Re: [sleuthkit-users] Autopsy Case Management Gripes
Brought to you by:
carrier
From: Brian C. <ca...@sl...> - 2005-01-14 16:36:29
|
Autopsy is browser-based because I only recently started to learn how to develop "real" GUIs. HTML was quick and dirty. The original one was Apache-based, but that was a pain for installation. I agree that a backend database would be useful and potentially faster, but there are again many installation issues and complications. From what I understand, this is what pyFlag is doing. As it stands now, you can have multiple investigators working on the same system. There is no data sharing though. I.e. the notes from one investigator are not shared with another. This could be changed so that all notes go to a common location and the note identifies which person created it. This is an easy change. brian On Jan 12, 2005, at 6:22 PM, Paul Stillwell wrote: > Hi Brian, > > Thanks for asking! Although my suggestion may not seem directly > related to > workflow, when you think about a team of investigators, their > collaboration > and the ability to audit the actions of each investigator, it could be > useful. Therefore, I toss it into the ring for discussion. It is one > of the > things that has always made me wonder, "why wasn't it done this way?" > and > their could be some good reasons for it :-) > > Autopsy uses a browser based UI. However, it is designed to be > primarily a > single user application. Why not add multi-user support in order to > facilitate the sharing of high-performance hardware? It could have a > huge > impact on the productivity of a group of investigators if Autopsy ran > more as > a server application. This may require some drastic re-design of the > application itself perhaps rewriting it for Apache & PHP which would > also > facilitate (necessitate?) the addition of MySQL (maybe something > lighter?) > for database functionality. I could see this being a benefit > particularly > for searching timelines & strings, and storing a user's favorite > queries etc. > > Would it be faster? I don't know. But it allows a more distributed > architecture. Sometimes the use of databases and extra layers of > stuff can > add more delay, complexity and administrivia than the perceived > benefits that > make them worthwhile. > > This suggestion may not be as easy to implement as it is to type in an > email ;-) It would most certainly make things more challenging to get > the > application up and running. One of the things I like the most about > TSK/Autopsy is the ease with which installation is performed. > > Paul > > On Wednesday 12 January 2005 14:36, Brian Carrier wrote: >> I'm looking for input and suggestions. TSK v2 now supports disk >> images, split images, and will soon support other formats. It also >> autodetects the file system and partition types (I really should have >> done that a long time ago). Now I need to redo the case management >> part of autopsy to work these features in. While I am at it, I want >> to >> know what people hate about the case management or any suggestions >> that >> people have to make it better. >> >> The new basic design will be that you give the path to the >> disk/partition image and Autopsy will identify the image type and what >> file systems are in a disk image. You can change the settings and add >> a known MD5 and then the image will be imported. You will also be >> able to manually define the locations of partitions. >> >> I am planning on having a "recent" list on the front page that allows >> you to bypass the Case and Host opening. >> >> Any ideas, suggestions, or opinions? >> >> brian >> >> >> >> ------------------------------------------------------- >> The SF.Net email is sponsored by: Beat the post-holiday blues >> Get a FREE limited edition SourceForge.net t-shirt from ThinkGeek. >> It's fun and FREE -- well, almost....http://www.thinkgeek.com/sfshirt >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org |