name=GPS Track
+MiscTypes.metadataLastPrinted.name=Document Last Printed
+MiscTypes.metadataLastSaved.name=Document Last Saved
+MiscTypes.metadataCreated.name=Document Created
 RootEventType.eventTypes.name=Event Types
 WebTypes.webDownloads.name=Web Downloads
 WebTypes.webCookies.name=Web Cookies

--- a/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
@@ -224,7 +224,7 @@ public int compare(TimelineEventType o1, TimelineEventType o2) {
 			builder.add(CALL_LOG, DEVICES_ATTACHED, EMAIL,
 					EXIF, GPS_BOOKMARK, GPS_LAST_KNOWN_LOCATION, GPS_TRACKPOINT,
 					GPS_ROUTE, GPS_SEARCH, GPS_TRACK, INSTALLED_PROGRAM, LOG_ENTRY, MESSAGE,
-					RECENT_DOCUMENTS, REGISTRY);
+					METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, RECENT_DOCUMENTS, REGISTRY);

 			return builder.build();
 		}
@@ -526,7 +526,35 @@ public SortedSet< TimelineEventType> getChildren() {
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_GPS_TRACK),
 			new Type(TSK_NAME));
+	
+	TimelineEventType METADATA_LAST_PRINTED = new TimelineEventArtifactTypeImpl(33,
+			getBundle().getString("MiscTypes.metadataLastPrinted.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_METADATA),
+			new BlackboardAttribute.Type(TSK_LAST_PRINTED_DATETIME),
+            artf -> {return getBundle().getString("MiscTypes.metadataLastPrinted.name");},
+	        new EmptyExtractor(),
+	        new EmptyExtractor());
+

+	TimelineEventType METADATA_LAST_SAVED = new TimelineEventArtifactTypeImpl(34,
+			getBundle().getString("MiscTypes.metadataLastSaved.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_METADATA),
+			new BlackboardAttribute.Type(TSK_DATETIME_MODIFIED),
+            artf -> {return getBundle().getString("MiscTypes.metadataLastSaved.name");},
+	        new EmptyExtractor(),
+	        new EmptyExtractor());
+
+	TimelineEventType METADATA_CREATED = new TimelineEventArtifactTypeImpl(35,
+			getBundle().getString("MiscTypes.metadataCreated.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_METADATA),
+			new BlackboardAttribute.Type(TSK_DATETIME_CREATED),
+            artf -> {return getBundle().getString("MiscTypes.metadataCreated.name");},
+	        new EmptyExtractor(),
+	        new EmptyExtractor());
+			
 	static SortedSet<? extends TimelineEventType> getCategoryTypes() {
 		return ROOT_EVENT_TYPE.getChildren();
 	}