Updates to timeline schema description.

bindings/java/doxygen/db_schema_8_6.dox

@@ -234,8 +234,8 @@ Stores non-directional relationships between two accounts if they communicated o
 - **data_source_obj_id** - Id of the data source this relationship came from (from obj_id in data_source_info)
 
 # Timeline
-Stores data used to populate various timelines. It is highly recommended to use 
-the org.sleuthkit.datamodel.TimelineManager API to create/access this type of data.
+Stores data used to populate various timelines. Two tables are used to reduce data duplication. It is highly recommended to use 
+the org.sleuthkit.datamodel.TimelineManager API to create/access this type of data.  
 
 ## tsk_event_types
 Stores the types for events. The super_type_id column is used to arrange the types into a tree.
@@ -244,19 +244,19 @@ Stores the types for events. The super_type_id column is used to arrange the typ
 - **super_type_id** - Parent type for this type (used for building heirarchy; references the event_type_id in this table)
 
 ## tsk_event_descriptions
-Stores descriptions of each event. Note that the combination of the full_description, content_obj_id, and artifact_id columns must be unique.
+Stores descriptions of an event. This table exists to reduce duplicate data that is common to events. For example, a file will have only one row in tsk_event_descriptions, but could have 4+ rows in tsk_events that all refer to the same description. Note that the combination of the full_description, content_obj_id, and artifact_id columns must be unique.
 - **event_description_id** - Id for this event description
-- **full_description** - Full length description of this event (required)
-- **med_description** - Medium length description of this event (may be null)
-- **short_description** - Short length description of this event (may be null)
-- **data_source_obj_id** -  Object id of the data source for  the event source (references obj_id column in data_source_info)
-- **content_obj_id** - Object id of the content that is either the direct or indirect source of this event (references obj_id column in tsk_objects)
-- **artifact_id** - Id of the artifact (references artifact_id column in blackboard_artifacts) that is the source of this event (may be null)
+- **full_description** - Full length description of this event (required).  For example, the full file path including file name. 
+- **med_description** - Medium length description of this event (may be null).  For example, a file may have only the first three folder names.
+- **short_description** - Short length description of this event (may be null).  For example, a file may have only its first folder name. 
+- **data_source_obj_id** -  Object id of the data source for the event source (references obj_id column in data_source_info)
+- **content_obj_id** - If the event is from a non-artifact, then this is the object id from that source.  If the event is from an artifact, then this is the object id of the artifact's source. (references obj_id column in tsk_objects)
+- **artifact_id** - If this event is from a non-artifact, this is null. If the event is from an artifact, then this is the id of the artifact (references artifact_id column in blackboard_artifacts) (may be null)
 - **hash_hit** - 1 if the file associated with this event has a hash set hit, 0 otherwise
 - **tagged** - 1 if the direct source of this event has been tagged, 0 otherwise
 
 ## tsk_events
-Stores each event.
+Stores each event. A file, artifact, or other type of content can have several rows in this table. One for each time stamp. 
 - **event_id** - Id for this event
 - **event_type_id** - Event type id (references event_type_id column in tsk_event_types)
 - **event_description_id** - Event description id (references event_description_id column in tsk_event_descriptions)