diff --git a/bindings/java/doxygen/artifact_catalog.dox b/bindings/java/doxygen/artifact_catalog.dox
index 466a53b420eb01e732f5b90a73e5bfc6014bd3a3..721665ab71d2e46e1998cb5ad1ebeb1ea6e2fbba 100644
--- a/bindings/java/doxygen/artifact_catalog.dox
+++ b/bindings/java/doxygen/artifact_catalog.dox
@@ -4,7 +4,9 @@
# Introduction
This document reflects current standard usage of artifact and attribute types for posting analysis results to the case blackboard in Autopsy. Refer to \ref mod_bbpage for more background on the blackboard and how to make artifacts.
-The catalog section below has one entry for each standard artifact type. Each entry lists the required and optional attributes of artifacts of the type.
+The catalog section below has one entry for each standard artifact type divided by categories. Each entry lists the required and optional attributes of artifacts of the type. The category types are:
+- \ref art_catalog_analysis "Analysis Result": Result from an analysis technique on a given object with a given configuration. Includes Conclusion, Relevance Score, and Confidence.
+- \ref art_catalog_data "Data Artifact": Data that was originally embedded by an application/OS in a file or other data container.
NOTE:
- While we have listed some attributes as "Required", nothing will enforce that they exist. Modules that use artifacts from the blackboard should assume that some of the attributes may not actually exist.
@@ -15,9 +17,143 @@ For the full list of types, refer to:
- org.sleuthkit.datamodel.BlackboardAttribute.ATTRIBUTE_TYPE
-<h1>Artifacts Catalog</h1>
+\section art_catalog_analysis Analysis Result Types
-In alphabetical order.
+---
+## TSK_DATA_SOURCE_USAGE
+Describes how a data source was used, e.g., as a SIM card or an OS drive (such as for Windows or Android).
+
+### REQUIRED ATTRIBUTES
+- TSK_DESCRIPTION (Description of the usage, e.g., "OS Drive (Windows Vista)").
+
+---
+## TSK_ENCRYPTION_DETECTED
+An indication that the content is encrypted.
+
+### REQUIRED ATTRIBUTES
+- TSK_COMMENT (A comment on the encryption, e.g., encryption type or password)
+
+---
+## TSK_ENCRYPTION_SUSPECTED
+An indication that the content is likely encrypted.
+
+### REQUIRED ATTRIBUTES
+- TSK_COMMENT (Reason for suspecting encryption)
+
+---
+## TSK_EXT_MISMATCH_DETECTED
+An indication that the registered extensions for a file's mime type do not match the file's extension.
+
+### REQUIRED ATTRIBUTES
+None
+
+---
+## TSK_FACE_DETECTED
+An indication that a human face was detected in some content.
+
+### REQUIRED ATTRIBUTES
+None
+
+---
+## TSK_HASHSET_HIT
+Indicates that the MD5 hash of a file matches a set of known MD5s (possibly user defined).
+
+### REQUIRED ATTRIBUTES
+- TSK_SET_NAME (Name of hashset containing the file's MD5)
+
+### OPTIONAL ATTRIBUTES
+- TSK_COMMENT (Additional comments about the hit)
+
+---
+## TSK_INTERESTING_ARTIFACT_HIT
+Indicates that the source artifact matches some set of criteria which deem it interesting. Artifacts with this meta artifact will be brought to the attention of the user.
+
+### REQUIRED ATTRIBUTES
+- TSK_ASSOCIATED_ARTIFACT (The source artifact)
+- TSK_SET_NAME (The name of the set of criteria which deemed this artifact interesting)
+
+### OPTIONAL ATTRIBUTES
+- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
+- TSK_CATEGORY (The set membership rule that was satisfied)
+
+---
+## TSK_INTERESTING_FILE_HIT
+Indication that the source file matches some set of criteria (possibly user defined) which deem it interesting. Files with this artifact will be brought to the attention of the user.
+
+### REQUIRED ATTRIBUTES
+- TSK_SET_NAME (The name of the set of criteria which deemed this file interesting)
+
+### OPTIONAL ATTRIBUTES
+- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
+- TSK_CATEGORY (The set membership rule that was satisfied. I.e. a particular mime)
+
+---
+## TSK_KEYWORD_HIT
+Indication that the source artifact or file contains a keyword. Keywords are grouped into named sets.
+
+### REQUIRED ATTRIBUTES
+- TSK_KEYWORD (Keyword that was found in the artifact or file)
+- TSK_KEYWORD_SEARCH_TYPE (Specifies the type of match, e.g., an exact match, a substring match, or a regex match)
+- TSK_SET_NAME (The set name that the keyword was contained in)
+- TSK_KEYWORD_REGEXP (The regular expression that matched, only required for regex matches)
+- TSK_ASSOCIATED_ARTIFACT (Only required if the keyword hit source is an artifact)
+
+### OPTIONAL ATTRIBUTES
+- TSK_KEYWORD_PREVIEW (Snippet of text around keyword)
+
+---
+## TSK_OBJECT_DETECTED
+Indicates that an object was detected in a media file. Typically used by computer vision software to classify images.
+
+### REQUIRED ATTRIBUTES
+- TSK_COMMENT (What was detected)
+
+### OPTIONAL ATTRIBUTES
+- TSK_DESCRIPTION (Additional comments about the object or observer, e.g., what detected the object)
+
+---
+## TSK_USER_CONTENT_SUSPECTED
+An indication that some media file content was generated by the user.
+
+### REQUIRED ATTRIBUTES
+- TSK_COMMENT (The reason why user-generated content is suspected)
+
+---
+## TSK_VERIFICATION_FAILED
+An indication that some data did not pass verification. One example would be verifying a SHA-1 hash.
+
+### REQUIRED ATTRIBUTES
+- TSK_COMMENT (Reason for failure, what failed)
+
+---
+## TSK_WEB_ACCOUNT_TYPE
+A web account type entry.
+
+### REQUIRED ATTRIBUTES
+- TSK_DOMAIN (Domain of the URL)
+- TSK_TEXT (Indicates type of account (admin/moderator/user) and possible platform)
+- TSK_URL (URL indicating the user has an account on this domain)
+
+---
+## TSK_WEB_CATEGORIZATION
+The categorization of a web host using a specific usage type, e.g. mail.google.com would correspond to Web Email.
+
+### REQUIRED ATTRIBUTES
+- TSK_NAME (The usage category identifier, e.g. Web Email)
+- TSK_DOMAIN (The domain of the host, e.g. google.com)
+- TSK_HOST (The full host, e.g. mail.google.com)
+
+---
+## TSK_YARA_HIT
+Indicates that the some content of the file was a hit for a YARA rule match.
+
+### REQUIRED ATTRIBUTES
+- TSK_RULE (The rule that was a hit for this file)
+- TSK_SET_NAME (Name of the rule set containing the matching rule YARA rule)
+
+<br><br>
+
+\section art_catalog_data Data Artifact Types
---
## TSK_ACCOUNT
@@ -141,13 +277,6 @@ A contact book entry in an application file or database.
----
-## TSK_DATA_SOURCE_USAGE
-Describes how a data source was used, e.g., as a SIM card or an OS drive (such as for Windows or Android).
-
-### REQUIRED ATTRIBUTES
-- TSK_DESCRIPTION (Description of the usage, e.g., "OS Drive (Windows Vista)").
-
---
## TSK_DELETED_PROG
@@ -213,26 +342,6 @@ An email message found in an application file or database.
- TSK_SUBJECT (Subject of the email message)
- TSK_THREAD_ID (ID specified by the analysis module to group emails into threads for display purposes)
-
-
----
-## TSK_ENCRYPTION_DETECTED
-An indication that the content is encrypted.
-
-### REQUIRED ATTRIBUTES
-- TSK_COMMENT (A comment on the encryption, e.g., encryption type or password)
-
-
-
----
-## TSK_ENCRYPTION_SUSPECTED
-An indication that the content is likely encrypted.
-
-### REQUIRED ATTRIBUTES
-- TSK_COMMENT (Reason for suspecting encryption)
-
-
-
---
## TSK_EXTRACTED_TEXT
Text extracted from some content.
@@ -240,26 +349,6 @@ Text extracted from some content.
### REQUIRED ATTRIBUTES
TSK_TEXT (The extracted text)
-
-
----
-## TSK_EXT_MISMATCH_DETECTED
-An indication that the registered extensions for a file's mime type do not match the file's extension.
-
-### REQUIRED ATTRIBUTES
-None
-
-
-
----
-## TSK_FACE_DETECTED
-An indication that a human face was detected in some content.
-
-### REQUIRED ATTRIBUTES
-None
-
-
-
---
## TSK_GEN_INFO
A generic information artifact. Each content object will have at most one TSK_GEN_INFO artifact, which is easily accessed through org.sleuthkit.datamodel.AbstractContent.getGenInfoArtifact() and related methods. The TSK_GEN_INFO object is useful for storing values related to the content object without making a new artifact type.
@@ -359,18 +448,6 @@ A Global Positioning System (GPS) track artifact records the track, or path, of
----
-## TSK_HASHSET_HIT
-Indicates that the MD5 hash of a file matches a set of known MD5s (possibly user defined).
-
-### REQUIRED ATTRIBUTES
-- TSK_SET_NAME (Name of hashset containing the file's MD5)
-
-### OPTIONAL ATTRIBUTES
-- TSK_COMMENT (Additional comments about the hit)
-
-
-
---
## TSK_INSTALLED_PROG
Details about an installed program.
@@ -385,51 +462,6 @@ Details about an installed program.
- TSK_PATH_SOURCE (Path to an Android Package Kit (APK) file for an Android program)
- TSK_PERMISSIONS (Permissions of the installed program)
-
-
----
-## TSK_INTERESTING_ARTIFACT_HIT
-Indicates that the source artifact matches some set of criteria which deem it interesting. Artifacts with this meta artifact will be brought to the attention of the user.
-
-### REQUIRED ATTRIBUTES
-- TSK_ASSOCIATED_ARTIFACT (The source artifact)
-- TSK_SET_NAME (The name of the set of criteria which deemed this artifact interesting)
-
-### OPTIONAL ATTRIBUTES
-- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
-- TSK_CATEGORY (The set membership rule that was satisfied)
-
-
-
----
-## TSK_INTERESTING_FILE_HIT
-Indication that the source file matches some set of criteria (possibly user defined) which deem it interesting. Files with this artifact will be brought to the attention of the user.
-
-### REQUIRED ATTRIBUTES
-- TSK_SET_NAME (The name of the set of criteria which deemed this file interesting)
-
-### OPTIONAL ATTRIBUTES
-- TSK_COMMENT (Comment on the reason that the source artifact is interesting)
-- TSK_CATEGORY (The set membership rule that was satisfied. I.e. a particular mime)
-
-
-
----
-## TSK_KEYWORD_HIT
-Indication that the source artifact or file contains a keyword. Keywords are grouped into named sets.
-
-### REQUIRED ATTRIBUTES
-- TSK_KEYWORD (Keyword that was found in the artifact or file)
-- TSK_KEYWORD_SEARCH_TYPE (Specifies the type of match, e.g., an exact match, a substring match, or a regex match)
-- TSK_SET_NAME (The set name that the keyword was contained in)
-- TSK_KEYWORD_REGEXP (The regular expression that matched, only required for regex matches)
-- TSK_ASSOCIATED_ARTIFACT (Only required if the keyword hit source is an artifact)
-
-### OPTIONAL ATTRIBUTES
-- TSK_KEYWORD_PREVIEW (Snippet of text around keyword)
-
-
-
---
## TSK_MESSAGE
A message that is found in some content.
@@ -485,18 +517,6 @@ EXIF metadata found in an image or audio file.
- TSK_GEO_LONGITUDE (The camera's longitude when the image/audio was taken)
----
-## TSK_OBJECT_DETECTED
-Indicates that an object was detected in a media file. Typically used by computer vision software to classify images.
-
-### REQUIRED ATTRIBUTES
-- TSK_COMMENT (What was detected)
-
-### OPTIONAL ATTRIBUTES
-- TSK_DESCRIPTION (Additional comments about the object or observer, e.g., what detected the object)
-
-
-
---
## TSK_OS_ACCOUNT
Details about an operating system account recovered from the data source. Examples include user or administrator accounts.
@@ -676,18 +696,7 @@ An event in the timeline of a case.
- TSK_DATETIME (When the event occurred, in seconds since 1970-01-01T00:00:00Z)
- TSK_DESCRIPTION (A description of the event)
-
-
----
-## TSK_USER_CONTENT_SUSPECTED
-An indication that some media file content was generated by the user.
-
-### REQUIRED ATTRIBUTES
-- TSK_COMMENT (The reason why user-generated content is suspected)
-
-
---
-
## TSK_USER_DEVICE_EVENT
Activity on the system or from an application. Example usage is a mobile device being locked and unlocked.
@@ -702,27 +711,6 @@ Activity on the system or from an application. Example usage is a mobile device
- TSK_PROG_NAME (Name of the program doing the activity)
- TSK_VALUE (Connection type)
-
----
-## TSK_VERIFICATION_FAILED
-An indication that some data did not pass verification. One example would be verifying a SHA-1 hash.
-
-### REQUIRED ATTRIBUTES
-- TSK_COMMENT (Reason for failure, what failed)
-
-
-
----
-## TSK_WEB_ACCOUNT_TYPE
-A web account type entry.
-
-### REQUIRED ATTRIBUTES
-- TSK_DOMAIN (Domain of the URL)
-- TSK_TEXT (Indicates type of account (admin/moderator/user) and possible platform)
-- TSK_URL (URL indicating the user has an account on this domain)
-
-
-
---
## TSK_WEB_BOOKMARK
A web bookmark entry.
@@ -737,8 +725,6 @@ A web bookmark entry.
- TSK_NAME (Name of the bookmark entry)
- TSK_TITLE (Title of the web page that was bookmarked)
-
-
---
## TSK_WEB_CACHE
A web cache entry. The resource that was cached may or may not be present in the data source.
@@ -753,19 +739,6 @@ A web cache entry. The resource that was cached may or may not be present in the
- TSK_PATH_ID (Object ID of the source cache file)
- TSK_DOMAIN (Domain of the URL)
-
-
----
-## TSK_WEB_CATEGORIZATION
-The categorization of a web host using a specific usage type, e.g. mail.google.com would correspond to Web Email.
-
-### REQUIRED ATTRIBUTES
-- TSK_NAME (The usage category identifier, e.g. Web Email)
-- TSK_DOMAIN (The domain of the host, e.g. google.com)
-- TSK_HOST (The full host, e.g. mail.google.com)
-
-
-
---
## TSK_WEB_COOKIE
A Web cookie found.
@@ -887,14 +860,4 @@ Details about a WiFi adapter.
----
-## TSK_YARA_HIT
-Indicates that the some content of the file was a hit for a YARA rule match.
-
-### REQUIRED ATTRIBUTES
-- TSK_RULE (The rule that was a hit for this file)
-- TSK_SET_NAME (Name of the rule set containing the matching rule YARA rule)
-
-
-
*/
diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
index d4e9b0441f1180489846fd41282856b48cc8c12f..b1c0f10c05147111e039f91c467e3069460fcb66 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
@@ -1038,40 +1038,40 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* A generic information artifact.
*/
TSK_GEN_INFO(1, "TSK_GEN_INFO", //NON-NLS
- bundle.getString("BlackboardArtifact.tskGenInfo.text")),
+ bundle.getString("BlackboardArtifact.tskGenInfo.text"), Category.DATA_ARTIFACT),
/**
* A Web bookmark. Use methods in
* org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper to
* create bookmark artifacts.
*/
TSK_WEB_BOOKMARK(2, "TSK_WEB_BOOKMARK", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebBookmark.text")),
+ bundle.getString("BlackboardArtifact.tskWebBookmark.text"), Category.DATA_ARTIFACT),
/**
* A Web cookie. Use methods in
* org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper to
* create cookie artifacts.
*/
TSK_WEB_COOKIE(3, "TSK_WEB_COOKIE",
- bundle.getString("BlackboardArtifact.tskWebCookie.text")), //NON-NLS
+ bundle.getString("BlackboardArtifact.tskWebCookie.text"), Category.DATA_ARTIFACT), //NON-NLS
/**
* A Web history. Use methods in
* org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper to
* create history artifacts.
*/
TSK_WEB_HISTORY(4, "TSK_WEB_HISTORY", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebHistory.text")),
+ bundle.getString("BlackboardArtifact.tskWebHistory.text"), Category.DATA_ARTIFACT),
/**
* A Web download. Use methods in
* org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper to
* create download artifacts.
*/
TSK_WEB_DOWNLOAD(5, "TSK_WEB_DOWNLOAD", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebDownload.text")),
+ bundle.getString("BlackboardArtifact.tskWebDownload.text"), Category.DATA_ARTIFACT),
/**
* A recent object.
*/
TSK_RECENT_OBJECT(6, "TSK_RECENT_OBJ", //NON-NLS
- bundle.getString("BlackboardArtifact.tsk.recentObject.text")),
+ bundle.getString("BlackboardArtifact.tsk.recentObject.text"), Category.DATA_ARTIFACT),
/**
* A GPS track point (geolocation data).
*
@@ -1079,12 +1079,12 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
*/
@Deprecated
TSK_GPS_TRACKPOINT(7, "TSK_GPS_TRACKPOINT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskGpsTrackpoint.text")),
+ bundle.getString("BlackboardArtifact.tskGpsTrackpoint.text"), Category.DATA_ARTIFACT),
/**
* An installed program.
*/
TSK_INSTALLED_PROG(8, "TSK_INSTALLED_PROG", //NON-NLS
- bundle.getString("BlackboardArtifact.tskInstalledProg.text")),
+ bundle.getString("BlackboardArtifact.tskInstalledProg.text"), Category.DATA_ARTIFACT),
/**
* A search hit for a keyword.
*/
@@ -1099,7 +1099,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* An attached device.
*/
TSK_DEVICE_ATTACHED(11, "TSK_DEVICE_ATTACHED", //NON-NLS
- bundle.getString("BlackboardArtifact.tskDeviceAttached.text")),
+ bundle.getString("BlackboardArtifact.tskDeviceAttached.text"), Category.DATA_ARTIFACT),
/**
* An meta-artifact to call attention to a file deemed to be
* interesting.
@@ -1110,22 +1110,22 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* An email message.
*/
TSK_EMAIL_MSG(13, "TSK_EMAIL_MSG", //NON-NLS
- bundle.getString("BlackboardArtifact.tskEmailMsg.text")),
+ bundle.getString("BlackboardArtifact.tskEmailMsg.text"), Category.DATA_ARTIFACT),
/**
* Text extracted from the source content.
*/
TSK_EXTRACTED_TEXT(14, "TSK_EXTRACTED_TEXT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskExtractedText.text")),
+ bundle.getString("BlackboardArtifact.tskExtractedText.text"), Category.DATA_ARTIFACT),
/**
* A Web search engine query extracted from Web history.
*/
TSK_WEB_SEARCH_QUERY(15, "TSK_WEB_SEARCH_QUERY", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebSearchQuery.text")),
+ bundle.getString("BlackboardArtifact.tskWebSearchQuery.text"), Category.DATA_ARTIFACT),
/**
* EXIF metadata.
*/
TSK_METADATA_EXIF(16, "TSK_METADATA_EXIF", //NON-NLS
- bundle.getString("BlackboardArtifact.tskMetadataExif.text")),
+ bundle.getString("BlackboardArtifact.tskMetadataExif.text"), Category.DATA_ARTIFACT),
/**
* A tag applied to a file.
*
@@ -1133,7 +1133,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
*/
@Deprecated
TSK_TAG_FILE(17, "TSK_TAG_FILE", //NON-NLS
- bundle.getString("BlackboardArtifact.tagFile.text")),
+ bundle.getString("BlackboardArtifact.tagFile.text"), Category.ANALYSIS_RESULT),
/**
* A tag applied to an artifact.
*
@@ -1141,22 +1141,22 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
*/
@Deprecated
TSK_TAG_ARTIFACT(18, "TSK_TAG_ARTIFACT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskTagArtifact.text")),
+ bundle.getString("BlackboardArtifact.tskTagArtifact.text"), Category.ANALYSIS_RESULT),
/**
* Information pertaining to an operating system.
*/
TSK_OS_INFO(19, "TSK_OS_INFO", //NON-NLS
- bundle.getString("BlackboardArtifact.tskOsInfo.text")),
+ bundle.getString("BlackboardArtifact.tskOsInfo.text"), Category.DATA_ARTIFACT),
/**
* An operating system user account.
*/
TSK_OS_ACCOUNT(20, "TSK_OS_ACCOUNT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskOsAccount.text")),
+ bundle.getString("BlackboardArtifact.tskOsAccount.text"), Category.DATA_ARTIFACT),
/**
* An application or Web service account.
*/
TSK_SERVICE_ACCOUNT(21, "TSK_SERVICE_ACCOUNT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskServiceAccount.text")),
+ bundle.getString("BlackboardArtifact.tskServiceAccount.text"), Category.DATA_ARTIFACT),
/**
* Output from an external tool or module (raw text).
*
@@ -1164,7 +1164,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
*/
@Deprecated
TSK_TOOL_OUTPUT(22, "TSK_TOOL_OUTPUT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskToolOutput.text")),
+ bundle.getString("BlackboardArtifact.tskToolOutput.text"), Category.DATA_ARTIFACT),
/**
* A contact extracted from a phone, or from an address
* book/email/messaging application. Use methods in
@@ -1172,7 +1172,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* to create contact artifacts.
*/
TSK_CONTACT(23, "TSK_CONTACT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskContact.text")),
+ bundle.getString("BlackboardArtifact.tskContact.text"), Category.DATA_ARTIFACT),
/**
* An SMS/MMS message extracted from phone, or from another messaging
* application, like IM. Use methods in
@@ -1180,7 +1180,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* to create message artifacts.
*/
TSK_MESSAGE(24, "TSK_MESSAGE", //NON-NLS
- bundle.getString("BlackboardArtifact.tskMessage.text")),
+ bundle.getString("BlackboardArtifact.tskMessage.text"), Category.DATA_ARTIFACT),
/**
* A phone call log extracted from a phone or softphone application. Use
* methods in
@@ -1188,42 +1188,42 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* to create call log artifacts.
*/
TSK_CALLLOG(25, "TSK_CALLLOG", //NON-NLS
- bundle.getString("BlackboardArtifact.tskCalllog.text")),
+ bundle.getString("BlackboardArtifact.tskCalllog.text"), Category.DATA_ARTIFACT),
/**
* A calendar entry from a phone, PIM, or a calendar application.
*/
TSK_CALENDAR_ENTRY(26, "TSK_CALENDAR_ENTRY", //NON-NLS
- bundle.getString("BlackboardArtifact.tskCalendarEntry.text")),
+ bundle.getString("BlackboardArtifact.tskCalendarEntry.text"), Category.DATA_ARTIFACT),
/**
* A speed dial entry from a phone.
*/
TSK_SPEED_DIAL_ENTRY(27, "TSK_SPEED_DIAL_ENTRY", //NON-NLS
- bundle.getString("BlackboardArtifact.tskSpeedDialEntry.text")),
+ bundle.getString("BlackboardArtifact.tskSpeedDialEntry.text"), Category.DATA_ARTIFACT),
/**
* A bluetooth pairing entry.
*/
TSK_BLUETOOTH_PAIRING(28, "TSK_BLUETOOTH_PAIRING", //NON-NLS
- bundle.getString("BlackboardArtifact.tskBluetoothPairing.text")),
+ bundle.getString("BlackboardArtifact.tskBluetoothPairing.text"), Category.DATA_ARTIFACT),
/**
* A GPS bookmark / way point that the user saved.
*/
TSK_GPS_BOOKMARK(29, "TSK_GPS_BOOKMARK", //NON-NLS
- bundle.getString("BlackboardArtifact.tskGpsBookmark.text")),
+ bundle.getString("BlackboardArtifact.tskGpsBookmark.text"), Category.DATA_ARTIFACT),
/**
* A GPS last known location record.
*/
TSK_GPS_LAST_KNOWN_LOCATION(30, "TSK_GPS_LAST_KNOWN_LOCATION", //NON-NLS
- bundle.getString("BlackboardArtifact.tskGpsLastKnownLocation.text")),
+ bundle.getString("BlackboardArtifact.tskGpsLastKnownLocation.text"), Category.DATA_ARTIFACT),
/**
* A GPS search record.
*/
TSK_GPS_SEARCH(31, "TSK_GPS_SEARCH", //NON-NLS
- bundle.getString("BlackboardArtifact.tskGpsSearch.text")),
+ bundle.getString("BlackboardArtifact.tskGpsSearch.text"), Category.DATA_ARTIFACT),
/**
* Application run information.
*/
TSK_PROG_RUN(32, "TSK_PROG_RUN", //NON-NLS
- bundle.getString("BlackboardArtifact.tskProgRun.text")),
+ bundle.getString("BlackboardArtifact.tskProgRun.text"), Category.DATA_ARTIFACT),
/**
* An encrypted file.
*/
@@ -1246,12 +1246,12 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* to create route artifacts.
*/
TSK_GPS_ROUTE(36, "TSK_GPS_ROUTE", //NON-NLS
- bundle.getString("BlackboardArtifact.tskGpsRoute.text")),
+ bundle.getString("BlackboardArtifact.tskGpsRoute.text"), Category.DATA_ARTIFACT),
/**
* A remote drive.
*/
TSK_REMOTE_DRIVE(37, "TSK_REMOTE_DRIVE", //NON-NLS
- bundle.getString("BlackboardArtifact.tskRemoteDrive.text")),
+ bundle.getString("BlackboardArtifact.tskRemoteDrive.text"), Category.DATA_ARTIFACT),
/**
* A human face was detected in a media file.
*/
@@ -1261,7 +1261,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* An account.
*/
TSK_ACCOUNT(39, "TSK_ACCOUNT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskAccount.text")),
+ bundle.getString("BlackboardArtifact.tskAccount.text"), Category.DATA_ARTIFACT),
/**
* An encrypted file.
*/
@@ -1276,51 +1276,51 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
* A wireless network.
*/
TSK_WIFI_NETWORK(42, "TSK_WIFI_NETWORK", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWIFINetwork.text")),
+ bundle.getString("BlackboardArtifact.tskWIFINetwork.text"), Category.DATA_ARTIFACT),
/**
* Information related to a device.
*/
TSK_DEVICE_INFO(43, "TSK_DEVICE_INFO", //NON-NLS
- bundle.getString("BlackboardArtifact.tskDeviceInfo.text")),
+ bundle.getString("BlackboardArtifact.tskDeviceInfo.text"), Category.DATA_ARTIFACT),
/**
* A SIM card.
*/
TSK_SIM_ATTACHED(44, "TSK_SIM_ATTACHED", //NON-NLS
- bundle.getString("BlackboardArtifact.tskSimAttached.text")),
+ bundle.getString("BlackboardArtifact.tskSimAttached.text"), Category.DATA_ARTIFACT),
/**
* A bluetooth adapter.
*/
TSK_BLUETOOTH_ADAPTER(45, "TSK_BLUETOOTH_ADAPTER", //NON-NLS
- bundle.getString("BlackboardArtifact.tskBluetoothAdapter.text")),
+ bundle.getString("BlackboardArtifact.tskBluetoothAdapter.text"), Category.DATA_ARTIFACT),
/**
* A wireless network adapter.
*/
TSK_WIFI_NETWORK_ADAPTER(46, "TSK_WIFI_NETWORK_ADAPTER", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWIFINetworkAdapter.text")),
+ bundle.getString("BlackboardArtifact.tskWIFINetworkAdapter.text"), Category.DATA_ARTIFACT),
/**
* Indicates a verification failure
*/
TSK_VERIFICATION_FAILED(47, "TSK_VERIFICATION_FAILED", //NON-NLS
- bundle.getString("BlackboardArtifact.tskVerificationFailed.text")),
+ bundle.getString("BlackboardArtifact.tskVerificationFailed.text"), Category.ANALYSIS_RESULT),
/**
* Categorization information for a data source.
*/
TSK_DATA_SOURCE_USAGE(48, "TSK_DATA_SOURCE_USAGE", //NON-NLS
- bundle.getString("BlackboardArtifact.tskDataSourceUsage.text")),
+ bundle.getString("BlackboardArtifact.tskDataSourceUsage.text"), Category.ANALYSIS_RESULT),
/**
* Indicates auto fill data from a Web form. Use methods in
* org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper to
* create web form autofill artifacts.
*/
TSK_WEB_FORM_AUTOFILL(49, "TSK_WEB_FORM_AUTOFILL", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebFormAutofill.text")),
+ bundle.getString("BlackboardArtifact.tskWebFormAutofill.text"), Category.DATA_ARTIFACT),
/**
* Indicates an person's address filled in a web form. Use methods in
* org.sleuthkit.datamodel.blackboardutils.WebBrowserArtifactsHelper to
* create web form address artifacts.
*/
TSK_WEB_FORM_ADDRESS(50, "TSK_WEB_FORM_ADDRESSES ", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebFormAddresses.text")),
+ bundle.getString("BlackboardArtifact.tskWebFormAddresses.text"), Category.DATA_ARTIFACT),
/**
* Indicates source of a file/object
*
@@ -1329,87 +1329,87 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
*/
@Deprecated
TSK_DOWNLOAD_SOURCE(51, "TSK_DOWNLOAD_SOURCE", //NON-NLS
- bundle.getString("BlackboardArtifact.tskDownloadSource.text")),
+ bundle.getString("BlackboardArtifact.tskDownloadSource.text"), Category.DATA_ARTIFACT),
/**
* Indicates web cache data
*/
TSK_WEB_CACHE(52, "TSK_WEB_CACHE", //NON-NLS
- bundle.getString("BlackboardArtifact.tskWebCache.text")),
+ bundle.getString("BlackboardArtifact.tskWebCache.text"), Category.DATA_ARTIFACT),
/**
* A generic (timeline) event.
*/
TSK_TL_EVENT(53, "TSK_TL_EVENT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskTLEvent.text")),
+ bundle.getString("BlackboardArtifact.tskTLEvent.text"), Category.DATA_ARTIFACT),
/**
* Indicates clipboard content
*/
TSK_CLIPBOARD_CONTENT(54, "TSK_CLIPBOARD_CONTENT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskClipboardContent.text")),
+ bundle.getString("BlackboardArtifact.tskClipboardContent.text"), Category.DATA_ARTIFACT),
/**
* An associated object.
*/
TSK_ASSOCIATED_OBJECT(55, "TSK_ASSOCIATED_OBJECT", //NON-NLS
- bundle.getString("BlackboardArtifact.tskAssociatedObject.text")),
+ bundle.getString("BlackboardArtifact.tskAssociatedObject.text"), Category.DATA_ARTIFACT),
/**
* Indicates file may have been created by the user.
*/
TSK_USER_CONTENT_SUSPECTED(56, "TSK_USER_CONTENT_SUSPECTED", //NON-NLS
- bundle.getString("BlackboardArtifact.tskUserContentSuspected.text")),
+ bundle.getString("BlackboardArtifact.tskUserContentSuspected.text"), Category.ANALYSIS_RESULT),
/**
* Stores metadata about an object.
*/
TSK_METADATA(57, "TSK_METADATA", //NON-NLS
- bundle.getString("BlackboardArtifact.tskMetadata.text")),
+ bundle.getString("BlackboardArtifact.tskMetadata.text"), Category.DATA_ARTIFACT),
/**
* Stores a GPS track log. Use
* org.sleuthkit.datamodel.blackboardutils.GeoArtifactsHelper.addTrack()
* to create track artifacts.
*/
TSK_GPS_TRACK(58, "TSK_GPS_TRACK",
- bundle.getString("BlackboardArtifact.tskTrack.text")),
+ bundle.getString("BlackboardArtifact.tskTrack.text"), Category.DATA_ARTIFACT),
/**
* Stores a role on a given domain.
*/
TSK_WEB_ACCOUNT_TYPE(59, "TSK_WEB_ACCOUNT_TYPE",
- bundle.getString("BlackboardArtifact.tskWebAccountType.text")),
+ bundle.getString("BlackboardArtifact.tskWebAccountType.text"), Category.ANALYSIS_RESULT),
/**
* Screen shots from device or Application.
*/
TSK_SCREEN_SHOTS(60, "TSK_SCREEN_SHOTS",
- bundle.getString("BlackboardArtifact.tskScreenShots.text")),
+ bundle.getString("BlackboardArtifact.tskScreenShots.text"), Category.DATA_ARTIFACT),
/**
* Notifications Sent to User.
*/
TSK_PROG_NOTIFICATIONS(62, "TSK_PROG_NOTIFICATIONS",
- bundle.getString("BlackboardArtifact.tskProgNotifications.text")),
+ bundle.getString("BlackboardArtifact.tskProgNotifications.text"), Category.DATA_ARTIFACT),
/**
* System/Application/File backup.
*/
TSK_BACKUP_EVENT(63, "TSK_BACKUP_EVENT",
- bundle.getString("BlackboardArtifact.tskBackupEvent.text")),
+ bundle.getString("BlackboardArtifact.tskBackupEvent.text"), Category.DATA_ARTIFACT),
/**
* Programs that have been deleted.
*/
TSK_DELETED_PROG(64, "TSK_DELETED_PROG",
- bundle.getString("BlackboardArtifact.tskDeletedProg.text")),
+ bundle.getString("BlackboardArtifact.tskDeletedProg.text"), Category.DATA_ARTIFACT),
/**
* Activity on the System/Application.
*/
TSK_USER_DEVICE_EVENT(65, "TSK_USER_DEVICE_EVENT",
- bundle.getString("BlackboardArtifact.tskUserDeviceEvent.text")),
+ bundle.getString("BlackboardArtifact.tskUserDeviceEvent.text"), Category.DATA_ARTIFACT),
/**
* Indicates that the file had a yara pattern match hit.
*/
TSK_YARA_HIT(66, "TSK_YARA_HIT",
- bundle.getString("BlackboardArtifact.tskYaraHit.text")),
+ bundle.getString("BlackboardArtifact.tskYaraHit.text"), Category.ANALYSIS_RESULT),
/**
* Stores the outline of an area using GPS coordinates.
*/
TSK_GPS_AREA(67, "TSK_GPS_AREA",
- bundle.getString("BlackboardArtifact.tskGPSArea.text")),
+ bundle.getString("BlackboardArtifact.tskGPSArea.text"), Category.DATA_ARTIFACT),
TSK_WEB_CATEGORIZATION(68, "TSK_WEB_CATEGORIZATION",
- bundle.getString("BlackboardArtifact.tskWebCategorization.text")),
+ bundle.getString("BlackboardArtifact.tskWebCategorization.text"), Category.ANALYSIS_RESULT),
;