Updated catalog

965a7bd0 · Ann Priestman · 6fce61da · 965a7bd0 · 965a7bd0
Commit 965a7bd0 authored 5 years ago by Ann Priestman
--- a/bindings/java/doxygen/artifact_catalog.dox
+++ b/bindings/java/doxygen/artifact_catalog.dox
@@ -359,7 +359,7 @@ Indication that the source file matches some set of criteria (possibly user defi
 - TSK_SET_NAME (The name of the set of criteria which deemed this file interesting)
 ### OPTIONAL ATTRIBUTES
- TSK_COMMENT (Comment on the reason that the source artifact is interesting)=
+- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
 - TSK_CATEGORY (The set membership rule that was satisfied. I.e. a particular mime)
@@ -404,12 +404,10 @@ A message that is found in some content.
 ---
 ## TSK_METADATA
+General metadata for some content.
+### REQUIRED ATTRIBUTES
+None
---
-## TSK_USER_CONTENT_SUSPECTED
@@ -494,17 +492,16 @@ The number of times a program/application was run.
 ### REQUIRED ATTRIBUTES
 - TSK_PROG_NAME (Name of the application)
- TSK_COUNT (Number of times program was run, should be atleast 1)
+- TSK_COUNT (Number of times program was run, should be at least 1)
 ### OPTIONAL ATTRIBUTES
- TSK_ASSOCIATED_ARTIFACT
 - TSK_DATETIME (Timestamp that application was run last, in seconds since 1970-01-01T00:00:00Z)
 ---
 ## TSK_RECENT_OBJECT
-Indicates recently accessed content. Example: Recent Documents or Recent Downloads.
+Indicates recently accessed content. Examples: Recent Documents or Recent Downloads menu items on Windows.
 ### REQUIRED ATTRIBUTES
 - TSK_PATH (Path to the recent object content in the data source)
@@ -527,7 +524,7 @@ Details about a remote drive found in the data source.
 - TSK_REMOTE_PATH (Fully qualified UNC path to the remote drive)
 ### OPTIONAL ATTRIBUTES
- TSK_LOCAL_PATH (The local path of this remote drive. This path may be mapped, ex. D:/' or F:/')
+- TSK_LOCAL_PATH (The local path of this remote drive. This path may be mapped, e.g., 'D:/' or 'F:/')
@@ -536,62 +533,57 @@ Details about a remote drive found in the data source.
 An application or web user account.
 ### REQUIRED ATTRIBUTES
- TSK_PROG_NAME (The name of the service, i.e. Netflix)
+- TSK_PROG_NAME (The name of the service, e.g., Netflix)
 - TSK_USER_ID (User ID of the service account)
 ### OPTIONAL ATTRIBUTES
- TSK_CATEGORY (Type of service. I.e. Web, TV, Messaging)
+- TSK_CATEGORY (Type of service, e.g., Web, TV, Messaging)
- TSK_DATETIME_CREATED (Timestamp that this service account was created, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_CREATED (When this service account was created, in seconds since 1970-01-01T00:00:00Z)
 - TSK_DESCRIPTION (Name of the mailbox, if this is an email account)
- TSK_DOMAIN
+- TSK_DOMAIN (The sign on realm)
 - TSK_EMAIL_REPLYTO (Email reply to address, if this is an email account)
 - TSK_NAME (Display name of the user account)
 - TSK_PASSWORD (Password of the service account)
 - TSK_PATH (Path to the application installation, if it is local)
 - TSK_SERVER_NAME (Name of the mail server, if this is an email account)
- TSK_URL (Url of the service, if the service is web based)
+- TSK_URL (URL of the service, if the service is a Web service)
- TSK_URL_DECODED
+- TSK_URL_DECODED (Decoded URL of the service, if the service is a Web service)
 - TSK_USER_NAME (User name of the service account)
 ---
 ## TSK_SIM_ATTACHED
-Details about a SIM card that was physically attached to the device. This event may be stored by an application or OS.
+Details about a SIM card that was physically attached to the device.
 ### REQUIRED ATTRIBUTES
 - At least one of:
 - TSK_ICCID (ICCID number of this SIM card)
 - TSK_IMSI (IMSI number of this SIM card)
-### OPTIONAL ATTRIBUTES
- None.
 ---
 ## TSK_SPEED_DIAL_ENTRY
-A speed dial entry found in an application, file or database.
+A speed dial entry.
 ### REQUIRED ATTRIBUTES
 - TSK_PHONE_NUMBER (Phone number of the speed dial entry)
 ### OPTIONAL ATTRIBUTES
 - TSK_NAME_PERSON (Contact name of the speed dial entry)
- TSK_SHORTCUT (Keystroke shortcut)
+- TSK_SHORTCUT (Keyboard shortcut)
 ---
 ## TSK_TL_EVENT
-A special case artifact intended to be used by the Timeline UI.
+An event in the timeline of a case.
 ### REQUIRED ATTRIBUTES
- TSK_TL_EVENT_TYPE (The type of the event, e.g., 
+- TSK_TL_EVENT_TYPE (The type of the event, e.g., aTimelineEventType) 
- TSK_DATETIME (The time
+- TSK_DATETIME (When the event occurred, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DESCRIPTION (A description of the event)
-### OPTIONAL ATTRIBUTES
- TSK_DESCRIPTION ?
@@ -600,10 +592,7 @@ A special case artifact intended to be used by the Timeline UI.
 An indication that some media file content was generated by the user.
 ### REQUIRED ATTRIBUTES
- TSK_DESCRIPTION (Description of the entry, such as a note)
+- TSK_COMMENT (The reason why user-generated content is suspected)
-### OPTIONAL ATTRIBUTES
- None.
@@ -614,14 +603,11 @@ An indication that some data did not pass verification. One example would be ver
 ### REQUIRED ATTRIBUTES
 - TSK_COMMENT (Reason for failure, what failed)
-### OPTIONAL ATTRIBUTES
- None.
 ---
 ## TSK_WEB_BOOKMARK
-A web bookmark entry found in an application, file or database.
+A web bookmark entry.
 ### REQUIRED ATTRIBUTES
 - TSK_URL (Bookmarked URL)
@@ -637,49 +623,49 @@ A web bookmark entry found in an application, file or database.
 ---
 ## TSK_WEB_CACHE
-A web cache entry found in an application, file or database. The resource that was cached may or may not be present in the data source.
+A web cache entry. The resource that was cached may or may not be present in the data source.
 ### REQUIRED ATTRIBUTES
 - TSK_PATH (Path to the source cache file. There are typically many cache files which each contain many cached resources)
 - TSK_URL (URL of the resource cached in this entry)
 ### OPTIONAL ATTRIBUTES
- TSK_DATETIME_CREATED (Creation date of the cache entry)
+- TSK_DATETIME_CREATED (Creation date of the cache entry, in seconds since 1970-01-01T00:00:00Z)
- TSK_HEADERS (HTTP Headers on cache entry)
+- TSK_HEADERS (HTTP headers on cache entry)
- TSK_PATH_ID (Object id of the source cache file)
+- TSK_PATH_ID (Object ID of the source cache file)
 ---
 ## TSK_WEB_COOKIE
-A web cookie found in an application, file or database.
+A Web cookie found.
 ### REQUIRED ATTRIBUTES
 - TSK_URL (Source URL of the web cookie)
- TSK_NAME (The web cookie name attribute, ex. sessionToken)
+- TSK_NAME (The Web cookie name attribute, e.g., sessionToken)
- TSK_VALUE (The web cookie value attribute)
+- TSK_VALUE (The Web cookie value attribute)
 ### OPTIONAL ATTRIBUTES
- TSK_DATETIME_CREATED (Datetime this web cookie was created, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_CREATED (Datetime the Web cookie was created, in seconds since 1970-01-01T00:00:00Z)
- TSK_DATETIME_END (Expiration datetime of the web cookie, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_START (Datetime the Web cookie session was started, in seconds since 1970-01-01T00:00:00Z)
- TSK_DATETIME_START (Datetime this web cookie session was started, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_END (Expiration datetime of the Web cookie, in seconds since 1970-01-01T00:00:00Z)
- TSK_DOMAIN (The domain this web cookie serves)
+- TSK_DOMAIN (The domain the Web cookie serves)
- TSK_PROG_NAME (Name of the application or application extractor that stored this web cookie)
+- TSK_PROG_NAME (Name of the application or application extractor that stored the Web cookie)
- TSK_PATH (Path to the file containing the web cookie in the data source)
+- TSK_PATH (Path to the file containing the Web cookie in the data source)
 ---
 ## TSK_WEB_DOWNLOAD
-A web download entry found in an application, file or database. The downloaded resource may or may not be present in the data source.
+A Web download. The downloaded resource may or may not be present in the data source.
 ### REQUIRED ATTRIBUTES
 - TSK_URL (URL that hosts this downloaded resource)
 ### OPTIONAL ATTRIBUTES
 - TSK_DATETIME_ACCESSED (Last accessed timestamp, in seconds since 1970-01-01T00:00:00Z)
- TSK_DOMAIN (Domain that hosted this downloaded resource)
+- TSK_DOMAIN (Domain that hosted the downloaded resource)
- TSK_PATH_ID (ID of the file instance in the data source)
+- TSK_PATH_ID (Object ID of the file instance in the data source)
 - TSK_PATH (Path to the downloaded resource in the datasource)
 - TSK_PROG_NAME (Name of the application or application extractor that downloaded this resource)
@@ -687,24 +673,24 @@ A web download entry found in an application, file or database. The downloaded r
 ---
 ## TSK_WEB_FORM_ADDRESS
-Contains autofill data for a person's address. Form data is usually saved by a web browser.
+Contains autofill data for a person's address. Form data is usually saved by a Web browser.
 ### REQUIRED ATTRIBUTES
- TSK_LOCATION (The address of the person. Ex: 123 Main St.)
+- TSK_LOCATION (The address of the person, e.g., 123 Main St.)
 ### OPTIONAL ATTRIBUTES
- TSK_COUNT (Number of times this web form data was used)
+- TSK_COUNT (Number of times the Web form data was used)
- TSK_DATETIME_ACCESSED (Last accessed timestamp of this web form data, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_ACCESSED (Last accessed timestamp of the Web form data, in seconds since 1970-01-01T00:00:00Z)
- TSK_DATETIME_MODIFIED (Last modified timestamp of this web form data, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_MODIFIED (Last modified timestamp of the Web form data, in seconds since 1970-01-01T00:00:00Z)
- TSK_EMAIL (Email of the person that this address is associated with)
+- TSK_EMAIL (Email address from the form data)
- TSK_NAME_PERSON (Name of the person that this address is associated with)
+- TSK_NAME_PERSON (Name of a person from the form data)
- TSK_PHONE_NUMBER (Phone number of the person that this address is associated with)
+- TSK_PHONE_NUMBER (Phone number from the form data)
 ---
 ## TSK_WEB_FORM_AUTOFILL
-Contains autofill data for a web form. Form data is usually saved by a web browser. Each field value pair in the form should be stored in seperate artifacts.
+Contains autofill data for a Web form. Form data is usually saved by a Web browser. Each field value pair in the form should be stored in separate artifacts.
 ### REQUIRED ATTRIBUTES
 - One pair of:
@@ -712,67 +698,64 @@ Contains autofill data for a web form. Form data is usually saved by a web brows
 - TSK_VALUE (Value of the autofill field)
 ### OPTIONAL ATTRIBUTES
- TSK_COUNT (Number of times this web form data has been used)
+- TSK_COUNT (Number of times this Web form data has been used)
- TSK_DATETIME_ACCESSED (Datetime this web form data was last accessed, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_CREATED (Datetime this Web form autofill data was created, in seconds since 1970-01-01T00:00:00Z)
- TSK_DATETIME_CREATED (Datetime this web form autofill data was created, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_ACCESSED (Datetime this Web form data was last accessed, in seconds since 1970-01-01T00:00:00Z)
 ---
 ## TSK_WEB_HISTORY
-A web history entry in an application, file or database. This indicates that the device or some user visited the web page.
+A Web history entry. 
 ### REQUIRED ATTRIBUTES
- TSK_URL (The visited URL)
+- TSK_URL (The URL)
 ### OPTIONAL ATTRIBUTES
- TSK_DATETIME_ACCESSED (The datetime this URL was accessed, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_ACCESSED (The datetime the URL was accessed, in seconds since 1970-01-01T00:00:00Z)
 - TSK_DOMAIN (The domain name of the URL)
- TSK_PROG_NAME (The application or application extractor that stored this web history entry)
+- TSK_PROG_NAME (The application or application extractor that stored this Web history entry)
- TSK_REFERRER (The URL of the web page that linked to this page)
+- TSK_REFERRER (The URL of a Web page that linked to the page)
- TSK_TITLE (Title of the web page that was visited)
+- TSK_TITLE (Title of the Web page that was visited)
- TSK_URL_DECODED
+- TSK_URL_DECODED (The decoded URL)
- TSK_USER_NAME (Name of the user that viewed the web page)
+- TSK_USER_NAME (Name of the user that viewed the Web page)
 ---
 ## TSK_WEB_SEARCH_QUERY
-Details about a web search query that was found in an application, file or database.
+Details about a Web search query.
 ### REQUIRED ATTRIBUTES
 - TSK_TEXT (Web search query text)
 ### OPTIONAL ATTRIBUTES
- TSK_DATETIME_ACCESSED (The datetime this web search query was last used, in seconds since 1970-01-01T00:00:00Z)
+- TSK_DATETIME_ACCESSED (When the Web search query was last used, in seconds since 1970-01-01T00:00:00Z)
 - TSK_DOMAIN (Domain of the search engine used to execute the query)
- TSK_PROG_NAME (Application or application extractor that stored the web search query)
+- TSK_PROG_NAME (Application or application extractor that stored the Web search query)
 ---
 ## TSK_WIFI_NETWORK
-Details about a WiFi network. These may be stored by an application or OS upon connection.
+Details about a WiFi network.
 ### REQUIRED ATTRIBUTES
- TSK_SSID (The name of the wifi network)
+- TSK_SSID (The name of the WiFi network)
 ### OPTIONAL ATTRIBUTES
- TSK_DATETIME (Timestamp about this WiFi network, in seconds since 1970-01-01T00:00:00Z. This timestamp could be last connected time or creation time)
+- TSK_DATETIME (Timestamp, in seconds since 1970-01-01T00:00:00Z. This timestamp could be last connected time or creation time)
- TSK_DEVICE_ID (String that uniquely identifies the wifi network)
+- TSK_DEVICE_ID (String that uniquely identifies the WiFi network)
 ---
 ## TSK_WIFI_NETWORK_ADAPTER
-Details about a WiFi adapter. These may be stored by an application or OS.
+Details about a WiFi adapter.
 ### REQUIRED ATTRIBUTES
 - TSK_MAC_ADDRESS (Mac address of the adapter)
-### OPTIONAL ATTRIBUTES
- None.

--- a/bindings/java/doxygen/blackboard.dox
+++ b/bindings/java/doxygen/blackboard.dox
@@ -18,10 +18,7 @@ The second special type of artifact is the TSK_ASSOCIATED_OBJECT. All artifacts
 \section jni_bb_access Accessing the Blackboard
-Java modules can access the blackboard from either org.sleuthkit.datamodel.SleuthkitCase or a org.sleuthkit.datamodel.Content object.  The methods associated with org.sleuthkit.datamodel.Content all limit the Blackboard to a specific file.  
+Java modules can access the blackboard from either org.sleuthkit.datamodel.SleuthkitCase or a org.sleuthkit.datamodel.Content object.  The methods associated with org.sleuthkit.datamodel.Content all limit the Blackboard to a specific file.
-Refer to the <a href="http://wiki.sleuthkit.org/index.php?title=Artifact_Examples">artifact examples wiki page</a> for artifact and attribute combinations that are commonly used. 
 \subsection jni_bb_access_post Posting to the Blackboard