Merge pull request #2079 from...

Merge pull request #2079 from markmckinnon/6731-Add-new-artifact-and-attribute-types-based-on-ILeapp 6731-Add-new-artifact-and-attribute-types-based-on-ILeapp-omissions

Merge pull request #2079 from...
ecdac17e · Richard Cordovano · GitHub · 55867d10 · 8d81a4ec · ecdac17e
Unverified Commit ecdac17e authored 4 years ago by Richard Cordovano Committed by GitHub 4 years ago
--- a/bindings/java/doxygen/artifact_catalog.dox
+++ b/bindings/java/doxygen/artifact_catalog.dox
@@ -35,24 +35,6 @@ TSK_CARD_NUMBER (Credit card number)
 ---
-## TSK_ACTIVITY
-Activity on the system or from an application.  Example usage is a mobile device being locked and unlocked.
-. 
-### REQUIRED ATTRIBUTES
- TSK_DATETIME_START (When activity started)
-    or 
-  TSK_DATETIME
-### OPTIONAL ATTRIBUTES
- TSK_ACTIVITY_TYPE (Activity type i.e.: On or Off)
- TSK_DATETIME_END (When activity ended)
- TSK_PROG_NAME (Name of the program doing the activity)
- TSK_VALUE (Connection type)
---
 ## TSK_ASSOCIATED_OBJECT
 Provides a backwards link to an artifact that references the parent file of this artifact.  Example usage is that a downloaded file will have this artifact and it will point back to the TSK_WEB_DOWNLOAD artifact that is associated with a browser's SQLite database. See \ref jni_bb_associated_object.
@@ -61,7 +43,7 @@ Provides a backwards link to an artifact that references the parent file of this
 ---
-## TSK_BACKUP
+## TSK_BACKUP_EVENT
 Details about System/aplication/file backups.
 ### REQUIRED ATTRIBUTES
@@ -208,17 +190,6 @@ Details about a device data source.
 - TSK_IMSI (IMSI number of the device)
---
-## TSK_DHCP_INFO
-DHCP information that is stored.
-### REQUIRED ATTRIBUTES
- TSK_NAME (Description of Information)
- TSK_VALUE (Value of Information)
 ---
 ## TSK_EMAIL_MSG
 An email message found in an application file or database.
@@ -431,6 +402,15 @@ Indication that the source file matches some set of criteria (possibly user defi
+---
+## TSK_IP_DHCP
+DHCP information that is stored.
+### REQUIRED ATTRIBUTES
+- TSK_NAME (Description of Information)
+- TSK_VALUE (Value of Information)
 ---
 ## TSK_KEYWORD_HIT
 Indication that the source artifact or file contains a keyword. Keywords are grouped into named sets.
@@ -502,20 +482,6 @@ EXIF metadata found in an image or audio file.
 - TSK_GEO_LONGITUDE (The camera's longitude when the image/audio was taken)
---
-## TSK_NOTIFICATION
-Notifications to the user.
-### REQUIRED ATTRIBUTES
- TSK_DATETIME (When the notification was sent/received)
- TSK_PROG_NAME (Program to send/receive notification)
-### OPTIONAL ATTRIBUTES
- TSK_TITLE (Title of the notification)
- TSK_VALUE (Message being sent or received)
 ---
 ## TSK_OBJECT_DETECTED
 Indicates that an object was detected in a media file. Typically used by computer vision software to classify images.
@@ -577,6 +543,20 @@ Details about an operating system recovered from the data source.
+---
+## TSK_PROG_NOTIFICATION
+Notifications to the user.
+### REQUIRED ATTRIBUTES
+- TSK_DATETIME (When the notification was sent/received)
+- TSK_PROG_NAME (Program to send/receive notification)
+### OPTIONAL ATTRIBUTES
+- TSK_TITLE (Title of the notification)
+- TSK_VALUE (Message being sent or received)
 ---
 ## TSK_PROG_RUN
 The number of times a program/application was run.
@@ -704,6 +684,23 @@ An indication that some media file content was generated by the user.
 - TSK_COMMENT (The reason why user-generated content is suspected)
+---
+## TSK_USER_DEVICE_EVENT
+Activity on the system or from an application.  Example usage is a mobile device being locked and unlocked.
+. 
+### REQUIRED ATTRIBUTES
+- TSK_DATETIME_START (When activity started)
+    or 
+  TSK_DATETIME
+### OPTIONAL ATTRIBUTES
+- TSK_ACTIVITY_TYPE (Activity type i.e.: On or Off)
+- TSK_DATETIME_END (When activity ended)
+- TSK_PROG_NAME (Name of the program doing the activity)
+- TSK_VALUE (Connection type)
 ---
 ## TSK_VERIFICATION_FAILED

--- a/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
+++ b/bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
@@ -1269,17 +1269,17 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
 		/**
 		 * DHCP Information that is store for a device.
 		 */
-		TSK_DHCP_INFO(61, "TSK_IP_DHCP",
+		TSK_IP_DHCP(61, "TSK_IP_DHCP",
 				bundle.getString("BlackboardArtifact.tskDhcpInfo.text")),		
 		/**
 		 * Notifications Sent to User.
 		 */
-		TSK_NOTIFICATIONS(62, "TSK_PROG_NOTIFICATIONS",
+		TSK_PROG_NOTIFICATIONS(62, "TSK_PROG_NOTIFICATIONS",
 				bundle.getString("BlackboardArtifact.tskProgNotifications.text")),		
 		/**
 		 * System/Application/File backup.
 		 */
-		TSK_BACKUP (63, "TSK_BACKUP_EVENT",
+		TSK_BACKUP_EVENT (63, "TSK_BACKUP_EVENT",
 				bundle.getString("BlackboardArtifact.tskBackupEvent.text")),		
 		/**
 		 * Programs that have been deleted.
@@ -1289,7 +1289,7 @@ public enum ARTIFACT_TYPE implements SleuthkitVisitableItem {
 		/**
 		 * Activity on the System/Application.
 		 */
-		TSK_ACTIVITY(65, "TSK_USER_DEVICE_EVENT",
+		TSK_USER_DEVICE_EVENT(65, "TSK_USER_DEVICE_EVENT",
 				bundle.getString("BlackboardArtifact.tskUserDeviceEvent.text"));		
        /* To developers: For each new artifact, ensure that:
         * - The enum value has 1-line JavaDoc description