Re: [sleuthkit-users] Autopsy Case Management Gripes
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy Case Management Gripes
|
From: Paul S. <pa...@vn...> - 2005-01-12 23:21:07
|
Hi Brian, Thanks for asking! Although my suggestion may not seem directly related to= =20 workflow, when you think about a team of investigators, their collaboration= =20 and the ability to audit the actions of each investigator, it could be=20 useful. Therefore, I toss it into the ring for discussion. It is one of t= he=20 things that has always made me wonder, "why wasn't it done this way?" and= =20 their could be some good reasons for it :-) Autopsy uses a browser based UI. However, it is designed to be primarily = a=20 single user application. Why not add multi-user support in order to=20 facilitate the sharing of high-performance hardware? It could have a huge= =20 impact on the productivity of a group of investigators if Autopsy ran more = as=20 a server application. This may require some drastic re-design of the=20 application itself perhaps rewriting it for Apache & PHP which would also=20 facilitate (necessitate?) the addition of MySQL (maybe something lighter?)= =20 for database functionality. I could see this being a benefit particularly= =20 for searching timelines & strings, and storing a user's favorite queries et= c.=20 Would it be faster? I don't know. But it allows a more distributed=20 architecture. Sometimes the use of databases and extra layers of stuff can= =20 add more delay, complexity and administrivia than the perceived benefits th= at=20 make them worthwhile. This suggestion may not be as easy to implement as it is to type in an=20 email ;-) It would most certainly make things more challenging to get the= =20 application up and running. One of the things I like the most about=20 TSK/Autopsy is the ease with which installation is performed. Paul On Wednesday 12 January 2005 14:36, Brian Carrier wrote: > I'm looking for input and suggestions. TSK v2 now supports disk > images, split images, and will soon support other formats. It also > autodetects the file system and partition types (I really should have > done that a long time ago). Now I need to redo the case management > part of autopsy to work these features in. While I am at it, I want to > know what people hate about the case management or any suggestions that > people have to make it better. > > The new basic design will be that you give the path to the > disk/partition image and Autopsy will identify the image type and what > file systems are in a disk image. You can change the settings and add > a known MD5 and then the image will be imported. You will also be > able to manually define the locations of partitions. > > I am planning on having a "recent" list on the front page that allows > you to bypass the Case and Host opening. > > Any ideas, suggestions, or opinions? > > brian > > > > ------------------------------------------------------- > The SF.Net email is sponsored by: Beat the post-holiday blues > Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. > It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
