Difference between revisions of "Adding Artifacts and Attributes"

From SleuthKitWiki
Jump to: navigation, search
(Created page with "This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy. Follow these before making a pull request. * C++ Framework Code: ...")
 
Line 1: Line 1:
 
This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy.  Follow these before making a pull request.  
 
This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy.  Follow these before making a pull request.  
  
* C++ Framework Code:
+
* '''TSK:'''
** Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
+
** C++ Framework Code:
* Java Code:
+
*** Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
** Add Artifacts to:
+
*** Update the appropriate map in framework/tsk/framework/services/TskBlackboard.cpp
*** bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
+
** Java Code:
** Add Attributes to
+
*** Add Artifacts to:
*** bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
+
**** bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
*** Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.  
+
*** Add Attributes to
** For either, you will need to update the bundle file with the strings:
+
**** bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
*** bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
+
**** Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.  
* Autopsy:
+
*** For either, you will need to update the bundle file with the strings:
 +
**** bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
 +
 
 +
* '''Autopsy:'''
 
** Update report code to make artifact visible in table:
 
** Update report code to make artifact visible in table:
 
*** Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
 
*** Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
 
**** getArtifactTableColumnHeaders()
 
**** getArtifactTableColumnHeaders()
 
**** getOrderedRowDataAsStrings()
 
**** getOrderedRowDataAsStrings()
 +
** (Optional) For new artifacts - create a custom icon for the HTML report
 +
*** Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
 +
*** Icons stored in Core/src/org/sleuthkit/autopsy/report/images
 +
 +
* '''Wiki:'''
 +
** Add a description of the new artifact or attribute to [[Artifact Examples]]

Revision as of 08:13, 29 January 2015

This page outlines the steps that you need to undertake to add a new artifact or attribute to TSK/Autopsy. Follow these before making a pull request.

  • TSK:
    • C++ Framework Code:
      • Add to TSK_ARTIFACT_TYPE or TSK_ATTRIBUTE_TYPE enums in framework/tsk/framework/services/TskBlackboard.h
      • Update the appropriate map in framework/tsk/framework/services/TskBlackboard.cpp
    • Java Code:
      • Add Artifacts to:
        • bindings/java/src/org/sleuthkit/datamodel/BlackboardArtifact.java
      • Add Attributes to
        • bindings/java/src/org/sleuthkit/datamodel/BlackboardAttribute.java
        • Update BlackboardAttribute.getDisplayString() if the attribute needs any special display formatting.
      • For either, you will need to update the bundle file with the strings:
        • bindings/java/src/org/sleuthkit/datamodel/Bundle.properties
  • Autopsy:
    • Update report code to make artifact visible in table:
      • Core/src/org/sleuthkit/autopsy/report/ReportGenerator.java
        • getArtifactTableColumnHeaders()
        • getOrderedRowDataAsStrings()
    • (Optional) For new artifacts - create a custom icon for the HTML report
      • Core/src/org/sleuthkit/autopsy/report/ReportHTML.java
      • Icons stored in Core/src/org/sleuthkit/autopsy/report/images