diff --git a/Makefile.am b/Makefile.am
index 42d3432c4a00d9bc792d4afe71c03a6e758f9d71..bc377efc069939e44537fdf9f6c0bd2e5afbf28a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1,6 +1,7 @@
# File that we want to include in the dist
EXTRA_DIST = README_win32.txt README.md INSTALL.txt ChangeLog.txt NEWS.txt API-CHANGES.txt \
- licenses/GNU-COPYING licenses/IBM-LICENSE licenses/cpl1.0.txt \
+ licenses/GNU-COPYING licenses/IBM-LICENSE \
+ licenses/cpl1.0.txt licenses/bsd.txt licenses/mit.txt \
m4/*.m4 \
docs/README.txt \
packages/sleuthkit.spec \
diff --git a/NEWS.txt b/NEWS.txt
index eca0bddd06598f03f3a9b4cf09906833ef2a79a8..2cbd1d7b2f3ef8888a30376d618d9bca41248c3d 100644
--- a/NEWS.txt
+++ b/NEWS.txt
@@ -1,6 +1,17 @@
---------------- VERSION 4.9.0 --------------
C/C++
-- Removed framework project. Use Autopsy instead....
+- Removed framework project. Use Autopsy instead if you need an analysis framework.
+- Various fixes from Google-based fuzzing.
+- Ensure all reads (even big ones) are sector aligned when reading from Windows device.
+- Ensure all command line tools support new pool command line arguments.
+- Create virtual files for APFS unallocated space
+- HFS fix to display type
+
+Java:
+- More artifact helper methods
+- More artifacts and attributes for drones and GPS coordinates
+- Updated TimelineManager to insert GPS artifacts into events table
+
---------------- VERSION 4.8.0 --------------
C/C++
diff --git a/README.md b/README.md
index ce20a6a82d80ee1a00857bfb76208f84cc2410e3..ff66ccf0beae568ebcbe1a3db96d3eb3429e7ff4 100644
--- a/README.md
+++ b/README.md
@@ -147,12 +147,21 @@ file for more details.
## LICENSE
-The file system tools (in the [tools/fstools](https://github.com/sleuthkit/sleuthkit/tree/develop/tools/fstools)
- directory) are released under the IBM open source license and Common Public License, both
-are located in the [licenses directory](https://github.com/sleuthkit/sleuthkit/tree/develop/licenses).
-The modifications to 'mactime' from the original 'mactime' in TCT and 'mac-daddy' are released
-under the Common Public License. Other tools in the tools directory
-are either Common Public License or the GNU Public License.
+There are a variety of licenses used in TSK based on where they
+were first developed. The licenses are located in the [licenses
+directory](https://github.com/sleuthkit/sleuthkit/tree/develop/licenses).
+
+- The file system tools (in the
+[tools/fstools](https://github.com/sleuthkit/sleuthkit/tree/develop/tools/fstools)
+directory) are released under the IBM open source license and Common
+Public License.
+- srch_strings and fiwalk are released under the GNU Public License
+- Other tools in the tools directory are Common Public License
+- The modifications to 'mactime' from the original 'mactime' in TCT
+and 'mac-daddy' are released under the Common Public License.
+
+The library uses utilities that were released under MIT and BSD 3-clause.
+
## INSTALL
For installation instructions, refer to the INSTALL.txt document.
diff --git a/bindings/java/build.xml b/bindings/java/build.xml
index 9a5350cfd153cd19753dc060f86492feba816109..57499ee96a2c2857ec5e8f0d17c0deb256c3d7e5 100644
--- a/bindings/java/build.xml
+++ b/bindings/java/build.xml
@@ -11,7 +11,7 @@
<import file="build-${os.family}.xml"/>
<!-- Careful changing this because release-windows.pl updates it by pattern -->
-<property name="VERSION" value="4.8.0"/>
+<property name="VERSION" value="4.9.0"/>
<!-- set global properties for this build -->
<property name="default-jar-location" location="/usr/share/java"/>
diff --git a/bindings/java/doxygen/Doxyfile b/bindings/java/doxygen/Doxyfile
index b6843f0435e79ba289103d046a0a2da9c0957941..7c615e85573d81cd944dec2b9eba95450701705b 100644
--- a/bindings/java/doxygen/Doxyfile
+++ b/bindings/java/doxygen/Doxyfile
@@ -39,7 +39,7 @@ PROJECT_NAME = "Sleuth Kit Java Bindings (JNI)"
# control system is used.
# NOTE: This is updated by the release-unix.pl script
-PROJECT_NUMBER = 4.8.0
+PROJECT_NUMBER = 4.9.0
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer a
@@ -1050,7 +1050,7 @@ GENERATE_HTML = YES
# This tag requires that the tag GENERATE_HTML is set to YES.
# NOTE: This is updated by the release-unix.pl script
-HTML_OUTPUT = jni-docs/4.8.0/
+HTML_OUTPUT = jni-docs/4.9.0/
# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each
# generated HTML page (for example: .htm, .php, .asp).
diff --git a/bindings/java/doxygen/artifact_catalog.dox b/bindings/java/doxygen/artifact_catalog.dox
index 97d5b3d2cf2813975b7638240c97b22d8d466446..802309be008e010ba728209939c085cf670ba0c9 100644
--- a/bindings/java/doxygen/artifact_catalog.dox
+++ b/bindings/java/doxygen/artifact_catalog.dox
@@ -236,12 +236,13 @@ None
---
## TSK_GEN_INFO
-A generic information artifact.
+A generic information artifact. Each content object will have at most one TSK_GEN_INFO artifact, which is easily accessed through org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact() and related methods. The TSK_GEN_INFO object is useful for storing values related to the content object without making a new artifact type.
### REQUIRED ATTRIBUTES
None
-
+### OPTIONAL ATTRIBUTES
+- TSK_PHOTODNA_HASH (The PhotoDNA hash of an image)
---
## TSK_GPS_BOOKMARK
@@ -524,7 +525,8 @@ Indicates recently accessed content. Examples: Recent Documents or Recent Downlo
- TSK_PROG_NAME (Application or application extractor that stored this object as recent)
- TSK_DATETIME (A timestamp associated with the content, in seconds since 1970-01-01T00:00:00Z. Ex: creation time)
- TSK_NAME (If found in the registry, the name of the attribute)
-- TSK_VALUE(If found in the registry, the value of the attribute)
+- TSK_VALUE (If found in the registry, the value of the attribute)
+- TSK_COMMENT (What the source of the attribute may be)
diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
index 0c4ce76ceaaefc28b9181fc1ac9cbb6a4a781b82..4c447d9bce2469036d495861305182c3545d4ed7 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
@@ -1399,7 +1399,11 @@ public enum ATTRIBUTE_TYPE {
TSK_DISTANCE_FROM_HOMEPOINT(145, "TSK_DISTANCE_FROM_HOMEPOINT",
bundle.getString("BlackboardAttribute.tskdistancefromhome.text"),
- TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DOUBLE)
+ TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DOUBLE),
+
+ TSK_HASH_PHOTODNA(146, "TSK_HASH_PHOTODNA",
+ bundle.getString("BlackboardAttribute.tskhashphotodna.text"),
+ TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.STRING)
;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
index 9e394b7b087591ad22746995fcb8e1bb6a4afd5f..c3728bb03f347f12a1e92bee77d64d6f1c2987da 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
@@ -195,6 +195,7 @@ BlackboardAttribute.tskgeopath.text=List of Track Points
BlackboardAttribute.tskgeowaypoints.text=List of Waypoints
BlackboardAttribute.tskdistancetraveled.text=Distance Traveled
BlackboardAttribute.tskdistancefromhome.text=Distance from Homepoint
+BlackboardAttribute.tskhashphotodna.text=PhotoDNA Hash
AbstractFile.readLocal.exception.msg4.text=Error reading local file\: {0}
AbstractFile.readLocal.exception.msg1.text=Error reading local file, local path is not set
AbstractFile.readLocal.exception.msg2.text=Error reading local file, it does not exist at local path\: {0}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/CommunicationsUtils.java b/bindings/java/src/org/sleuthkit/datamodel/CommunicationsUtils.java
index 348613758ac4f927cb3737b4a7f667c87dd83951..0e603bef0efa88bc6751bea243b9da5616f3480f 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/CommunicationsUtils.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/CommunicationsUtils.java
@@ -18,6 +18,7 @@
*/
package org.sleuthkit.datamodel;
+import org.apache.commons.lang3.StringUtils;
import org.apache.commons.validator.routines.EmailValidator;
/**
@@ -33,11 +34,10 @@ private CommunicationsUtils() {
}
/**
- * Checks if the given string may be a phone number.
- * Normalize the phone number by removing all non numeric characters, except
- * for leading +.
+ * Normalize the given phone number by removing all non numeric characters,
+ * except for a leading +.
*
- * @param phoneNum The string to check and normalize.
+ * @param phoneNum The string to normalize.
*
* @return The normalized phone number.
*
@@ -45,7 +45,7 @@ private CommunicationsUtils() {
*
*/
public static String normalizePhoneNum(String phoneNum) throws TskCoreException {
- if (phoneNum.matches("\\+?[0-9()\\-\\s]+")) {
+ if (isValidPhoneNumber(phoneNum)) {
return phoneNum.replaceAll("[^0-9\\+]", "");
} else {
throw new TskCoreException(String.format("Input string is not a valid phone number: %s", phoneNum));
@@ -53,22 +53,69 @@ public static String normalizePhoneNum(String phoneNum) throws TskCoreException
}
/**
- * Checks if the given string is a valid email address.
* Normalizes the given email address by converting it to lowercase.
*
- * @param emailAddress The string to be checked and normalized.
+ * @param emailAddress The email address string to be normalized.
*
* @return The normalized email address.
* @throws TskCoreException If the given string is not a valid email address.
*/
public static String normalizeEmailAddress(String emailAddress) throws TskCoreException {
- EmailValidator validator = EmailValidator.getInstance(true, true);
- if (validator.isValid(emailAddress)) {
+ if (isValidEmailAddress(emailAddress)) {
return emailAddress.toLowerCase();
} else {
throw new TskCoreException(String.format("Input string is not a valid email address: %s", emailAddress));
}
}
+ /**
+ * Checks if the given accountId is a valid id for
+ * the specified account type.
+ *
+ * @param accountType Account type.
+ * @param accountUniqueID Id to check.
+ *
+ * @return True, if the id is a valid id for the given account type, False otherwise.
+ */
+ public static boolean isValidAccountId(Account.Type accountType, String accountUniqueID) {
+ if (accountType == Account.Type.PHONE) {
+ return isValidPhoneNumber(accountUniqueID);
+ }
+ if (accountType == Account.Type.EMAIL) {
+ return isValidPhoneNumber(accountUniqueID);
+ }
+
+ return !StringUtils.isEmpty(accountUniqueID);
+ }
+
+ /**
+ * Checks if the given string is a valid phone number.
+ *
+ * @param phoneNum Phone number string to check.
+ *
+ * @return True if the given string is a valid phone number, false otherwise.
+ */
+ public static boolean isValidPhoneNumber(String phoneNum) {
+ if (!StringUtils.isEmpty(phoneNum)) {
+ return phoneNum.matches("\\+?[0-9()\\-\\s]+");
+ }
+ return false;
+ }
+
+ /**
+ * Checks if the given string is a valid email address.
+ *
+ * @param emailAddress String to check.
+ *
+ * @return True if the given string is a valid email address, false otherwise.
+ */
+ public static boolean isValidEmailAddress(String emailAddress) {
+ if (!StringUtils.isEmpty(emailAddress)) {
+ EmailValidator validator = EmailValidator.getInstance(true, true);
+ return validator.isValid(emailAddress);
+ }
+
+ return false;
+ }
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TimelineEventTypes.java b/bindings/java/src/org/sleuthkit/datamodel/TimelineEventTypes.java
index 1fb7cd76292126b94ace0eb621e79f904a04ded4..6444791cbf280a30ffa749c84a99f8b32148a0db 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TimelineEventTypes.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TimelineEventTypes.java
@@ -25,8 +25,8 @@
import java.util.stream.Stream;
import org.apache.commons.lang3.StringUtils;
import static org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_TRACKPOINTS;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoTrackpointsUtil;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoTrackpointsUtil.GeoTrackPointList;
+import org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil;
+import org.sleuthkit.datamodel.blackboardutils.attributes.GeoTrackPoints;
/**
* Container class for various types of timeline events
@@ -124,9 +124,7 @@ TimelineEventDescription parseDescription(String fullDescriptionRaw, String medD
* JSON list of waypoints from which a start time can be extracted.
*/
static class GPSTrackArtifactEventType extends TimelineEventArtifactTypeSingleDescription {
-
- private final TskGeoTrackpointsUtil trackpointUtil = new TskGeoTrackpointsUtil();
-
+
GPSTrackArtifactEventType(int typeID, String displayName, TimelineEventType superType, BlackboardArtifact.Type artifactType, BlackboardAttribute.Type descriptionAttribute) {
// Passing TSK_GEO_TRACKPOINTS as the "time attribute" as more of a place filler, to avoid any null issues
super(typeID, displayName, superType, artifactType, new BlackboardAttribute.Type(TSK_GEO_TRACKPOINTS), descriptionAttribute);
@@ -142,7 +140,12 @@ public TimelineEventDescriptionWithTime makeEventDescription(BlackboardArtifact
}
// Get the waypoint list "start time"
- GeoTrackPointList pointsList = trackpointUtil.fromAttribute(attribute);
+ GeoTrackPoints pointsList;
+ try {
+ pointsList = BlackboardJsonAttrUtil.fromAttribute(attribute, GeoTrackPoints.class);
+ } catch (BlackboardJsonAttrUtil.InvalidJsonException ex) {
+ throw new TskCoreException("Unable to parse track points in TSK_GEO_TRACKPOINTS attribute", ex);
+ }
Long startTime = pointsList.getStartTime();
// If we didn't find a startime do not create an event.
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java
index 578bb6c544a97c789d46dc22836834b95ef206da..e63275e0a348f3498c052f4cbeab0f204c387db1 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/CommunicationArtifactsHelper.java
@@ -33,6 +33,7 @@
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
+import org.sleuthkit.datamodel.CommunicationsUtils;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.DataSource;
import org.sleuthkit.datamodel.Relationship;
@@ -311,7 +312,7 @@ public BlackboardArtifact addContact(String contactName,
/**
* Creates a contact's account instance of specified account type, if the
- * account id is not null/empty.
+ * account id is not null/empty and is a valid account id for the account type.
*
* Also creates a CONTACT relationship between the self account and the new
* contact account.
@@ -322,7 +323,7 @@ private void createContactMethodAccountAndRelationship(Account.Type accountType,
// Find/Create an account instance for each of the contact method
// Create a relationship between selfAccount and contactAccount
- if (!StringUtils.isEmpty(accountUniqueID)) {
+ if (CommunicationsUtils.isValidAccountId(accountType, accountUniqueID)) {
AccountFileInstance contactAccountInstance = createAccountInstance(accountType, accountUniqueID);
// Create a relationship between self account and the contact account
@@ -506,7 +507,7 @@ public BlackboardArtifact addMessage(String messageType,
// set sender attribute and create sender account
AccountFileInstance senderAccountInstance = null;
- if (!StringUtils.isEmpty(senderId)) {
+ if (CommunicationsUtils.isValidAccountId(moduleAccountsType, senderId)) {
senderAccountInstance = createAccountInstance(moduleAccountsType, senderId);
}
@@ -515,7 +516,7 @@ public BlackboardArtifact addMessage(String messageType,
String recipientsStr = "";
if (!isEffectivelyEmpty(recipientIdsList)) {
for (String recipient : recipientIdsList) {
- if (!StringUtils.isEmpty(recipient)) {
+ if (CommunicationsUtils.isValidAccountId(moduleAccountsType, recipient)) {
recipientAccountsList.add(createAccountInstance(moduleAccountsType, recipient));
}
}
@@ -741,7 +742,7 @@ public BlackboardArtifact addCalllog(CommunicationDirection direction,
addCommDirectionIfKnown(direction, attributes);
AccountFileInstance callerAccountInstance = null;
- if (!StringUtils.isEmpty(callerId)) {
+ if (CommunicationsUtils.isValidAccountId(moduleAccountsType, callerId)) {
callerAccountInstance = createAccountInstance(moduleAccountsType, callerId);
}
@@ -751,7 +752,7 @@ public BlackboardArtifact addCalllog(CommunicationDirection direction,
if (!isEffectivelyEmpty(calleeIdsList)) {
calleesStr = addressListToString(calleeIdsList);
for (String callee : calleeIdsList) {
- if (!StringUtils.isEmpty(callee)) {
+ if (CommunicationsUtils.isValidAccountId(moduleAccountsType, callee)) {
recipientAccountsList.add(createAccountInstance(moduleAccountsType, callee));
}
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/GeoArtifactsHelper.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/GeoArtifactsHelper.java
index 838c8e601166a379477cdb454adccacc92b76c4d..558fda9b7f66d63e807050840ece29fa3bb63e84 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/GeoArtifactsHelper.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/GeoArtifactsHelper.java
@@ -19,7 +19,6 @@
package org.sleuthkit.datamodel.blackboardutils;
import java.util.ArrayList;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoTrackpointsUtil.GeoTrackPointList;
import java.util.List;
import org.sleuthkit.datamodel.Blackboard.BlackboardException;
import org.sleuthkit.datamodel.BlackboardArtifact;
@@ -27,9 +26,9 @@
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoWaypointsUtil.GeoWaypointList;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoTrackpointsUtil;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoWaypointsUtil;
+import org.sleuthkit.datamodel.blackboardutils.attributes.BlackboardJsonAttrUtil;
+import org.sleuthkit.datamodel.blackboardutils.attributes.GeoWaypoints;
+import org.sleuthkit.datamodel.blackboardutils.attributes.GeoTrackPoints;
/**
* An artifact creation helper that adds geolocation artifacts to the case
@@ -37,9 +36,9 @@
*/
public final class GeoArtifactsHelper extends ArtifactHelperBase {
+ private static final BlackboardAttribute.Type WAYPOINTS_ATTR_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_WAYPOINTS);
+ private static final BlackboardAttribute.Type TRACKPOINTS_ATTR_TYPE = new BlackboardAttribute.Type(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_TRACKPOINTS);
private final String programName;
- private final TskGeoTrackpointsUtil trackPointAttributeUtil;
- private final TskGeoWaypointsUtil waypointsAttributeUtil;
/**
* Constructs an artifact creation helper that adds geolocation artifacts to
@@ -58,8 +57,6 @@ public final class GeoArtifactsHelper extends ArtifactHelperBase {
public GeoArtifactsHelper(SleuthkitCase caseDb, String moduleName, String programName, Content srcContent) {
super(caseDb, moduleName, srcContent);
this.programName = programName;
- trackPointAttributeUtil = new TskGeoTrackpointsUtil();
- waypointsAttributeUtil = new TskGeoWaypointsUtil();
}
/**
@@ -80,7 +77,7 @@ public GeoArtifactsHelper(SleuthkitCase caseDb, String moduleName, String progra
* @throws BlackboardException If there is a error posting the artifact to
* the blackboard.
*/
- public BlackboardArtifact addTrack(String trackName, GeoTrackPointList trackPoints, List<BlackboardAttribute> moreAttributes) throws TskCoreException, BlackboardException {
+ public BlackboardArtifact addTrack(String trackName, GeoTrackPoints trackPoints, List<BlackboardAttribute> moreAttributes) throws TskCoreException, BlackboardException {
if (trackPoints == null) {
throw new IllegalArgumentException(String.format("addTrack was passed a null list of track points"));
}
@@ -92,7 +89,7 @@ public BlackboardArtifact addTrack(String trackName, GeoTrackPointList trackPoin
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, getModuleName(), trackName));
}
- attributes.add(trackPointAttributeUtil.toAttribute(getModuleName(), trackPoints));
+ attributes.add(BlackboardJsonAttrUtil.toAttribute(TRACKPOINTS_ATTR_TYPE, getModuleName(), trackPoints));
if (programName != null) {
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_PROG_NAME, getModuleName(), programName));
@@ -107,8 +104,8 @@ public BlackboardArtifact addTrack(String trackName, GeoTrackPointList trackPoin
getSleuthkitCase().getBlackboard().postArtifact(artifact, getModuleName());
return artifact;
- }
-
+ }
+
/**
* Adds a TSK_GPS_ROUTE artifact to the case database. A Global Positioning
* System (GPS) route artifact records one or more waypoints entered into a
@@ -130,7 +127,7 @@ public BlackboardArtifact addTrack(String trackName, GeoTrackPointList trackPoin
* @throws BlackboardException If there is a error posting the artifact to
* the blackboard.
*/
- public BlackboardArtifact addRoute(String routeName, Long creationTime, GeoWaypointList wayPoints, List<BlackboardAttribute> moreAttributes) throws TskCoreException, BlackboardException {
+ public BlackboardArtifact addRoute(String routeName, Long creationTime, GeoWaypoints wayPoints, List<BlackboardAttribute> moreAttributes) throws TskCoreException, BlackboardException {
if (wayPoints == null) {
throw new IllegalArgumentException(String.format("addRoute was passed a null list of waypoints"));
}
@@ -138,7 +135,7 @@ public BlackboardArtifact addRoute(String routeName, Long creationTime, GeoWaypo
BlackboardArtifact artifact = getContent().newArtifact(BlackboardArtifact.ARTIFACT_TYPE.TSK_GPS_ROUTE);
List<BlackboardAttribute> attributes = new ArrayList<>();
- attributes.add(waypointsAttributeUtil.toAttribute(getModuleName(), wayPoints));
+ attributes.add(BlackboardJsonAttrUtil.toAttribute(WAYPOINTS_ATTR_TYPE, getModuleName(), wayPoints));
if (routeName != null) {
attributes.add(new BlackboardAttribute(BlackboardAttribute.ATTRIBUTE_TYPE.TSK_NAME, getModuleName(), routeName));
@@ -162,4 +159,5 @@ public BlackboardArtifact addRoute(String routeName, Long creationTime, GeoWaypo
return artifact;
}
+
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/WebBrowserArtifactsHelper.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/WebBrowserArtifactsHelper.java
index 1a4cb5f2cb808720b6fcefaac49efa1a59fdbd2b..f3b7814666bf318c24a74dfe37b2650c7388a49a 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/WebBrowserArtifactsHelper.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/WebBrowserArtifactsHelper.java
@@ -30,6 +30,7 @@
import org.sleuthkit.datamodel.BlackboardArtifact;
import org.sleuthkit.datamodel.BlackboardAttribute;
import org.sleuthkit.datamodel.CommunicationsManager;
+import org.sleuthkit.datamodel.CommunicationsUtils;
import org.sleuthkit.datamodel.Content;
import org.sleuthkit.datamodel.SleuthkitCase;
import org.sleuthkit.datamodel.TskCoreException;
@@ -299,11 +300,11 @@ public BlackboardArtifact addWebFormAddress(String personName, String email,
Collection<BlackboardAttribute> attributes = new ArrayList<>();
CommunicationsManager commManager = this.getSleuthkitCase().getCommunicationsManager();
- if(StringUtils.isNotBlank(email)) {
+ if (CommunicationsUtils.isValidEmailAddress(email)) {
commManager.createAccountFileInstance(Account.Type.EMAIL, email, this.getModuleName(), this.getContent());
}
- if(StringUtils.isNotBlank(phoneNumber)) {
+ if(CommunicationsUtils.isValidPhoneNumber(phoneNumber)) {
commManager.createAccountFileInstance(Account.Type.PHONE, phoneNumber, this.getModuleName(), this.getContent());
}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/BlackboardAttributeUtil.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/BlackboardAttributeUtil.java
deleted file mode 100755
index d32b264a56a6309498990d944c4125089b9bb48a..0000000000000000000000000000000000000000
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/BlackboardAttributeUtil.java
+++ /dev/null
@@ -1,48 +0,0 @@
-/*
- * Sleuth Kit Data Model
- *
- * Copyright 2020 Basis Technology Corp.
- * Contact: carrier <at> sleuthkit <dot> org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.datamodel.blackboardutils.attributes;
-
-import org.sleuthkit.datamodel.BlackboardAttribute;
-
-/**
- * An interface for Utility classes to implement for translating
- * BlackboardAttributes to and from a particular format. Initial use case is for
- * BlackboardAttributes of type TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON.
- */
-public interface BlackboardAttributeUtil<T> {
-
- /**
- * Translates the value of type T to a attribute.
- *
- * @param moduleName Name of module creating the artifact
- * @param value Object to Translate to attribute
- *
- * @return BlackboardAttribute created from value
- */
- BlackboardAttribute toAttribute(String moduleName, T value);
-
- /**
- * Translates a attribute to an object of type T.
- *
- * @param attribute The attribute to be translated to T
- *
- * @return A new instance of T created from the attribute
- */
- T fromAttribute(BlackboardAttribute attribute);
-}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/BlackboardJsonAttrUtil.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/BlackboardJsonAttrUtil.java
new file mode 100755
index 0000000000000000000000000000000000000000..fde3e728720ae559e6135a8cc2782434dc5a551f
--- /dev/null
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/BlackboardJsonAttrUtil.java
@@ -0,0 +1,119 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2020 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.datamodel.blackboardutils.attributes;
+
+import com.google.gson.Gson;
+import com.google.gson.JsonSyntaxException;
+import org.sleuthkit.datamodel.BlackboardAttribute;
+
+/**
+ * A utility for converting between JSON and artifact attributes of value type
+ * TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON.
+ */
+public final class BlackboardJsonAttrUtil {
+
+ /**
+ * Creates an attribute of a given type with the string value set to an
+ * object of type T serialized to JSON.
+ *
+ * T The type of the attribute value object to be
+ * serialized.
+ *
+ * @param attrType The type of attribute to create.
+ * @param moduleName The name of the module creating the attribute.
+ * @param attrValue The attribute value object.
+ *
+ * @return The BlackboardAttribute object.
+ */
+ public static <T> BlackboardAttribute toAttribute(BlackboardAttribute.Type attrType, String moduleName, T attrValue) {
+ if (attrType.getValueType() != BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON) {
+ throw new IllegalArgumentException(String.format("Attribute type %s does not have value type BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON", attrType.getTypeName()));
+ }
+ return new BlackboardAttribute(attrType, moduleName, (new Gson()).toJson(attrValue));
+ }
+
+ /**
+ * Creates an object of type T from the JSON in the string value of a
+ * BlackboardAttribute with a value type of
+ * TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON.
+ *
+ * T The type of the object to be created from the JSON.
+ *
+ * @param attr The attribute.
+ * @param clazz The class object for class T.
+ *
+ * @return The T object from the attribute.
+ *
+ * @throws InvalidJsonException Thrown the JSON in an artifact attribute
+ * cannot be deserialized to an object of the
+ * specified type.
+ */
+ public static <T> T fromAttribute(BlackboardAttribute attr, Class<T> clazz) throws InvalidJsonException {
+ BlackboardAttribute.Type attrType = attr.getAttributeType();
+ if (attrType.getValueType() != BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON) {
+ throw new IllegalArgumentException(String.format("Attribute type %s does not have value type BlackboardAttribute.TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.JSON", attrType.getTypeName()));
+ }
+ String json = attr.getValueString();
+ if (json == null || json.isEmpty()) {
+ throw new InvalidJsonException("The string value (JSON) of the attribute is null or empty");
+ }
+ try {
+ return (new Gson()).fromJson(json, clazz);
+ } catch (JsonSyntaxException ex) {
+ throw new InvalidJsonException(String.format("The string value (JSON) could not be deserialized as a %s", clazz.getName()), ex);
+ }
+ }
+
+ /**
+ * Constructs an exception to be thrown when the JSON in an artifact
+ * attribute cannot be deserialized to an object of the specified type.
+ */
+ public static class InvalidJsonException extends Exception {
+
+ private static final long serialVersionUID = 1L;
+
+ /**
+ * Constructs an exception thrown when JSON in an artifact attribute
+ * cannot be deserialized to an object of the specified type.
+ *
+ * @param message An error message.
+ */
+ public InvalidJsonException(String message) {
+ super(message);
+ }
+
+ /**
+ * Constructs an exception thrown when JSON in an artifact attribute
+ * cannot be deserialized to an object of the specified type.
+ *
+ * @param message An error message.
+ * @param cause An excception that caused this exception to be thrown.
+ */
+ public InvalidJsonException(String message, Throwable cause) {
+ super(message, cause);
+ }
+ }
+
+ /**
+ * Prevents instantiation of this utility class.
+ */
+ private BlackboardJsonAttrUtil() {
+ }
+
+}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/GeoTrackPoints.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/GeoTrackPoints.java
new file mode 100755
index 0000000000000000000000000000000000000000..fb61d5a53bd4234cf2d023a3e1a51fd0d20b807c
--- /dev/null
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/GeoTrackPoints.java
@@ -0,0 +1,232 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2020 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.datamodel.blackboardutils.attributes;
+
+import com.google.gson.annotations.SerializedName;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * A GeoTrackPoints object is a collection of TrackPoint objects. A TrackPoint
+ * represents a track point, which is a location in a geographic coordinate
+ * system with latitude, longitude and altitude (elevation) axes.
+ *
+ * GeoTrackPoints objects are designed to be used as the string value of the
+ * TSK_GEO_TRACKPOINTS attribute of a TSK_GPS_TRACK artifact. TSK_GPS_TRACK
+ * artifacts are used to record a track, or path, of a GPS-enabled device as a
+ * connected series of track points.
+ *
+ */
+public class GeoTrackPoints implements Iterable<GeoTrackPoints.TrackPoint> {
+
+ private final List<TrackPoint> pointList;
+
+ /**
+ * Constructs an empty GeoTrackPoints object.
+ */
+ public GeoTrackPoints() {
+ pointList = new ArrayList<>();
+ }
+
+ /**
+ * Adds a track point to this list of track points.
+ *
+ * @param trackPoint A track point.
+ */
+ public void addPoint(TrackPoint trackPoint) {
+ if (trackPoint == null) {
+ throw new IllegalArgumentException("addPoint was passed a null track point");
+ }
+
+ pointList.add(trackPoint);
+ }
+
+ @Override
+ public Iterator<TrackPoint> iterator() {
+ return pointList.iterator();
+ }
+
+ /**
+ * Returns whether or not this list of track points is empty.
+ *
+ * @return True or false.
+ */
+ public boolean isEmpty() {
+ return pointList.isEmpty();
+ }
+
+ /**
+ * Gets the earliest track point timestamp in this list of track points, if
+ * timestamps are present.
+ *
+ * @return The timestamp in milliseconds from the Java epoch of
+ * 1970-01-01T00:00:00Z, may be null or zero.
+ */
+ public Long getStartTime() {
+ List<TrackPoint> orderedPoints = getTimeOrderedPoints();
+ if (orderedPoints != null) {
+ for (TrackPoint point : orderedPoints) {
+ if (point.getTimeStamp() != null) {
+ return point.getTimeStamp();
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Gets the latest track point timestamp in this list of track points, if
+ * timestamps are present.
+ *
+ * @return The timestamp in milliseconds from the Java epoch of
+ * 1970-01-01T00:00:00Z, may be null or zero.
+ */
+ public Long getEndTime() {
+ List<TrackPoint> orderedPoints = getTimeOrderedPoints();
+ if (orderedPoints != null) {
+ for (int index = orderedPoints.size() - 1; index >= 0; index--) {
+ TrackPoint point = orderedPoints.get(index);
+ if (point.getTimeStamp() != null) {
+ return point.getTimeStamp();
+ }
+ }
+ }
+ return null;
+ }
+
+ /**
+ * Gets this list of track points as a list ordered by track point
+ * timestamp.
+ *
+ * @return The ordered list of track points.
+ */
+ private List<TrackPoint> getTimeOrderedPoints() {
+ return pointList.stream().sorted().collect(Collectors.toCollection(ArrayList::new));
+ }
+
+ /**
+ * A representation of a track point, which is a location in a geographic
+ * coordinate system with latitude, longitude and altitude (elevation) axes.
+ */
+ public final static class TrackPoint extends GeoWaypoints.Waypoint implements Comparable<TrackPoint> {
+
+ @SerializedName("TSK_GEO_VELOCITY")
+ private final Double velocity;
+ @SerializedName("TSK_DISTANCE_FROM_HOMEPOINT")
+ private final Double distanceFromHomePoint;
+ @SerializedName("TSK_DISTANCE_TRAVELED")
+ private final Double distanceTraveled;
+ @SerializedName("TSK_DATETIME")
+ private final Long timestamp;
+
+ /**
+ * Constructs a representation of a track point, which is a location in
+ * a geographic coordinate system with latitude, longitude and altitude
+ * (elevation) axes.
+ *
+ * @param latitude The latitude of the track point.
+ * @param longitude The longitude of the track point.
+ * @param altitude The altitude of the track point, may be
+ * null.
+ * @param name The name of the track point, may be
+ * null.
+ * @param velocity The velocity of the device at the track
+ * point in meters per second, may be null.
+ * @param distanceFromHomePoint The distance of the track point in
+ * meters from an established home point,
+ * may be null.
+ * @param distanceTraveled The distance the device has traveled in
+ * meters at the time this track point was
+ * created, may be null.
+ * @param timestamp The timestamp of the track point as
+ * milliseconds from the Java epoch of
+ * 1970-01-01T00:00:00Z, may be null.
+ */
+ public TrackPoint(Double latitude,
+ Double longitude,
+ Double altitude,
+ String name,
+ Double velocity,
+ Double distanceFromHomePoint,
+ Double distanceTraveled,
+ Long timestamp) {
+ super(latitude, longitude, altitude, name);
+ this.velocity = velocity;
+ this.distanceFromHomePoint = distanceFromHomePoint;
+ this.distanceTraveled = distanceTraveled;
+ this.timestamp = timestamp;
+ }
+
+ /**
+ * Gets the velocity of the device at this track point in meters per
+ * second, if known.
+ *
+ * @return The velocity in meters/sec, may be null or zero.
+ */
+ public Double getVelocity() {
+ return velocity;
+ }
+
+ /**
+ * Gets the distance of this track point from an established home point,
+ * if known.
+ *
+ * @return The distance in meters, may be null or zero.
+ */
+ public Double getDistanceFromHomePoint() {
+ return distanceFromHomePoint;
+ }
+
+ /**
+ * Gets the distance the device has traveled in meters at the time this
+ * track point was created, if known.
+ *
+ * @return The distance traveled in meters, may be null or zero.
+ */
+ public Double getDistanceTraveled() {
+ return distanceTraveled;
+ }
+
+ /**
+ * Gets the timestamp of this track point as milliseconds from the Java
+ * epoch of 1970-01-01T00:00:00Z, if known.
+ *
+ * @return The timestamp, may be null or zero.
+ */
+ public Long getTimeStamp() {
+ return timestamp;
+ }
+
+ @Override
+ public int compareTo(TrackPoint otherTP) {
+ Long otherTimeStamp = otherTP.getTimeStamp();
+
+ if (timestamp == null && otherTimeStamp != null) {
+ return -1;
+ } else if (timestamp != null && otherTimeStamp == null) {
+ return 1;
+ } else {
+ return timestamp.compareTo(otherTP.getTimeStamp());
+ }
+ }
+ }
+
+}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/GeoWaypoints.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/GeoWaypoints.java
new file mode 100755
index 0000000000000000000000000000000000000000..4e5f3ca192dd5816e26927e8b9b30951f5b1f412
--- /dev/null
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/GeoWaypoints.java
@@ -0,0 +1,153 @@
+/*
+ * Sleuth Kit Data Model
+ *
+ * Copyright 2020 Basis Technology Corp.
+ * Contact: carrier <at> sleuthkit <dot> org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.sleuthkit.datamodel.blackboardutils.attributes;
+
+import com.google.gson.annotations.SerializedName;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.List;
+
+/**
+ * A GeoWaypoints object is a collection of Waypoint objects. A Waypoint object
+ * represents a waypoint for a GPS-enabled device with a navigation capability.
+ * Every waypoint is a location, possibly named, in a geographic coordinate
+ * system with latitude, longitude and altitude (elevation) axes.
+ *
+ * GeoWaypoints objects are designed to be used as the string value of the
+ * TSK_GEO_WAYPOINTS attribute of a TSK_GPS_ROUTE artifact. TSK_GPS_ROUTE
+ * artifacts are used to record one or more waypoints linked together as a route
+ * to be navigated from waypoint to waypoint.
+ */
+public class GeoWaypoints implements Iterable<GeoWaypoints.Waypoint> {
+
+ private final List<Waypoint> points;
+
+ /**
+ * Constructs an empty GeoWaypoints object.
+ */
+ public GeoWaypoints() {
+ points = new ArrayList<>();
+ }
+
+ /**
+ * Adds a waypoint to this list of waypoints.
+ *
+ * @param wayPoint A waypoint.
+ */
+ public void addPoint(Waypoint wayPoint) {
+ if (wayPoint == null) {
+ throw new IllegalArgumentException("addPoint was passed a null waypoint");
+ }
+
+ points.add(wayPoint);
+ }
+
+ /**
+ * Returns whether or not this list of waypoints is empty.
+ *
+ * @return True or false.
+ */
+ public boolean isEmpty() {
+ return points.isEmpty();
+ }
+
+ @Override
+ public Iterator<Waypoint> iterator() {
+ return points.iterator();
+ }
+
+ /**
+ * A representation of a waypoint, which is a a location, possibly named, in
+ * a geographic coordinate system with latitude, longitude and altitude
+ * (elevation) axes.
+ */
+ public static class Waypoint {
+
+ @SerializedName("TSK_GEO_LATITUDE")
+ private final Double latitude;
+ @SerializedName("TSK_GEO_LONGITUDE")
+ private final Double longitude;
+ @SerializedName("TSK_GEO_ALTITUDE")
+ private final Double altitude;
+ @SerializedName("TSK_NAME")
+ private final String name;
+
+ /**
+ * Constructs a representation of a waypoint, which is a a location,
+ * possibly named, in a geographic coordinate system with latitude,
+ * longitude and altitude (elevation) axes.
+ *
+ * @param latitude The latitude of the waypoint.
+ * @param longitude The longitude of the waypoint.
+ * @param altitude The altitude of the waypoint, may be null.
+ * @param name The name of the waypoint, may be null.
+ */
+ public Waypoint(Double latitude, Double longitude, Double altitude, String name) {
+ if (latitude == null) {
+ throw new IllegalArgumentException("Constructor was passed null latitude");
+ }
+
+ if (longitude == null) {
+ throw new IllegalArgumentException("Constructor was passed null longitude");
+ }
+
+ this.latitude = latitude;
+ this.longitude = longitude;
+ this.altitude = altitude;
+ this.name = name;
+ }
+
+ /**
+ * Gets the latitude of this waypoint.
+ *
+ * @return The latitude.
+ */
+ public Double getLatitude() {
+ return latitude;
+ }
+
+ /**
+ * Gets the longitude of this waypoint.
+ *
+ * @return The longitude.
+ */
+ public Double getLongitude() {
+ return longitude;
+ }
+
+ /**
+ * Gets the altitude of this waypoint, if available.
+ *
+ * @return The altitude, may be null or zero.
+ */
+ public Double getAltitude() {
+ return altitude;
+ }
+
+ /**
+ * Gets the name of this waypoint, if available.
+ *
+ * @return The name, may be null or empty.
+ */
+ public String getName() {
+ return name;
+ }
+ }
+
+}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/MessageAttachments.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/MessageAttachments.java
index 632268d7409e2ee5073e6f66c4cdbae36c2216d1..c8b26442fb30c3141aa8ef231638de017c0bb309 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/MessageAttachments.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/MessageAttachments.java
@@ -333,7 +333,6 @@ public Long getObjId() {
}
}
-
private final Collection<FileAttachment> fileAttachments;
private final Collection<URLAttachment> urlAttachments;
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/TskGeoTrackpointsUtil.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/TskGeoTrackpointsUtil.java
deleted file mode 100755
index 1fb1f25594d208fef89e1a7a49c6fce9a039f7eb..0000000000000000000000000000000000000000
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/TskGeoTrackpointsUtil.java
+++ /dev/null
@@ -1,301 +0,0 @@
-/*
- * Sleuth Kit Data Model
- *
- * Copyright 2020 Basis Technology Corp.
- * Contact: carrier <at> sleuthkit <dot> org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.datamodel.blackboardutils.attributes;
-
-import com.google.gson.Gson;
-import com.google.gson.annotations.SerializedName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import java.util.stream.Collectors;
-import org.sleuthkit.datamodel.BlackboardAttribute;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoTrackpointsUtil.GeoTrackPointList;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoTrackpointsUtil.GeoTrackPointList.GeoTrackPoint;
-
-/**
- * A utility class for converting between a TSK_GEO_TRACKPOINTS attribute and a
- * GeoTrackPointList. A GeoTrackPointList is a collection of GeoTrackPoints. A
- * GeoTrackPoint represents a track point, which is a location in a geographic
- * coordinate system with latitude, longitude and altitude (elevation) axes.
- *
- * TSK_GEO_TRACKPOINTS attributes are used by TSK_GPS_TRACK artifacts to record
- * a track, or path, of a GPS-enabled device as a connected series of track
- * points.
- */
-public final class TskGeoTrackpointsUtil implements BlackboardAttributeUtil<GeoTrackPointList> {
-
- @Override
- public BlackboardAttribute toAttribute(String moduleName, GeoTrackPointList value) {
- if (value == null) {
- throw new IllegalArgumentException("toAttribute was passed a null list");
- }
-
- return new BlackboardAttribute(
- BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_TRACKPOINTS,
- moduleName,
- toJSON(value));
- }
-
- @Override
- public GeoTrackPointList fromAttribute(BlackboardAttribute attribute) {
- if (attribute == null) {
- throw new IllegalArgumentException("fromAttribute was passed a null attribute");
- }
-
- BlackboardAttribute.ATTRIBUTE_TYPE type = BlackboardAttribute.ATTRIBUTE_TYPE.fromID(attribute.getAttributeType().getTypeID());
- if (type != BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_TRACKPOINTS) {
- throw new IllegalArgumentException(String.format("Invalid attribute of type %s passed to fromAttribute method. Attribute of type TSK_GEO_TRACKPOINTS is required", type.getDisplayName()));
- }
-
- return fromJSON(attribute.getValueString());
- }
-
- /**
- * Constructs a GeoTrackPointList object from its JSON representation.
- *
- * @param json A JSON representation of a GeoTrackPointList.
- *
- * @return The GeoTrackPointList object.
- */
- private static GeoTrackPointList fromJSON(String json) {
- if (json == null || json.isEmpty()) {
- throw new IllegalArgumentException("fromJSON was passed a empty or null JSON string");
- }
-
- return (new Gson()).fromJson(json, GeoTrackPointList.class);
- }
-
- /**
- * Creates a JSON representation of a GeoTrackPointList object.
- *
- * @param trackPoints A GeoTrackPointList object.
- *
- * @return The JSON representation of the GeoTrackPointList object.
- */
- private static String toJSON(GeoTrackPointList trackPoints) {
- if (trackPoints == null) {
- throw new IllegalArgumentException("toJSON was passed a null track points list");
- }
-
- Gson gson = new Gson();
- return gson.toJson(trackPoints);
- }
-
- /**
- * A list of GeoTrackPoints. A GeoTrackPoint represents a track point, which
- * is a location in a geographic coordinate system with latitude, longitude
- * and altitude (elevation) axes.
- */
- public static class GeoTrackPointList implements Iterable<GeoTrackPointList.GeoTrackPoint> {
-
- private final List<GeoTrackPoint> pointList;
-
- /**
- * Constructs an empty GeoTrackPointList.
- */
- public GeoTrackPointList() {
- pointList = new ArrayList<>();
- }
-
- /**
- * Adds a track point to this list of track points.
- *
- * @param trackPoint A track point.
- */
- public void addPoint(GeoTrackPoint trackPoint) {
- if (trackPoint == null) {
- throw new IllegalArgumentException("addPoint was passed a null track point");
- }
-
- pointList.add(trackPoint);
- }
-
- @Override
- public Iterator<GeoTrackPoint> iterator() {
- return pointList.iterator();
- }
-
- /**
- * Returns whether or not this list of track points is empty.
- *
- * @return True or false.
- */
- public boolean isEmpty() {
- return pointList.isEmpty();
- }
-
- /**
- * Gets the earliest track point timestamp in this list of track points,
- * if timestamps are present.
- *
- * @return The timestamp in milliseconds from the Java epoch of
- * 1970-01-01T00:00:00Z, may be null or zero.
- */
- public Long getStartTime() {
- List<GeoTrackPoint> orderedPoints = getTimeOrderedPoints();
- if (orderedPoints != null) {
- for (GeoTrackPoint point : orderedPoints) {
- if (point.getTimeStamp() != null) {
- return point.getTimeStamp();
- }
- }
- }
- return null;
- }
-
- /**
- * Gets the latest track point timestamp in this list of track points,
- * if timestamps are present.
- *
- * @return The timestamp in milliseconds from the Java epoch of
- * 1970-01-01T00:00:00Z, may be null or zero.
- */
- public Long getEndTime() {
- List<GeoTrackPoint> orderedPoints = getTimeOrderedPoints();
- if (orderedPoints != null) {
- for (int index = orderedPoints.size() - 1; index >= 0; index--) {
- GeoTrackPoint point = orderedPoints.get(index);
- if (point.getTimeStamp() != null) {
- return point.getTimeStamp();
- }
- }
- }
- return null;
- }
-
- /**
- * Gets this list of track points as a list ordered by track point
- * timestamp.
- *
- * @return The ordered list of track points.
- */
- private List<GeoTrackPoint> getTimeOrderedPoints() {
- return pointList.stream().sorted().collect(Collectors.toCollection(ArrayList::new));
- }
-
- /**
- * A representation of a track point, which is a location in a
- * geographic coordinate system with latitude, longitude and altitude
- * (elevation) axes.
- */
- public final static class GeoTrackPoint extends TskGeoWaypointsUtil.GeoWaypointList.GeoWaypoint implements Comparable<GeoTrackPoint> {
-
- @SerializedName("TSK_GEO_VELOCITY")
- private final Double velocity;
- @SerializedName("TSK_DISTANCE_FROM_HOMEPOINT")
- private final Double distanceFromHomePoint;
- @SerializedName("TSK_DISTANCE_TRAVELED")
- private final Double distanceTraveled;
- @SerializedName("TSK_DATETIME")
- private final Long timestamp;
-
- /**
- * Constructs a representation of a track point, which is a location
- * in a geographic coordinate system with latitude, longitude and
- * altitude (elevation) axes.
- *
- * @param latitude The latitude of the track point.
- * @param longitude The longitude of the track point.
- * @param altitude The altitude of the track point, may
- * be null.
- * @param name The name of the track point, may be
- * null.
- * @param velocity The velocity of the device at the
- * track point in meters per second,
- * may be null.
- * @param distanceFromHomePoint The distance of the track point in
- * meters from an established home
- * point, may be null.
- * @param distanceTraveled The distance the device has traveled
- * in meters at the time this track
- * point was created, may be null.
- * @param timestamp The timestamp of the track point as
- * milliseconds from the Java epoch of
- * 1970-01-01T00:00:00Z, may be null.
- */
- public GeoTrackPoint(Double latitude,
- Double longitude,
- Double altitude,
- String name,
- Double velocity,
- Double distanceFromHomePoint,
- Double distanceTraveled,
- Long timestamp) {
- super(latitude, longitude, altitude, name);
- this.velocity = velocity;
- this.distanceFromHomePoint = distanceFromHomePoint;
- this.distanceTraveled = distanceTraveled;
- this.timestamp = timestamp;
- }
-
- /**
- * Gets the velocity of the device at this track point in meters per
- * second, if known.
- *
- * @return The velocity in meters/sec, may be null or zero.
- */
- public Double getVelocity() {
- return velocity;
- }
-
- /**
- * Gets the distance of this track point from an established home
- * point, if known.
- *
- * @return The distance in meters, may be null or zero.
- */
- public Double getDistanceFromHomePoint() {
- return distanceFromHomePoint;
- }
-
- /**
- * Gets the distance the device has traveled in meters at the time
- * this track point was created, if known.
- *
- * @return The distance traveled in meters, may be null or zero.
- */
- public Double getDistanceTraveled() {
- return distanceTraveled;
- }
-
- /**
- * Gets the timestamp of this track point as milliseconds from the
- * Java epoch of 1970-01-01T00:00:00Z, if known.
- *
- * @return The timestamp, may be null or zero.
- */
- public Long getTimeStamp() {
- return timestamp;
- }
-
- @Override
- public int compareTo(GeoTrackPoint otherTP) {
- Long otherTimeStamp = otherTP.getTimeStamp();
-
- if (timestamp == null && otherTimeStamp != null) {
- return -1;
- } else if (timestamp != null && otherTimeStamp == null) {
- return 1;
- } else {
- return timestamp.compareTo(otherTP.getTimeStamp());
- }
- }
- }
- }
-}
diff --git a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/TskGeoWaypointsUtil.java b/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/TskGeoWaypointsUtil.java
deleted file mode 100755
index 6b8a48fb8d9ac3fc64df0f251f528c0537907042..0000000000000000000000000000000000000000
--- a/bindings/java/src/org/sleuthkit/datamodel/blackboardutils/attributes/TskGeoWaypointsUtil.java
+++ /dev/null
@@ -1,218 +0,0 @@
-/*
- * Sleuth Kit Data Model
- *
- * Copyright 2020 Basis Technology Corp.
- * Contact: carrier <at> sleuthkit <dot> org
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-package org.sleuthkit.datamodel.blackboardutils.attributes;
-
-import com.google.gson.Gson;
-import com.google.gson.annotations.SerializedName;
-import java.util.ArrayList;
-import java.util.Iterator;
-import java.util.List;
-import org.sleuthkit.datamodel.BlackboardAttribute;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoWaypointsUtil.GeoWaypointList;
-import org.sleuthkit.datamodel.blackboardutils.attributes.TskGeoWaypointsUtil.GeoWaypointList.GeoWaypoint;
-
-/**
- * A utility class for converting between a TSK_GEO_WAYPOINTS attribute and a
- * GeoWaypointList object. A GeoWaypointList is a collection of GeoWaypoints
- * objects. A GeoWaypoint represents a waypoint for a GPS-enabled device with a
- * navigation capability. Every waypoint is a location, possibly named, in a
- * geographic coordinate system with latitude, longitude and altitude
- * (elevation) axes.
- *
- * TSK_GEO_WAYPOINTS attributes are used by TSK_GPS_ROUTE artifacts to record
- * one or more waypoints linked together as a route to be navigated from
- * waypoint to waypoint.
- */
-public final class TskGeoWaypointsUtil implements BlackboardAttributeUtil<GeoWaypointList> {
-
- @Override
- public BlackboardAttribute toAttribute(String moduleName, GeoWaypointList value) {
- if (value == null) {
- throw new IllegalArgumentException("toAttribute was pass a null list");
- }
-
- return new BlackboardAttribute(
- BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_WAYPOINTS,
- moduleName,
- toJSON(value));
- }
-
- @Override
- public GeoWaypointList fromAttribute(BlackboardAttribute attribute) {
- if (attribute == null) {
- throw new IllegalArgumentException("fromAttribute was pass a null list");
- }
-
- BlackboardAttribute.ATTRIBUTE_TYPE type = BlackboardAttribute.ATTRIBUTE_TYPE.fromID(attribute.getAttributeType().getTypeID());
- if (type != BlackboardAttribute.ATTRIBUTE_TYPE.TSK_GEO_WAYPOINTS) {
- throw new IllegalArgumentException(String.format("Invalid attribute of type %s passed to fromAttribute method. Attribute of type TSK_GEO_WAYPOINTS is required", type.getDisplayName()));
- }
-
- return fromJSON(attribute.getValueString());
- }
-
- /**
- * Constructs a GeoWaypointList object from its JSON representation.
- *
- * @param json A JSON representation of a GeoWaypointList.
- *
- * @return The GeoWaypointList object.
- */
- private static GeoWaypointList fromJSON(String json) {
- if (json == null || json.isEmpty()) {
- return null;
- }
-
- return (new Gson()).fromJson(json, GeoWaypointList.class);
- }
-
- /**
- * Creates a JSON representation of a GeoWaypointList object.
- *
- * @param waypoints A GeoWaypointList object.
- *
- * @return The JSON representation of the GeoWaypointList object.
- */
- private static String toJSON(GeoWaypointList waypoints) {
- Gson gson = new Gson();
- return gson.toJson(waypoints);
- }
-
- /**
- * A list of GeoWaypoints. A GeoWaypoint represents a waypoint, which is a a
- * location, possibly named, in a geographic coordinate system with
- * latitude, longitude and altitude (elevation) axes.
- */
- public static final class GeoWaypointList implements Iterable<GeoWaypointList.GeoWaypoint> {
-
- private final List<GeoWaypoint> points;
-
- /**
- * Constructs an empty GeoWaypointList.
- */
- public GeoWaypointList() {
- points = new ArrayList<>();
- }
-
- /**
- * Adds a waypoint to this list of waypoints.
- *
- * @param wayPoint A waypoint.
- */
- public void addPoint(GeoWaypoint wayPoint) {
- if (wayPoint == null) {
- throw new IllegalArgumentException("addPoint was passed a null waypoint");
- }
-
- points.add(wayPoint);
- }
-
- /**
- * Returns whether or not this list of waypoints is empty.
- *
- * @return True or false.
- */
- public boolean isEmpty() {
- return points.isEmpty();
- }
-
- @Override
- public Iterator<GeoWaypointList.GeoWaypoint> iterator() {
- return points.iterator();
- }
-
- /**
- * A representation of a waypoint, which is a a location, possibly
- * named, in a geographic coordinate system with latitude, longitude and
- * altitude (elevation) axes.
- */
- public static class GeoWaypoint {
-
- @SerializedName("TSK_GEO_LATITUDE")
- private final Double latitude;
- @SerializedName("TSK_GEO_LONGITUDE")
- private final Double longitude;
- @SerializedName("TSK_GEO_ALTITUDE")
- private final Double altitude;
- @SerializedName("TSK_NAME")
- private final String name;
-
- /**
- * Constructs a representation of a waypoint, which is a a location,
- * possibly named, in a geographic coordinate system with latitude,
- * longitude and altitude (elevation) axes.
- *
- * @param latitude The latitude of the waypoint.
- * @param longitude The longitude of the waypoint.
- * @param altitude The altitude of the waypoint, may be null.
- * @param name The name of the waypoint, may be null.
- */
- public GeoWaypoint(Double latitude, Double longitude, Double altitude, String name) {
- if (latitude == null) {
- throw new IllegalArgumentException("Constructor was passed null latitude");
- }
-
- if (longitude == null) {
- throw new IllegalArgumentException("Constructor was passed null longitude");
- }
-
- this.latitude = latitude;
- this.longitude = longitude;
- this.altitude = altitude;
- this.name = name;
- }
-
- /**
- * Gets the latitude of this waypoint.
- *
- * @return The latitude.
- */
- public Double getLatitude() {
- return latitude;
- }
-
- /**
- * Gets the longitude of this waypoint.
- *
- * @return The longitude.
- */
- public Double getLongitude() {
- return longitude;
- }
-
- /**
- * Get the altitude of this waypoint, if available.
- *
- * @return The altitude, may be null or zero.
- */
- public Double getAltitude() {
- return altitude;
- }
-
- /**
- * Get the name of this waypoint, if available.
- *
- * @return The name, may be null or empty.
- */
- public String getName() {
- return name;
- }
- }
- }
-}
diff --git a/configure.ac b/configure.ac
index 47aa7f5c8491929bdee35c45e8a8d12e60f1dd69..7d9e6b23159a00d5f39a28d37d0fd6760453e59e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -4,7 +4,7 @@ dnl Process this file with autoconf to produce a configure script.
AC_PREREQ(2.59)
-AC_INIT(sleuthkit, 4.8.0)
+AC_INIT(sleuthkit, 4.9.0)
m4_include([m4/ax_pthread.m4])
dnl include the version from 1.12.1. This will work for
m4_include([m4/cppunit.m4])
@@ -388,7 +388,7 @@ AC_CHECK_FUNCS([getline])
AC_SEARCH_LIBS(regexec, [regex], , AC_MSG_ERROR([missing regex]))
-dnl OpenSSL support for encryption
+dnl OpenSSL support for encryption - currently disabled due to automatic test failures
dnl AX_CHECK_OPENSSL(
dnl [ax_openssl=yes]
dnl LIBTSK_LDFLAGS="$LIBTSK_LDFLAGS $OPENSSL_LDFLAGS $OPENSSL_LIBS",
@@ -441,12 +441,12 @@ AC_CONFIG_FILES([
AC_OUTPUT
dnl Print a summary
+dnl openssl is disabled, so removed line openssl support: $ax_openssl
AC_MSG_NOTICE([
Building:
afflib support: $ax_afflib
libewf support: $ax_libewf
zlib support: $ax_zlib
- openssl support: $ax_openssl
libvhdi support: $ax_libvhdi
libvmdk support: $ax_libvmdk
diff --git a/debian/changelog b/debian/changelog
index 768f923d4c9a6a7d29410e1b979db1fb7c4b83bb..1690c7fd522c0cf459a15909a66e8f8ce6cfb6e9 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-sleuthkit-java (4.8.0-1) unstable; urgency=medium
+sleuthkit-java (4.9.0-1) unstable; urgency=medium
* Initial release (Closes: #nnnn) <nnnn is the bug number of your ITP>
diff --git a/debian/sleuthkit-java.install b/debian/sleuthkit-java.install
index 9fc3bd7bbb9cfeb20fde972ee23f9bb1d68049e4..ac1d072cac56c7c660e5be1cfe77d0d79963a707 100644
--- a/debian/sleuthkit-java.install
+++ b/debian/sleuthkit-java.install
@@ -1,3 +1,3 @@
bindings/java/lib/sqlite-jdbc-3.25.2.jar /usr/share/java
-bindings/java/dist/sleuthkit-4.8.0.jar /usr/share/java
+bindings/java/dist/sleuthkit-4.9.0.jar /usr/share/java
diff --git a/licenses/bsd.txt b/licenses/bsd.txt
new file mode 100644
index 0000000000000000000000000000000000000000..ffb82a69aa34be508b5cba51e4b2219b267e43f2
--- /dev/null
+++ b/licenses/bsd.txt
@@ -0,0 +1,16 @@
+The following files use the 3-Clause BSD license:
+
+tsk/fs/lzvn.c
+Copyright (c) 2015-2016, Apple Inc. All rights reserved.
+
+
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder(s) nor the names of any contributors may be used to endorse or promote products derived from this software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
\ No newline at end of file
diff --git a/licenses/mit.txt b/licenses/mit.txt
new file mode 100644
index 0000000000000000000000000000000000000000..527c48ea76b56af6f87b7007164864316ec1d885
--- /dev/null
+++ b/licenses/mit.txt
@@ -0,0 +1,24 @@
+The following files use the MIT license:
+
+tsk/auto/guid.cpp
+Copyright (c) 2014 Graeme Hill (http://graemehill.ca)
+
+
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.
\ No newline at end of file
diff --git a/packages/sleuthkit.spec b/packages/sleuthkit.spec
index e4d5b16e5b7529b4c7798e00d48a470e55280e12..4439db52aad80e20aa0f3b0238a2658e46d73294 100644
--- a/packages/sleuthkit.spec
+++ b/packages/sleuthkit.spec
@@ -1,5 +1,5 @@
Name: sleuthkit
-Version: 4.8.0
+Version: 4.9.0
Release: 1%{?dist}
Summary: The Sleuth Kit (TSK) is a library and collection of command line tools that allow you to investigate volume and file system data.
diff --git a/tsk/Makefile.am b/tsk/Makefile.am
index d66d3126cc87f4f5ed2bd2caaa7735099552e5b7..a17d3de69df534508d971bf8548d96bb65ef9ede 100644
--- a/tsk/Makefile.am
+++ b/tsk/Makefile.am
@@ -8,6 +8,6 @@ libtsk_la_LIBADD = base/libtskbase.la img/libtskimg.la \
vs/libtskvs.la fs/libtskfs.la hashdb/libtskhashdb.la \
auto/libtskauto.la pool/libtskpool.la util/libtskutil.la
# current:revision:age
-libtsk_la_LDFLAGS = -version-info 20:0:1 $(LIBTSK_LDFLAGS)
+libtsk_la_LDFLAGS = -version-info 20:1:1 $(LIBTSK_LDFLAGS)
EXTRA_DIST = tsk_tools_i.h docs/Doxyfile docs/*.dox docs/*.html
diff --git a/tsk/base/tsk_base.h b/tsk/base/tsk_base.h
index 47b1e50dc1875eabda0c42c42a7a26c17d6b48b1..91daa425392cd9526b9d9ca770d69b908d42c267 100644
--- a/tsk/base/tsk_base.h
+++ b/tsk/base/tsk_base.h
@@ -39,11 +39,11 @@
* 3.1.2b1 would be 0x03010201. Snapshot from Jan 2, 2003 would be
* 0xFF030102.
* See TSK_VERSION_STR for string form. */
-#define TSK_VERSION_NUM 0x040800ff
+#define TSK_VERSION_NUM 0x040900ff
/** Version of code in string form. See TSK_VERSION_NUM for
* integer form. */
-#define TSK_VERSION_STR "4.8.0"
+#define TSK_VERSION_STR "4.9.0"
/* include the TSK-specific header file that we created in autoconf
diff --git a/tsk/docs/Doxyfile b/tsk/docs/Doxyfile
index 2286063987879542a0d9a94babacab2707f84039..cf6380f2c8e7cd4552e12a4e7360b5b61027b26f 100644
--- a/tsk/docs/Doxyfile
+++ b/tsk/docs/Doxyfile
@@ -33,7 +33,7 @@ PROJECT_NAME = "The Sleuth Kit"
# if some version control system is used.
# This is automatically updated at release time.
-PROJECT_NUMBER = 4.8.0
+PROJECT_NUMBER = 4.9.0
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer
@@ -883,7 +883,7 @@ GENERATE_HTML = YES
# put in front of it. If left blank `html' will be used as the default path.
# NOTE: This is automatically updated at release time.
-HTML_OUTPUT = api-docs/4.8.0/
+HTML_OUTPUT = api-docs/4.9.0/
# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
diff --git a/tsk/docs/hashdb.dox b/tsk/docs/hashdb.dox
index b28400f5f16c701da79659e29d558259a107f5c8..0d7166979536c68ef94b9f63162c4d1f42511aae 100644
--- a/tsk/docs/hashdb.dox
+++ b/tsk/docs/hashdb.dox
@@ -4,7 +4,7 @@ This section describes some the API functions and concepts associated with the H
\section hash_over Overview
-Hash databases are frequently used to identify known good and known bad files. Text files of MD5 and SHA-1 hashes can be easily created and shared, but they are frequently not the most efficient to use to use when searching for a hash because they are in an unsorted order.
+Hash databases are frequently used to identify known good and known bad files. Text files of MD5 and SHA-1 hashes can be easily created and shared, but they are frequently not the most efficient to use when searching for a hash because they are in an unsorted order.
The hash database functions in TSK create an index into text file hash databases and allow you to more quickly perform lookups. TSK uses the index to perform binary searches for the hashes (see <a href="http://www.sleuthkit.org/informer/sleuthkit-informer-6.html">Informer #6</a>).
diff --git a/tsk/fs/fs_types.c b/tsk/fs/fs_types.c
index 6ba88f0e6f1e1065fbdedb93fe4b512c4155f334..eef6b4fae4c43afbcf978a6198b49586991a54f8 100644
--- a/tsk/fs/fs_types.c
+++ b/tsk/fs/fs_types.c
@@ -39,16 +39,18 @@ typedef struct {
* name so that we can map between values and names.
*/
static FS_TYPES fs_type_table[] = {
- {"ntfs", TSK_FS_TYPE_NTFS_DETECT, "NTFS"},
+ {"ntfs", TSK_FS_TYPE_NTFS, "NTFS"}, // NTFS == NTFS_DETECT
{"fat", TSK_FS_TYPE_FAT_DETECT, "FAT (Auto Detection)"},
{"ext", TSK_FS_TYPE_EXT_DETECT, "ExtX (Auto Detection)"},
- {"iso9660", TSK_FS_TYPE_ISO9660_DETECT, "ISO9660 CD"},
+ {"iso9660", TSK_FS_TYPE_ISO9660, "ISO9660 CD"}, // ISO9660 == DETECT
#if TSK_USE_HFS
- {"hfs", TSK_FS_TYPE_HFS_DETECT, "HFS+"},
+ {"hfs", TSK_FS_TYPE_HFS_DETECT, "HFS+ (Auto Detection)"},
#endif
+ {"yaffs2", TSK_FS_TYPE_YAFFS2, "YAFFS2"},
+ {"apfs", TSK_FS_TYPE_APFS, "APFS"},
{"ufs", TSK_FS_TYPE_FFS_DETECT, "UFS (Auto Detection)"},
- {"raw", TSK_FS_TYPE_RAW_DETECT, "Raw Data"},
- {"swap", TSK_FS_TYPE_SWAP_DETECT, "Swap Space"},
+ {"raw", TSK_FS_TYPE_RAW, "Raw Data"}, // RAW == RAW_DETECT
+ {"swap", TSK_FS_TYPE_SWAP, "Swap Space"}, // SWAP == SWAP_DETECT
{"fat12", TSK_FS_TYPE_FAT12, "FAT12"},
{"fat16", TSK_FS_TYPE_FAT16, "FAT16"},
{"fat32", TSK_FS_TYPE_FAT32, "FAT32"},
@@ -58,8 +60,10 @@ static FS_TYPES fs_type_table[] = {
{"ext4", TSK_FS_TYPE_EXT4, "Ext4"},
{"ufs1", TSK_FS_TYPE_FFS1, "UFS1"},
{"ufs2", TSK_FS_TYPE_FFS2, "UFS2"},
- {"yaffs2", TSK_FS_TYPE_YAFFS2, "YAFFS2"},
- {"apfs", TSK_FS_TYPE_APFS, "APFS"},
+#if TSK_USE_HFS
+ {"hfsp", TSK_FS_TYPE_HFS, "HFS+"},
+ {"hfsl", TSK_FS_TYPE_HFS_LEGACY, "HFS (Legacy)"},
+#endif
{0,0,""},
};
diff --git a/tsk/fs/ntfs.c b/tsk/fs/ntfs.c
index eeff809ef191244e4bb974dcbe9793ca518888ce..c55ee59f71eb1a565c49c8f8f7d4e0b7ca1a4696 100755
--- a/tsk/fs/ntfs.c
+++ b/tsk/fs/ntfs.c
@@ -375,7 +375,9 @@ ntfs_dinode_lookup(NTFS_INFO * a_ntfs, char *a_buf, TSK_INUM_T a_mftnum)
("dinode_lookup: More Update Sequence Entries than MFT size");
return TSK_COR;
}
- if (tsk_getu16(fs->endian, mft->upd_off) + sizeof(ntfs_upd) > a_ntfs->mft_rsize_b) {
+ if (tsk_getu16(fs->endian, mft->upd_off) +
+ sizeof(ntfs_upd) +
+ 2*(tsk_getu16(fs->endian, mft->upd_cnt) - 1) > a_ntfs->mft_rsize_b) {
tsk_error_reset();
tsk_error_set_errno(TSK_ERR_FS_INODE_COR);
tsk_error_set_errstr