Re: [sleuthkit-users] Newbie question on autopsy3

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

On Sep 4, 2013, at 6:58 AM, Brian Carrier <ca...@sl...> wrote:

> 
> On Sep 3, 2013, at 5:12 PM, Netexpress <Net...@ti...> wrote:
> 
>> 2-      If I use keyword search on top on right I get this message: “No files are indexed, please index an image before searching” who can i do?
> 
> Was the Keyword Search ingest module enabled when you added the disk image.  It is responsible for adding files to the index.  If it was enabled, you may need to wait (I'll review that message to see if it can be made more clear). The currently released version of Autopsy "commits" its index every 10 minutes while ingest is occurring.  The faster you commit, the longer the ingest takes.  The next version changes that value to 5 minutes.  That means that for 10 minutes, new files will not be visible to you in the index.  I think we updated the message to be more clear about why there are no results, but I'll double check. 

I just updated the message to be more detailed if the search is conducted when ingest is ongoing and there are no files. 