Merge pull request #2298 from kellykelly3/7480-fix-timeline-filters

7480 - Updated timeline events and artifact catalog

bindings/java/doxygen/artifact_catalog.dox

@@ -184,8 +184,6 @@ Details about System/aplication/file backups.
 
 ### REQUIRED ATTRIBUTES
 - TSK_DATETIME_START (Date/Time the backup happened)
-     or 
-  TSK_DATETIME
   
 ### OPTIONAL ATTRIBUTES
 - TSK_DATETIME_END (Date/Time the backup ended)
@@ -286,9 +284,7 @@ A contact book entry in an application file or database.
 Programs that have been deleted from the system.
 
 ### REQUIRED ATTRIBUTES
-- TSK_DATETIME_DELETED (Date/Time the program was deleted)
-     or 
-  TSK_DATETIME
+- TSK_DATETIME (Date/Time the program was deleted)
 - TSK_PROG_NAME (Program that was deleted)
 
 ### OPTIONAL Attributes
@@ -459,8 +455,7 @@ Details about an installed program.
 - TSK_PROG_NAME (Name of the installed program)
 
 ### OPTIONAL ATTRIBUTES
-- TSK_DATETIME (A date and time associated with the installed program, e.g., the last modified time, in seconds since 1970-01-01T00:00:00Z)
-- TSK_DATETIME_CREATED (When the program was installed, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME (When the program was installed, in seconds since 1970-01-01T00:00:00Z)
 - TSK_PATH (Path to the installed program in the data source)
 - TSK_PATH_SOURCE (Path to an Android Package Kit (APK) file for an Android program)
 - TSK_PERMISSIONS (Permissions of the installed program)
@@ -678,8 +673,6 @@ Activity on the system or from an application.  Example usage is a mobile device
 
 ### REQUIRED ATTRIBUTES
 - TSK_DATETIME_START (When activity started)
-    or 
-  TSK_DATETIME
 
 ### OPTIONAL ATTRIBUTES
 - TSK_ACTIVITY_TYPE (Activity type i.e.: On or Off)

bindings/java/src/org/sleuthkit/datamodel/Bundle.properties

@@ -331,12 +331,12 @@ FileSystemTypes.fileChanged.name=File Changed
 MiscTypes.message.name=Messages
 MiscTypes.GPSRoutes.name=GPS Routes
 MiscTypes.GPSTrackpoint.name=GPS Trackpoint
-MiscTypes.Calls.name=Call Start
+MiscTypes.Calls.name=Call Begin
 MiscTypes.CallsEnd.name=Call End
 MiscTypes.Email.name=Email Sent
 MiscTypes.EmailRcvd.name=Email Received
 MiscTypes.recentDocuments.name=Recent Documents
-MiscTypes.installedPrograms.name=Installed Programs
+MiscTypes.installedPrograms.name=Program Installed
 MiscTypes.exif.name=Exif
 MiscTypes.devicesAttached.name=Devices Attached
 MiscTypes.LogEntry.name=Log Entry
@@ -348,7 +348,7 @@ MiscTypes.GPSTrack.name=GPS Track
 MiscTypes.metadataLastPrinted.name=Document Last Printed
 MiscTypes.metadataLastSaved.name=Document Last Saved
 MiscTypes.metadataCreated.name=Document Created
-MiscTypes.programexecuted.name=Program Execution
+MiscTypes.programexecuted.name=Program Run
 RootEventType.eventTypes.name=Event Types
 WebTypes.webDownloads.name=Web Downloads
 WebTypes.webCookies.name=Web Cookies Create
@@ -404,15 +404,13 @@ Significance.LikelyNone.displayName.text=Likely Not Notable
 Significance.LikelyNotable.displayName.text=Likely Notable
 Significance.None.displayName.text=Not Notable
 Significance.Notable.displayName.text=Notable
-TimelineEventType.BackupEvent.txt=Backup Event
-TimelineEventType.BackupEventStart.txt=Backup Event Start
-TimelineEventType.BackupEventEnd.txt=Backup Event End
-TimelineEventType.BackupEvent.description=Backup Event
-TimelineEventType.BackupEvent.description.start=Backup Event Started
-TimelineEventType.BackupEvent.description.end=Backup Event Ended
+TimelineEventType.BackupEventStart.txt=Backup Begin
+TimelineEventType.BackupEventEnd.txt=Backup End
+TimelineEventType.BackupEvent.description.start=Backup Begin
+TimelineEventType.BackupEvent.description.end=Backup End
 TimelineEventType.BluetoothPairingLastConnection.txt=Bluetooth Pairing Last Connection
 TimelineEventType.BluetoothPairing.txt=Bluetooth Pairing
-TimelineEventType.CalendarEntryStart.txt=Calendar Entry Start
+TimelineEventType.CalendarEntryStart.txt=Calendar Entry Begin
 TimelineEventType.CalendarEntryEnd.txt=Calendar Entry End
 TimelineEventType.DeletedProgram.txt=Program Deleted 
 TimelineEventType.DeletedProgramDeleted.txt=Application Deleted
@@ -423,13 +421,11 @@ TimelineEventType.OSAccountPwdReset.txt=Operating System Account Password Reset
 TimelineEventType.OSInfo.txt=Operating System Information
 TimelineEventType.ProgramNotification.txt=Program Notification
 TimelineEventType.ScreenShot.txt=Screen Shot
-TimelineEventType.UserDeviceEvent.txt=User Device Event
-TimelineEventType.UserDeviceEventStart.txt=User Device Event Start
-TimelineEventType.UserDeviceEventEnd.txt=User Device Event End
+TimelineEventType.UserDeviceEventStart.txt=User Activity Begin
+TimelineEventType.UserDeviceEventEnd.txt=User Activity End
 TimelineEventType.ServiceAccount.txt=Service Account
 TimelineEventType.WIFINetwork.txt=Wifi Network
 TimelineEventType.WebCache.text=Web Cache
-TimelineEventType.InstalledProgram.txt=Installed Program
 TimelineEventType.BluetoothAdapter.txt=Bluetooth Adapter
 BaseTypes.geolocation.name=Geolocation
 BaseTypes.communication.name=Communication

bindings/java/src/org/sleuthkit/datamodel/Bundle.properties-MERGED

@@ -331,12 +331,12 @@ FileSystemTypes.fileChanged.name=File Changed
 MiscTypes.message.name=Messages
 MiscTypes.GPSRoutes.name=GPS Routes
 MiscTypes.GPSTrackpoint.name=GPS Trackpoint
-MiscTypes.Calls.name=Call Start
+MiscTypes.Calls.name=Call Begin
 MiscTypes.CallsEnd.name=Call End
 MiscTypes.Email.name=Email Sent
 MiscTypes.EmailRcvd.name=Email Received
 MiscTypes.recentDocuments.name=Recent Documents
-MiscTypes.installedPrograms.name=Installed Programs
+MiscTypes.installedPrograms.name=Program Installed
 MiscTypes.exif.name=Exif
 MiscTypes.devicesAttached.name=Devices Attached
 MiscTypes.LogEntry.name=Log Entry
@@ -348,7 +348,7 @@ MiscTypes.GPSTrack.name=GPS Track
 MiscTypes.metadataLastPrinted.name=Document Last Printed
 MiscTypes.metadataLastSaved.name=Document Last Saved
 MiscTypes.metadataCreated.name=Document Created
-MiscTypes.programexecuted.name=Program Execution
+MiscTypes.programexecuted.name=Program Run
 RootEventType.eventTypes.name=Event Types
 WebTypes.webDownloads.name=Web Downloads
 WebTypes.webCookies.name=Web Cookies Create
@@ -404,15 +404,13 @@ Significance.LikelyNone.displayName.text=Likely Not Notable
 Significance.LikelyNotable.displayName.text=Likely Notable
 Significance.None.displayName.text=Not Notable
 Significance.Notable.displayName.text=Notable
-TimelineEventType.BackupEvent.txt=Backup Event
-TimelineEventType.BackupEventStart.txt=Backup Event Start
-TimelineEventType.BackupEventEnd.txt=Backup Event End
-TimelineEventType.BackupEvent.description=Backup Event
-TimelineEventType.BackupEvent.description.start=Backup Event Started
-TimelineEventType.BackupEvent.description.end=Backup Event Ended
+TimelineEventType.BackupEventStart.txt=Backup Begin
+TimelineEventType.BackupEventEnd.txt=Backup End
+TimelineEventType.BackupEvent.description.start=Backup Begin
+TimelineEventType.BackupEvent.description.end=Backup End
 TimelineEventType.BluetoothPairingLastConnection.txt=Bluetooth Pairing Last Connection
 TimelineEventType.BluetoothPairing.txt=Bluetooth Pairing
-TimelineEventType.CalendarEntryStart.txt=Calendar Entry Start
+TimelineEventType.CalendarEntryStart.txt=Calendar Entry Begin
 TimelineEventType.CalendarEntryEnd.txt=Calendar Entry End
 TimelineEventType.DeletedProgram.txt=Program Deleted 
 TimelineEventType.DeletedProgramDeleted.txt=Application Deleted
@@ -423,13 +421,11 @@ TimelineEventType.OSAccountPwdReset.txt=Operating System Account Password Reset
 TimelineEventType.OSInfo.txt=Operating System Information
 TimelineEventType.ProgramNotification.txt=Program Notification
 TimelineEventType.ScreenShot.txt=Screen Shot
-TimelineEventType.UserDeviceEvent.txt=User Device Event
-TimelineEventType.UserDeviceEventStart.txt=User Device Event Start
-TimelineEventType.UserDeviceEventEnd.txt=User Device Event End
+TimelineEventType.UserDeviceEventStart.txt=User Activity Begin
+TimelineEventType.UserDeviceEventEnd.txt=User Activity End
 TimelineEventType.ServiceAccount.txt=Service Account
 TimelineEventType.WIFINetwork.txt=Wifi Network
 TimelineEventType.WebCache.text=Web Cache
-TimelineEventType.InstalledProgram.txt=Installed Program
 TimelineEventType.BluetoothAdapter.txt=Bluetooth Adapter
 BaseTypes.geolocation.name=Geolocation
 BaseTypes.communication.name=Communication

bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java

@@ -229,12 +229,12 @@ public int compare(TimelineEventType o1, TimelineEventType o2) {
 					EXIF, GPS_BOOKMARK, GPS_LAST_KNOWN_LOCATION, GPS_TRACKPOINT,
 					GPS_ROUTE, GPS_SEARCH, GPS_TRACK, INSTALLED_PROGRAM, LOG_ENTRY, MESSAGE,
 					METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, PROGRAM_EXECUTION,
-					RECENT_DOCUMENTS, REGISTRY, BACKUP_EVENT_START, BACKUP_EVENT, BACKUP_EVENT_END,
+					RECENT_DOCUMENTS, REGISTRY, BACKUP_EVENT_START, BACKUP_EVENT_END,
 					BLUETOOTH_PAIRING, CALENDAR_ENTRY_START, CALENDAR_ENTRY_END,
-					DELETE_PROGRAM, DELETE_PROGRAM_DELETED,
-					OS_INFO, WIFI_NETWORK, USER_DEVICE_EVENT, USER_DEVICE_EVENT_START, USER_DEVICE_EVENT_END,
+					PROGRAM_DELETED,
+					OS_INFO, WIFI_NETWORK, USER_DEVICE_EVENT_START, USER_DEVICE_EVENT_END,
 					SERVICE_ACCOUNT, SCREEN_SHOT, PROGRAM_NOTIFICATION,
-					BLUETOOTH_PAIRING_ACCESSED, BLUETOOTH_ADAPTER, INSTALLED_PROG);
+					BLUETOOTH_PAIRING_ACCESSED, BLUETOOTH_ADAPTER);
 
 			return builder.build();
 		}
@@ -674,18 +674,7 @@ public SortedSet< TimelineEventType> getChildren() {
 			new EmptyExtractor(),
 			new EmptyExtractor());
 	
-	TimelineEventType BACKUP_EVENT = new TimelineEventArtifactTypeImpl(44,
-			getBundle().getString("TimelineEventType.BackupEvent.txt"),// NON-NLS
-			MISC_TYPES,
-			new BlackboardArtifact.Type(TSK_BACKUP_EVENT),
-			new BlackboardAttribute.Type(TSK_DATETIME),
-			artf -> {
-				return getBundle().getString("TimelineEventType.BackupEvent.description");
-			},
-			new EmptyExtractor(),
-			new EmptyExtractor());
-	
-	TimelineEventType BACKUP_EVENT_END = new TimelineEventArtifactTypeImpl(45,
+	TimelineEventType BACKUP_EVENT_END = new TimelineEventArtifactTypeImpl(44,
 			getBundle().getString("TimelineEventType.BackupEventEnd.txt"),// NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_BACKUP_EVENT),
@@ -696,64 +685,56 @@ public SortedSet< TimelineEventType> getChildren() {
 			new EmptyExtractor(),
 			new EmptyExtractor());
 	
-	TimelineEventType BLUETOOTH_PAIRING = new TimelineEventArtifactTypeSingleDescription(46,
+	TimelineEventType BLUETOOTH_PAIRING = new TimelineEventArtifactTypeSingleDescription(45,
 			getBundle().getString("TimelineEventType.BluetoothPairing.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_BLUETOOTH_PAIRING),
 			new BlackboardAttribute.Type(TSK_DATETIME),
 			new BlackboardAttribute.Type(TSK_DEVICE_NAME));
 	
-	TimelineEventType CALENDAR_ENTRY_START = new TimelineEventArtifactTypeSingleDescription(47,
+	TimelineEventType CALENDAR_ENTRY_START = new TimelineEventArtifactTypeSingleDescription(46,
 			getBundle().getString("TimelineEventType.CalendarEntryStart.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_CALENDAR_ENTRY),
 			new BlackboardAttribute.Type(TSK_DATETIME_START),
 			new BlackboardAttribute.Type(TSK_DESCRIPTION));
 	
-	TimelineEventType CALENDAR_ENTRY_END = new TimelineEventArtifactTypeSingleDescription(48,
+	TimelineEventType CALENDAR_ENTRY_END = new TimelineEventArtifactTypeSingleDescription(47,
 			getBundle().getString("TimelineEventType.CalendarEntryEnd.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_CALENDAR_ENTRY),
 			new BlackboardAttribute.Type(TSK_DATETIME_END),
 			new BlackboardAttribute.Type(TSK_DESCRIPTION));
 	
-	TimelineEventType DELETE_PROGRAM = new TimelineEventArtifactTypeSingleDescription(49,
+	TimelineEventType PROGRAM_DELETED = new TimelineEventArtifactTypeSingleDescription(48,
 			getBundle().getString("TimelineEventType.DeletedProgram.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_DELETED_PROG),
 			new BlackboardAttribute.Type(TSK_DATETIME),
-			new BlackboardAttribute.Type(TSK_PROG_NAME));
-	
-	TimelineEventType DELETE_PROGRAM_DELETED = new TimelineEventArtifactTypeSingleDescription(50,
-			getBundle().getString("TimelineEventType.DeletedProgramDeleted.txt"),//NON-NLS
-			MISC_TYPES,
-			new BlackboardArtifact.Type(TSK_DELETED_PROG),
-			new BlackboardAttribute.Type(TSK_DATETIME_DELETED),
-			new BlackboardAttribute.Type(TSK_PROG_NAME));
-	
+			new BlackboardAttribute.Type(TSK_PROG_NAME));	
 	
-	TimelineEventType OS_INFO = new TimelineEventArtifactTypeSingleDescription(51,
+	TimelineEventType OS_INFO = new TimelineEventArtifactTypeSingleDescription(49,
 			getBundle().getString("TimelineEventType.OSInfo.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_OS_INFO),
 			new BlackboardAttribute.Type(TSK_DATETIME),
 			new BlackboardAttribute.Type(TSK_PROG_NAME));
 
-	TimelineEventType PROGRAM_NOTIFICATION = new TimelineEventArtifactTypeSingleDescription(52,
+	TimelineEventType PROGRAM_NOTIFICATION = new TimelineEventArtifactTypeSingleDescription(50,
 			getBundle().getString("TimelineEventType.ProgramNotification.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_PROG_NOTIFICATIONS),
 			new BlackboardAttribute.Type(TSK_DATETIME),
 			new BlackboardAttribute.Type(TSK_PROG_NAME));
 	
-	TimelineEventType SCREEN_SHOT = new TimelineEventArtifactTypeSingleDescription(53,
+	TimelineEventType SCREEN_SHOT = new TimelineEventArtifactTypeSingleDescription(51,
 			getBundle().getString("TimelineEventType.ScreenShot.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_SCREEN_SHOTS),
 			new BlackboardAttribute.Type(TSK_DATETIME),
 			new BlackboardAttribute.Type(TSK_PROG_NAME));
 		
-	TimelineEventType SERVICE_ACCOUNT = new TimelineEventArtifactTypeImpl(54,
+	TimelineEventType SERVICE_ACCOUNT = new TimelineEventArtifactTypeImpl(52,
 			getBundle().getString("TimelineEventType.ServiceAccount.txt"),// NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_SERVICE_ACCOUNT),
@@ -766,21 +747,7 @@ public SortedSet< TimelineEventType> getChildren() {
 			new EmptyExtractor(),
 			new EmptyExtractor());
 	
-	TimelineEventType USER_DEVICE_EVENT = new TimelineEventArtifactTypeImpl(55,
-			getBundle().getString("TimelineEventType.UserDeviceEvent.txt"),// NON-NLS
-			MISC_TYPES,
-			new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT),
-			new BlackboardAttribute.Type(TSK_DATETIME),
-			artf -> {
-				String progName = stringValueOf(getAttributeSafe(artf, new Type(TSK_PROG_NAME)));
-				String activityType = stringValueOf(getAttributeSafe(artf, new Type(TSK_ACTIVITY_TYPE)));
-				String connectionType = stringValueOf(getAttributeSafe(artf, new Type(TSK_VALUE)));
-				return String.format("Program Name: %s Activity Type: %s Connection Type: %s", progName, activityType, connectionType);
-			},
-			new EmptyExtractor(),
-			new EmptyExtractor());
-	
-	TimelineEventType USER_DEVICE_EVENT_START = new TimelineEventArtifactTypeImpl(56,
+	TimelineEventType USER_DEVICE_EVENT_START = new TimelineEventArtifactTypeImpl(53,
 			getBundle().getString("TimelineEventType.UserDeviceEventStart.txt"),// NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT),
@@ -794,7 +761,7 @@ public SortedSet< TimelineEventType> getChildren() {
 			new EmptyExtractor(),
 			new EmptyExtractor());
 	
-	TimelineEventType USER_DEVICE_EVENT_END = new TimelineEventArtifactTypeImpl(57,
+	TimelineEventType USER_DEVICE_EVENT_END = new TimelineEventArtifactTypeImpl(54,
 			getBundle().getString("TimelineEventType.UserDeviceEventEnd.txt"),// NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_USER_DEVICE_EVENT),
@@ -808,42 +775,35 @@ public SortedSet< TimelineEventType> getChildren() {
 			new EmptyExtractor(),
 			new EmptyExtractor());
 	
-	TimelineEventType WEB_CACHE = new URLArtifactEventType(58,
+	TimelineEventType WEB_CACHE = new URLArtifactEventType(55,
 			getBundle().getString("TimelineEventType.WebCache.text"),// NON-NLS
 			WEB_ACTIVITY,
 			new BlackboardArtifact.Type(TSK_WEB_CACHE),
 			new Type(TSK_DATETIME_CREATED),
 			new Type(TSK_URL));
 	
-	TimelineEventType WIFI_NETWORK = new TimelineEventArtifactTypeSingleDescription(59,
+	TimelineEventType WIFI_NETWORK = new TimelineEventArtifactTypeSingleDescription(56,
 			getBundle().getString("TimelineEventType.WIFINetwork.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_WIFI_NETWORK),
 			new BlackboardAttribute.Type(TSK_DATETIME),
 			new BlackboardAttribute.Type(TSK_SSID));
 	
-	TimelineEventType INSTALLED_PROG = new TimelineEventArtifactTypeSingleDescription(60,
-			getBundle().getString("TimelineEventType.InstalledProgram.txt"),//NON-NLS
-			MISC_TYPES,
-			new BlackboardArtifact.Type(TSK_INSTALLED_PROG),
-			new BlackboardAttribute.Type(TSK_DATETIME_CREATED),
-			new BlackboardAttribute.Type(TSK_PROG_NAME));
-	
-	TimelineEventType WEB_HISTORY_CREATED = new URLArtifactEventType(61,
+	TimelineEventType WEB_HISTORY_CREATED = new URLArtifactEventType(57,
 			getBundle().getString("WebTypes.webHistoryCreated.name"),// NON-NLS
 			WEB_ACTIVITY,
 			new BlackboardArtifact.Type(TSK_WEB_HISTORY),
 			new Type(TSK_DATETIME_CREATED),
 			new Type(TSK_URL));
 	
-	TimelineEventType BLUETOOTH_ADAPTER = new TimelineEventArtifactTypeSingleDescription(62,
+	TimelineEventType BLUETOOTH_ADAPTER = new TimelineEventArtifactTypeSingleDescription(58,
 			getBundle().getString("TimelineEventType.BluetoothAdapter.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_BLUETOOTH_ADAPTER),
 			new BlackboardAttribute.Type(TSK_DATETIME),
 			new BlackboardAttribute.Type(TSK_NAME));
 	
-	TimelineEventType BLUETOOTH_PAIRING_ACCESSED = new TimelineEventArtifactTypeSingleDescription(63,
+	TimelineEventType BLUETOOTH_PAIRING_ACCESSED = new TimelineEventArtifactTypeSingleDescription(59,
 			getBundle().getString("TimelineEventType.BluetoothPairingLastConnection.txt"),//NON-NLS
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_BLUETOOTH_PAIRING),