From e2a238c1e82f2a801a39462b72aa4af72a5c5c42 Mon Sep 17 00:00:00 2001
From: Mark McKinnon <mark.mckinnon@davenport.edu>
Date: Thu, 28 May 2020 15:40:16 -0400
Subject: [PATCH] Add Attribute and TImeline events

Added TSK_LAST_PRINTED_DATETIME Attribute and Metadata_last_printed, metadata_last_saved and metadata_created event types for timeline.
---
 .../datamodel/BlackboardAttribute.java        |  7 ++++-
 .../org/sleuthkit/datamodel/Bundle.properties |  4 +++
 .../datamodel/TimelineEventType.java          | 29 ++++++++++++++++++-
 3 files changed, 38 insertions(+), 2 deletions(-)

diff --git a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
index fe9caf98a..0e9d449e2 100755
--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
@@ -1411,7 +1411,12 @@ public enum ATTRIBUTE_TYPE {
 		
 		TSK_BYTES_RECEIVED(148, "TSK_BYTES_RECEIVED",
 	        bundle.getString("BlackboardAttribute.tskbytesreceived.text"),
-	        TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG)
+	        TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.LONG),
+		
+		TSK_LAST_PRINTED_DATETIME(149, "TSK_LAST_PRINTED_DATETIME",
+	        bundle.getString("BlackboardAttribute.tsklastprinteddatetime.text"),
+	        TSK_BLACKBOARD_ATTRIBUTE_VALUE_TYPE.DATETIME),
+		
 		
 		;
 
diff --git a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
index 8e4eb3942..16335ea7b 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+++ b/bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
@@ -198,6 +198,7 @@ BlackboardAttribute.tskdistancefromhome.text=Distance from Homepoint
 BlackboardAttribute.tskhashphotodna.text=PhotoDNA Hash
 BlackboardAttribute.tskbytessent.text=Bytes Sent
 BlackboardAttribute.tskbytesreceived.text=Bytes Received
+BlackboardAttribute.tsklastprinteddatetime.text=Last Printed Date
 AbstractFile.readLocal.exception.msg4.text=Error reading local file\: {0}
 AbstractFile.readLocal.exception.msg1.text=Error reading local file, local path is not set
 AbstractFile.readLocal.exception.msg2.text=Error reading local file, it does not exist at local path\: {0}
@@ -323,6 +324,9 @@ MiscTypes.GPSBookmark.name=GPS Bookmark
 MiscTypes.GPSLastknown.name=GPS Last Known Location
 MiscTypes.GPSearch.name=GPS Search
 MiscTypes.GPSTrack.name=GPS Track
+MiscTypes.metadataLastPrinted.name=Document Last Printed
+MiscTypes.metadataLastSaved.name=Document Last Saved
+MiscTypes.metadataCreated.name=Document Created
 RootEventType.eventTypes.name=Event Types
 WebTypes.webDownloads.name=Web Downloads
 WebTypes.webCookies.name=Web Cookies
diff --git a/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java b/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
index a6fabdadb..6f8a25f77 100644
--- a/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/TimelineEventType.java
@@ -224,7 +224,7 @@ public int compare(TimelineEventType o1, TimelineEventType o2) {
 			builder.add(CALL_LOG, DEVICES_ATTACHED, EMAIL,
 					EXIF, GPS_BOOKMARK, GPS_LAST_KNOWN_LOCATION, GPS_TRACKPOINT,
 					GPS_ROUTE, GPS_SEARCH, GPS_TRACK, INSTALLED_PROGRAM, LOG_ENTRY, MESSAGE,
-					RECENT_DOCUMENTS, REGISTRY);
+					METADATA_LAST_PRINTED, METADATA_LAST_SAVED, METADATA_CREATED, RECENT_DOCUMENTS, REGISTRY);
 
 			return builder.build();
 		}
@@ -526,7 +526,34 @@ public SortedSet< TimelineEventType> getChildren() {
 			MISC_TYPES,
 			new BlackboardArtifact.Type(TSK_GPS_TRACK),
 			new Type(TSK_NAME));
+	
+	TimelineEventType METADATA_LAST_PRINTED = new TimelineEventArtifactTypeImpl(33,
+			getBundle().getString("MiscTypes.metadataLastPrinted.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_METADATA),
+			new Type(TSK_LAST_PRINTED_DATETIME),
+			new EmptyExtractor(),
+			new EmptyExtractor(),
+			new EmptyExtractor());
 
+	TimelineEventType METADATA_LAST_SAVED = new TimelineEventArtifactTypeImpl(34,
+			getBundle().getString("MiscTypes.metadataLastSaved.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_METADATA),
+			new Type(TSK_DATETIME_MODIFIED),
+			new EmptyExtractor(),
+			new EmptyExtractor(),
+			new EmptyExtractor());
+
+	TimelineEventType METADATA_CREATED = new TimelineEventArtifactTypeImpl(35,
+			getBundle().getString("MiscTypes.metadataCreated.name"),// NON-NLS
+			MISC_TYPES,
+			new BlackboardArtifact.Type(TSK_METADATA),
+			new Type(TSK_DATETIME_CREATED),
+			new EmptyExtractor(),
+			new EmptyExtractor(),
+			new EmptyExtractor());
+			
 	static SortedSet<? extends TimelineEventType> getCategoryTypes() {
 		return ROOT_EVENT_TYPE.getChildren();
 	}
-- 
GitLab