[sleuthkit-users] Feature suggestion for Autopsy
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Feature suggestion for Autopsy
|
From: esrkq y. <es...@ya...> - 2005-11-30 10:27:25
|
Hi, I recently downloaded the latest versions of tsk and autopsy and my general impression was (as a non expert user) is that it does seem to have moved on a good step since I last used it. Everything seemed to work great (I only found one bug though I admit it could be user error). The last time I used Autopsy (at the beginning of the year) there was one feature that I wished it had and when I used it again recently I again 'missed' this feature. In fact, back in January Brian posted a request for some feedback on Autopsy entitled: 'Autopsy Case Management Gripes' I posted a reply to that and one of my 'gripes' at the time was .....copy and paste begin ...... One other suggestion (not to do with case management) that would have saved me loads of time recently is having an extra button on the key word search results screen in Autopsy. The extra button would begin a batch process that would look up the filename (and extension) of every hit and put the filename next to each hit. This would save loads of time because if you are most interested in say Word Docs you could in the first instance only look at those hits that are word documents. Taking it a stage further the results could be displayed in a navigable tree form with each branch representing a different file type. At the moment you have to visit every hit and manually 'click' the MFT link to get the filename and type. I know there would be a time overhead in a batch process like this but at least it would all be done non interactively (ie you can go for some lunch while it's all happening). ---- paste finish ------- OK, maybe the navigable tree thing is a bit of a stretch but if you could sort the results by filename (and maybe also show the MD5SUM) that would be useful as the same search string is found in many instances of the same file and when browsing through the results you find yourself checking out the same text over and over. Often I find I just want to scan an individual file quickly once and if it is not relevant then ignore all other occurrences of it and move onto the next one. The few times I used Autopsy this feature would have been a real time saver. I think many users would find this feature useful (what do others think?). Back in January you suggested this feature wouldn't be a huge job to add :-) - however I realise your to do list must be huge. Anyway Brian, thankyou for this useful and enjoyable programme. Paul. ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com |
