Difference between revisions of "Adding Artifacts and Attributes"
From SleuthKitWiki
(Created page with "This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy. Follow these before making a pull request. * C++ Framework Code: ...") |
(No difference)
|
Revision as of 12:01, 27 January 2015
This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy. Follow these before making a pull request.
- C++ Framework Code:
- Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
- Java Code:
- Add Artifacts to:
- bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
- Add Attributes to
- bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
- Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.
- For either, you will need to update the bundle file with the strings:
- bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
- Add Artifacts to:
- Autopsy:
- Update report code to make artifact visible in table:
- Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
- getArtifactTableColumnHeaders()
- getOrderedRowDataAsStrings()
- Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
- Update report code to make artifact visible in table:
