Skip to content
Snippets Groups Projects
Commit fd89b2ad authored by Raman Arora's avatar Raman Arora
Browse files

Merge branch 'develop' of https://github.com/sleuthkit/sleuthkit into 4126-wellknown-sids

parents 288379d5 0cb63ed2
No related branches found
No related tags found
No related merge requests found
...@@ -52,7 +52,7 @@ Details about System/aplication/file backups. ...@@ -52,7 +52,7 @@ Details about System/aplication/file backups.
TSK_DATETIME TSK_DATETIME
### OPTIONAL ATTRIBUTES ### OPTIONAL ATTRIBUTES
- TSK_DATETIME_ENDED (Date/Time the backup ended) - TSK_DATETIME_END (Date/Time the backup ended)
...@@ -547,7 +547,7 @@ Details about an operating system recovered from the data source. ...@@ -547,7 +547,7 @@ Details about an operating system recovered from the data source.
--- ---
## TSK_PROG_NOTIFICATION ## TSK_PROG_NOTIFICATIONS
Notifications to the user. Notifications to the user.
### REQUIRED ATTRIBUTES ### REQUIRED ATTRIBUTES
......
...@@ -321,7 +321,7 @@ TimelineLevelOfDetail.medium=Medium ...@@ -321,7 +321,7 @@ TimelineLevelOfDetail.medium=Medium
TimelineLevelOfDetail.high=High TimelineLevelOfDetail.high=High
BaseTypes.fileSystem.name=File System BaseTypes.fileSystem.name=File System
BaseTypes.webActivity.name=Web Activity BaseTypes.webActivity.name=Web Activity
BaseTypes.miscTypes.name=Misc Types BaseTypes.miscTypes.name=Miscellaneous
FileSystemTypes.fileModified.name=File Modified FileSystemTypes.fileModified.name=File Modified
FileSystemTypes.fileAccessed.name=File Accessed FileSystemTypes.fileAccessed.name=File Accessed
FileSystemTypes.fileCreated.name=File Created FileSystemTypes.fileCreated.name=File Created
...@@ -329,8 +329,10 @@ FileSystemTypes.fileChanged.name=File Changed ...@@ -329,8 +329,10 @@ FileSystemTypes.fileChanged.name=File Changed
MiscTypes.message.name=Messages MiscTypes.message.name=Messages
MiscTypes.GPSRoutes.name=GPS Routes MiscTypes.GPSRoutes.name=GPS Routes
MiscTypes.GPSTrackpoint.name=GPS Trackpoint MiscTypes.GPSTrackpoint.name=GPS Trackpoint
MiscTypes.Calls.name=Calls MiscTypes.Calls.name=Call Start
MiscTypes.Email.name=Email MiscTypes.CallsEnd.name=Call End
MiscTypes.Email.name=Email Sent
MiscTypes.EmailRcvd.name=Email Received
MiscTypes.recentDocuments.name=Recent Documents MiscTypes.recentDocuments.name=Recent Documents
MiscTypes.installedPrograms.name=Installed Programs MiscTypes.installedPrograms.name=Installed Programs
MiscTypes.exif.name=Exif MiscTypes.exif.name=Exif
...@@ -347,12 +349,17 @@ MiscTypes.metadataCreated.name=Document Created ...@@ -347,12 +349,17 @@ MiscTypes.metadataCreated.name=Document Created
MiscTypes.programexecuted.name=Program Execution MiscTypes.programexecuted.name=Program Execution
RootEventType.eventTypes.name=Event Types RootEventType.eventTypes.name=Event Types
WebTypes.webDownloads.name=Web Downloads WebTypes.webDownloads.name=Web Downloads
WebTypes.webCookies.name=Web Cookies WebTypes.webCookies.name=Web Cookies Create
WebTypes.webCookiesAccessed.name=Web Cookies Accessed
WebTypes.webCookiesStart.name=Web Cookies Start
WebTypes.webCookiesEnd.name=Web Cookies End
WebTypes.webBookmarks.name=Web Bookmarks WebTypes.webBookmarks.name=Web Bookmarks
WebTypes.webHistory.name=Web History WebTypes.webHistory.name=Web History
WebTypes.webSearch.name=Web Searches WebTypes.webSearch.name=Web Searches
WebTypes.webFormAutoFill.name=Web Form Autofill WebTypes.webFormAutoFill.name=Web Form Autofill Created
WebTypes.webFormAddress.name=Web Form Address WebTypes.webFormAddress.name=Web Form Address Created
WebTypes.webFormAddressModified.name=Web Form Address Modified
WebTypes.webFormAutofillAccessed.name=Web Form Autofill Accessed
CustomTypes.other.name=Standard Types CustomTypes.other.name=Standard Types
CustomTypes.userCreated.name=Custom Types CustomTypes.userCreated.name=Custom Types
BaseTypes.customTypes.name=Other BaseTypes.customTypes.name=Other
...@@ -378,4 +385,29 @@ OsAccountType.Service.text=Service ...@@ -378,4 +385,29 @@ OsAccountType.Service.text=Service
OsAccountType.Interactive.text=Interactive OsAccountType.Interactive.text=Interactive
OsAccountInstanceType.PerformedActionOn.text=Account owner performed action on the host. OsAccountInstanceType.PerformedActionOn.text=Account owner performed action on the host.
OsAccountInstanceType.ReferencedOn.text=Account was referenced on on the host. OsAccountInstanceType.ReferencedOn.text=Account was referenced on on the host.
TimelineEventType.BackupEvent.txt=Backup Event
TimelineEventType.BackupEventStart.txt=Backup Event Start
TimelineEventType.BackupEventEnd.txt=Backup Event End
TimelineEventType.BackupEvent.description=Backup Event
TimelineEventType.BackupEvent.description.start=Backup Event Started
TimelineEventType.BackupEvent.description.end=Backup Event Ended
TimelineEventType.BluetoothPairing.txt=Bluetooth Pairing
TimelineEventType.CalendarEntryStart.txt=Calendar Entry Start
TimelineEventType.CalendarEntryEnd.txt=Calendar Entry End
TimelineEventType.DeletedProgram.txt=Program Deleted
TimelineEventType.DeletedProgramDeleted.txt=Application Deleted
TimelineEventType.OSAccountAccessed.txt=Operating System Account Accessed
TimelineEventType.OSAccountCreated.txt=Operating System Account Created
TimelineEventType.OSAccountPwdFail.txt=Operating System Account Password Fail
TimelineEventType.OSAccountPwdReset.txt=Operating System Account Password Reset
TimelineEventType.OSInfo.txt=Operating System Information
TimelineEventType.ProgramNotification.txt=Program Notification
TimelineEventType.ScreenShot.txt=Screen Shot
TimelineEventType.UserDeviceEvent.txt=User Device Event
TimelineEventType.UserDeviceEventStart.txt=User Device Event Start
TimelineEventType.UserDeviceEventEnd.txt=User Device Event End
TimelineEventType.ServiceAccount.txt=Service Account
TimelineEventType.WIFINetwork.txt=Wifi Network
BaseTypes.geolocation.name=Geolocation
BaseTypes.communication.name=Communication
...@@ -321,7 +321,7 @@ TimelineLevelOfDetail.medium=Medium ...@@ -321,7 +321,7 @@ TimelineLevelOfDetail.medium=Medium
TimelineLevelOfDetail.high=High TimelineLevelOfDetail.high=High
BaseTypes.fileSystem.name=File System BaseTypes.fileSystem.name=File System
BaseTypes.webActivity.name=Web Activity BaseTypes.webActivity.name=Web Activity
BaseTypes.miscTypes.name=Misc Types BaseTypes.miscTypes.name=Miscellaneous
FileSystemTypes.fileModified.name=File Modified FileSystemTypes.fileModified.name=File Modified
FileSystemTypes.fileAccessed.name=File Accessed FileSystemTypes.fileAccessed.name=File Accessed
FileSystemTypes.fileCreated.name=File Created FileSystemTypes.fileCreated.name=File Created
...@@ -329,8 +329,10 @@ FileSystemTypes.fileChanged.name=File Changed ...@@ -329,8 +329,10 @@ FileSystemTypes.fileChanged.name=File Changed
MiscTypes.message.name=Messages MiscTypes.message.name=Messages
MiscTypes.GPSRoutes.name=GPS Routes MiscTypes.GPSRoutes.name=GPS Routes
MiscTypes.GPSTrackpoint.name=GPS Trackpoint MiscTypes.GPSTrackpoint.name=GPS Trackpoint
MiscTypes.Calls.name=Calls MiscTypes.Calls.name=Call Start
MiscTypes.Email.name=Email MiscTypes.CallsEnd.name=Call End
MiscTypes.Email.name=Email Sent
MiscTypes.EmailRcvd.name=Email Received
MiscTypes.recentDocuments.name=Recent Documents MiscTypes.recentDocuments.name=Recent Documents
MiscTypes.installedPrograms.name=Installed Programs MiscTypes.installedPrograms.name=Installed Programs
MiscTypes.exif.name=Exif MiscTypes.exif.name=Exif
...@@ -347,12 +349,17 @@ MiscTypes.metadataCreated.name=Document Created ...@@ -347,12 +349,17 @@ MiscTypes.metadataCreated.name=Document Created
MiscTypes.programexecuted.name=Program Execution MiscTypes.programexecuted.name=Program Execution
RootEventType.eventTypes.name=Event Types RootEventType.eventTypes.name=Event Types
WebTypes.webDownloads.name=Web Downloads WebTypes.webDownloads.name=Web Downloads
WebTypes.webCookies.name=Web Cookies WebTypes.webCookies.name=Web Cookies Create
WebTypes.webCookiesAccessed.name=Web Cookies Accessed
WebTypes.webCookiesStart.name=Web Cookies Start
WebTypes.webCookiesEnd.name=Web Cookies End
WebTypes.webBookmarks.name=Web Bookmarks WebTypes.webBookmarks.name=Web Bookmarks
WebTypes.webHistory.name=Web History WebTypes.webHistory.name=Web History
WebTypes.webSearch.name=Web Searches WebTypes.webSearch.name=Web Searches
WebTypes.webFormAutoFill.name=Web Form Autofill WebTypes.webFormAutoFill.name=Web Form Autofill Created
WebTypes.webFormAddress.name=Web Form Address WebTypes.webFormAddress.name=Web Form Address Created
WebTypes.webFormAddressModified.name=Web Form Address Modified
WebTypes.webFormAutofillAccessed.name=Web Form Autofill Accessed
CustomTypes.other.name=Standard Types CustomTypes.other.name=Standard Types
CustomTypes.userCreated.name=Custom Types CustomTypes.userCreated.name=Custom Types
BaseTypes.customTypes.name=Other BaseTypes.customTypes.name=Other
...@@ -378,4 +385,29 @@ OsAccountType.Service.text=Service ...@@ -378,4 +385,29 @@ OsAccountType.Service.text=Service
OsAccountType.Interactive.text=Interactive OsAccountType.Interactive.text=Interactive
OsAccountInstanceType.PerformedActionOn.text=Account owner performed action on the host. OsAccountInstanceType.PerformedActionOn.text=Account owner performed action on the host.
OsAccountInstanceType.ReferencedOn.text=Account was referenced on on the host. OsAccountInstanceType.ReferencedOn.text=Account was referenced on on the host.
TimelineEventType.BackupEvent.txt=Backup Event
TimelineEventType.BackupEventStart.txt=Backup Event Start
TimelineEventType.BackupEventEnd.txt=Backup Event End
TimelineEventType.BackupEvent.description=Backup Event
TimelineEventType.BackupEvent.description.start=Backup Event Started
TimelineEventType.BackupEvent.description.end=Backup Event Ended
TimelineEventType.BluetoothPairing.txt=Bluetooth Pairing
TimelineEventType.CalendarEntryStart.txt=Calendar Entry Start
TimelineEventType.CalendarEntryEnd.txt=Calendar Entry End
TimelineEventType.DeletedProgram.txt=Program Deleted
TimelineEventType.DeletedProgramDeleted.txt=Program Deleted 2
TimelineEventType.OSAccountAccessed.txt=Operating System Account Accessed
TimelineEventType.OSAccountCreated.txt=Operating System Account Created
TimelineEventType.OSAccountPwdFail.txt=Operating System Account Password Fail
TimelineEventType.OSAccountPwdReset.txt=Operating System Account Password Reset
TimelineEventType.OSInfo.txt=Operating System Information
TimelineEventType.ProgramNotification.txt=Program Notification
TimelineEventType.ScreenShot.txt=Screen Shot
TimelineEventType.UserDeviceEvent.txt=User Device Event
TimelineEventType.UserDeviceEventStart.txt=User Device Event Start
TimelineEventType.UserDeviceEventEnd.txt=User Device Event End
TimelineEventType.ServiceAccount.txt=Service Account
TimelineEventType.WIFINetwork.txt=Wifi Network
BaseTypes.geolocation.name=Geolocation
BaseTypes.communication.name=Communication
...@@ -39,12 +39,11 @@ public TimelineEventDescriptionWithTime makeEventDescription(BlackboardArtifact ...@@ -39,12 +39,11 @@ public TimelineEventDescriptionWithTime makeEventDescription(BlackboardArtifact
BlackboardAttribute timeAttribute = artifact.getAttribute(getDateTimeAttributeType()); BlackboardAttribute timeAttribute = artifact.getAttribute(getDateTimeAttributeType());
if (timeAttribute == null) { if (timeAttribute == null) {
logger.log(Level.WARNING, "Artifact {0} has no date/time attribute, skipping it.", artifact.toString()); // NON-NLS
return null; return null;
} }
long time = timeAttribute.getValueLong(); long time = timeAttribute.getValueLong();
return new TimelineEventDescriptionWithTime(time, null, null, description); return new TimelineEventDescriptionWithTime(time, timeAttribute.getDisplayString(), null, description);
} }
TimelineEventArtifactTypeSingleDescription(int typeID, String displayName, TimelineEventArtifactTypeSingleDescription(int typeID, String displayName,
......
...@@ -41,6 +41,7 @@ ...@@ -41,6 +41,7 @@
import java.util.logging.Logger; import java.util.logging.Logger;
import java.util.stream.Collectors; import java.util.stream.Collectors;
import java.util.stream.Stream; import java.util.stream.Stream;
import org.apache.commons.lang3.StringEscapeUtils;
import org.joda.time.DateTimeZone; import org.joda.time.DateTimeZone;
import org.joda.time.Interval; import org.joda.time.Interval;
import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT; import static org.sleuthkit.datamodel.BlackboardArtifact.ARTIFACT_TYPE.TSK_TL_EVENT;
...@@ -123,13 +124,14 @@ public final class TimelineManager { ...@@ -123,13 +124,14 @@ public final class TimelineManager {
try (final CaseDbConnection con = caseDB.getConnection(); try (final CaseDbConnection con = caseDB.getConnection();
final Statement statement = con.createStatement()) { final Statement statement = con.createStatement()) {
for (TimelineEventType type : PREDEFINED_EVENT_TYPES) { for (TimelineEventType type : PREDEFINED_EVENT_TYPES) {
con.executeUpdate(statement, String query = " INTO tsk_event_types(event_type_id, display_name, super_type_id) "
insertOrIgnore(" INTO tsk_event_types(event_type_id, display_name, super_type_id) "
+ "VALUES( " + type.getTypeID() + ", '" + "VALUES( " + type.getTypeID() + ", '"
+ escapeSingleQuotes(type.getDisplayName()) + "'," + escapeSingleQuotes(type.getDisplayName()) + "',"
+ type.getParent().getTypeID() + type.getParent().getTypeID()
+ ")")); //NON-NLS + ")";
eventTypeIDMap.put(type.getTypeID(), type); con.executeUpdate(statement,
insertOrIgnore(query)); //NON-NLS
eventTypeIDMap.put(type.getTypeID(), type);
} }
} catch (SQLException ex) { } catch (SQLException ex) {
throw new TskCoreException("Failed to initialize timeline event types", ex); // NON-NLS throw new TskCoreException("Failed to initialize timeline event types", ex); // NON-NLS
...@@ -461,7 +463,7 @@ public Set<Long> getEventIDsForContent(Content content, boolean includeDerivedAr ...@@ -461,7 +463,7 @@ public Set<Long> getEventIDsForContent(Content content, boolean includeDerivedAr
* @throws TskCoreException * @throws TskCoreException
* @throws DuplicateException * @throws DuplicateException
*/ */
private long addEventDescription(long dataSourceObjId, long fileObjId, Long artifactID, private Long addEventDescription(long dataSourceObjId, long fileObjId, Long artifactID,
String fullDescription, String medDescription, String shortDescription, String fullDescription, String medDescription, String shortDescription,
boolean hasHashHits, boolean tagged, CaseDbConnection connection) throws TskCoreException, DuplicateException { boolean hasHashHits, boolean tagged, CaseDbConnection connection) throws TskCoreException, DuplicateException {
String tableValuesClause String tableValuesClause
...@@ -495,22 +497,14 @@ private long addEventDescription(long dataSourceObjId, long fileObjId, Long arti ...@@ -495,22 +497,14 @@ private long addEventDescription(long dataSourceObjId, long fileObjId, Long arti
// if no inserted rows, there is a conflict due to a duplicate event // if no inserted rows, there is a conflict due to a duplicate event
// description. If that happens, return null as no id was inserted. // description. If that happens, return null as no id was inserted.
if (row < 1) { if (row < 1) {
throw new DuplicateException(String.format( return null;
"An event description already exists for [fullDescription: %s, contentId: %d, artifactId: %s]",
fullDescription == null ? "<null>" : fullDescription,
fileObjId,
artifactID == null ? "<null>" : Long.toString(artifactID)));
} }
try (ResultSet generatedKeys = insertDescriptionStmt.getGeneratedKeys()) { try (ResultSet generatedKeys = insertDescriptionStmt.getGeneratedKeys()) {
if (generatedKeys.next()) { if (generatedKeys.next()) {
return generatedKeys.getLong(1); return generatedKeys.getLong(1);
} else { } else {
throw new DuplicateException(String.format( return null;
"An event description already exists for [fullDescription: %s, contentId: %d, artifactId: %s]",
fullDescription == null ? "<null>" : fullDescription,
fileObjId,
artifactID == null ? "<null>" : Long.toString(artifactID)));
} }
} }
} catch (SQLException ex) { } catch (SQLException ex) {
...@@ -519,6 +513,45 @@ private long addEventDescription(long dataSourceObjId, long fileObjId, Long arti ...@@ -519,6 +513,45 @@ private long addEventDescription(long dataSourceObjId, long fileObjId, Long arti
caseDB.releaseSingleUserCaseWriteLock(); caseDB.releaseSingleUserCaseWriteLock();
} }
} }
/**
* Returns an event description id for an existing event.
*
* @param dataSourceObjId Existing data source object id
* @param fileObjId Existing content object id
* @param artifactID Existing artifact id
* @param fullDescription Full event description
* @param connection Database connection
*
* @return The id of an existing description or null if none what found.
*
* @throws TskCoreException
*/
private Long getEventDescription(long dataSourceObjId, long fileObjId, Long artifactID,
String fullDescription, CaseDbConnection connection) throws TskCoreException {
String query = "SELECT event_description_id FROM tsk_event_descriptions "
+ "WHERE data_source_obj_id = " + dataSourceObjId
+ " AND content_obj_id = " + fileObjId
+ " AND artifact_id " + (artifactID != null ? " = " + artifactID : "IS null")
+ " AND full_description " + (fullDescription != null ? "= '"
+ SleuthkitCase.escapeSingleQuotes(fullDescription) + "'" : "IS null");
caseDB.acquireSingleUserCaseReadLock();
try (ResultSet resultSet = connection.createStatement().executeQuery(query)) {
if (resultSet.next()) {
long id = resultSet.getLong(1);
return id;
}
} catch (SQLException ex) {
throw new TskCoreException(String.format("Failed to get description, dataSource=%d, fileObjId=%d, artifactId=%d", dataSourceObjId, fileObjId, artifactID), ex);
} finally {
caseDB.releaseSingleUserCaseReadLock();
}
return null;
}
Collection<TimelineEvent> addEventsForNewFile(AbstractFile file, CaseDbConnection connection) throws TskCoreException { Collection<TimelineEvent> addEventsForNewFile(AbstractFile file, CaseDbConnection connection) throws TskCoreException {
Set<TimelineEvent> events = addEventsForNewFileQuiet(file, connection); Set<TimelineEvent> events = addEventsForNewFileQuiet(file, connection);
...@@ -563,27 +596,34 @@ Set<TimelineEvent> addEventsForNewFileQuiet(AbstractFile file, CaseDbConnection ...@@ -563,27 +596,34 @@ Set<TimelineEvent> addEventsForNewFileQuiet(AbstractFile file, CaseDbConnection
Set<TimelineEvent> events = new HashSet<>(); Set<TimelineEvent> events = new HashSet<>();
caseDB.acquireSingleUserCaseWriteLock(); caseDB.acquireSingleUserCaseWriteLock();
try { try {
long descriptionID = addEventDescription(file.getDataSourceObjectId(), fileObjId, null, Long descriptionID = addEventDescription(file.getDataSourceObjectId(), fileObjId, null,
description, null, null, false, false, connection); description, null, null, false, false, connection);
for (Map.Entry<TimelineEventType, Long> timeEntry : timeMap.entrySet()) { if(descriptionID == null) {
Long time = timeEntry.getValue(); descriptionID = getEventDescription(file.getDataSourceObjectId(), fileObjId, null, description, connection);
if (time > 0 && time < MAX_TIMESTAMP_TO_ADD) {// if the time is legitimate ( greater than zero and less then 12 years from current date) insert it }
TimelineEventType type = timeEntry.getKey(); if(descriptionID != null) {
long eventID = addEventWithExistingDescription(time, type, descriptionID, connection); for (Map.Entry<TimelineEventType, Long> timeEntry : timeMap.entrySet()) {
Long time = timeEntry.getValue();
/* if (time > 0 && time < MAX_TIMESTAMP_TO_ADD) {// if the time is legitimate ( greater than zero and less then 12 years from current date) insert it
* Last two flags indicating hasTags and hasHashHits are TimelineEventType type = timeEntry.getKey();
* both set to false with the assumption that this is not long eventID = addEventWithExistingDescription(time, type, descriptionID, connection);
* possible for a new file. See JIRA-5407
*/ /*
events.add(new TimelineEvent(eventID, descriptionID, fileObjId, null, time, type, * Last two flags indicating hasTags and hasHashHits are
description, null, null, false, false)); * both set to false with the assumption that this is not
} else { * possible for a new file. See JIRA-5407
if (time >= MAX_TIMESTAMP_TO_ADD) { */
logger.log(Level.WARNING, String.format("Date/Time discarded from Timeline for %s for file %s with Id %d", timeEntry.getKey().getDisplayName(), file.getParentPath() + file.getName(), file.getId())); events.add(new TimelineEvent(eventID, descriptionID, fileObjId, null, time, type,
description, null, null, false, false));
} else {
if (time >= MAX_TIMESTAMP_TO_ADD) {
logger.log(Level.WARNING, String.format("Date/Time discarded from Timeline for %s for file %s with Id %d", timeEntry.getKey().getDisplayName(), file.getParentPath() + file.getName(), file.getId()));
}
} }
} }
} else {
throw new TskCoreException(String.format("Failed to get event description for file id = %d", fileObjId));
} }
} catch (DuplicateException dupEx) { } catch (DuplicateException dupEx) {
logger.log(Level.SEVERE, "Attempt to make file event duplicate.", dupEx); logger.log(Level.SEVERE, "Attempt to make file event duplicate.", dupEx);
...@@ -788,15 +828,24 @@ private Optional<TimelineEvent> addArtifactEvent(TimelineEventDescriptionWithTim ...@@ -788,15 +828,24 @@ private Optional<TimelineEvent> addArtifactEvent(TimelineEventDescriptionWithTim
caseDB.acquireSingleUserCaseWriteLock(); caseDB.acquireSingleUserCaseWriteLock();
try (CaseDbConnection connection = caseDB.getConnection();) { try (CaseDbConnection connection = caseDB.getConnection();) {
long descriptionID = addEventDescription(dataSourceObjectID, fileObjId, artifactID, Long descriptionID = addEventDescription(dataSourceObjectID, fileObjId, artifactID,
fullDescription, medDescription, shortDescription, fullDescription, medDescription, shortDescription,
hasHashHits, tagged, connection); hasHashHits, tagged, connection);
long eventID = addEventWithExistingDescription(time, eventType, descriptionID, connection); if(descriptionID == null) {
descriptionID = getEventDescription(dataSourceObjectID, fileObjId, artifactID,
event = new TimelineEvent(eventID, dataSourceObjectID, fileObjId, artifactID, fullDescription, connection);
time, eventType, fullDescription, medDescription, shortDescription, }
hasHashHits, tagged);
if(descriptionID != null) {
long eventID = addEventWithExistingDescription(time, eventType, descriptionID, connection);
event = new TimelineEvent(eventID, dataSourceObjectID, fileObjId, artifactID,
time, eventType, fullDescription, medDescription, shortDescription,
hasHashHits, tagged);
} else {
throw new TskCoreException(String.format("Failed to get event description for file id = %d, artifactId %d", fileObjId, artifactID));
}
} finally { } finally {
caseDB.releaseSingleUserCaseWriteLock(); caseDB.releaseSingleUserCaseWriteLock();
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment