Difference between revisions of "Adding Artifacts and Attributes"

Latest revision as of 08:15, 29 January 2015

This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy. Follow these before making a pull request.

TSK:
- C++ Framework Code:
  - Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
  - Update the appropriate map in framework/tsk/framework/services/TskBlackboard.cpp
- Java Code:
  - Add Artifacts to:
    - bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
  - Add Attributes to:
    - bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
    - Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.
  - For either, you will need to update the bundle file with the strings:
    - bindings/java/src/org/sleuthkit/datamodel/Bundle.properties

Autopsy:
- Update report code to make artifact visible in table:
  - Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
    - getArtifactTableColumnHeaders()
    - getOrderedRowDataAsStrings()
- (Optional) For new artifacts - create a custom icon for the HTML report
  - Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
    - useDataTypeIcon()
  - Icons stored in Core/src/org/sleuthkit/autopsy/report/images

Wiki:
- Add a description of the new artifact or attribute to Artifact Examples

@@ Line 1: / Line 1: @@
 This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy.  Follow these before making a pull request.
-* C++ Framework Code:
+* '''TSK:'''
-** Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
+** C++ Framework Code:
-* Java Code:
+*** Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
-** Add Artifacts to:
+*** Update the appropriate map in framework/tsk/framework/services/TskBlackboard.cpp
-*** bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
+** Java Code:
-** Add Attributes to
+*** Add Artifacts to:
-*** bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+**** bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
-*** Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.
+*** Add Attributes to:
-** For either, you will need to update the bundle file with the strings:
+**** bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
-*** bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+**** Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.
-* Autopsy:
+*** For either, you will need to update the bundle file with the strings:
+**** bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+* '''Autopsy:'''
 ** Update report code to make artifact visible in table:
 *** Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
 **** getArtifactTableColumnHeaders()
 **** getOrderedRowDataAsStrings()
+** (Optional) For new artifacts - create a custom icon for the HTML report
+*** Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
+**** useDataTypeIcon()
+*** Icons stored in Core/src/org/sleuthkit/autopsy/report/images
+* '''Wiki:'''
+** Add a description of the new artifact or attribute to [[Artifact Examples]]

Difference between revisions of "Adding Artifacts and Attributes"

Latest revision as of 08:15, 29 January 2015

Navigation menu

Views

Personal tools

Navigation

Search

Tools