Re: [sleuthkit-users] Keyword Searching for three letter term results in Please Wait
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Keyword Searching for three letter term results in Please Wait
|
From: Brian C. <ca...@sl...> - 2014-04-18 12:02:12
|
Thanks Matt.
As a side note, if you enter keywords as part of a list during ingest, they will be shown under the name of the list in the tree. The "Single Literal Keyword Search" node is for terms that are entered in the upper right.
While Autopsy is loaded, can you launch a web browser and enter the following into it:
http://localhost:23232/solr/coreCase/select?q=FDA
This doesn't try to show all results, so it maybe faster.
thanks,
brian
On Apr 17, 2014, at 5:25 PM, MATT PIERCE <mat...@ad...> wrote:
> It is an ongoing litigation so I’m being careful with the context.
>
> I used Robocopy to extract all the document types and preserve file locations. The extracted files were then entered into the Case.
> I am rerunning the keyword ingest process.
>
> Say my Keyword list was:
> FDA
> Federal
> Drug
> Administration
>
> I’m using normal search and I’m using the basic three letters no punctuation. I can search on the last three elements via the keyword search bar with no issues. The first generates the Please Wait. I reran ingest using my keyword list and the FDA keyword did not create a Single Literal Keyword Search entry. I added the keyword /^fda$/as a search term and reran ingest with it flaged as regex.
>
>
> Here is the Keyword Indexing Result
> Files with known types
> 1883
> Files with general strings extracted
> 76
> Metadata only was indexed
> 561
> Error (indexer)
> 0
> Error (text extraction)
> 0
> Error (I/O)
> 0
>
> I do not see a Keyword Snipit option in Options/Keyword Seach.
>
>
> From: Jason Letourneau [mailto:jle...@ba...]
> Sent: Thursday, April 17, 2014 9:46 AM
> To: MATT PIERCE
> Cc: sle...@li...
> Subject: Re: [sleuthkit-users] Keyword Searching for three letter term results in Please Wait
>
> Hi Matt -
>
> It's tough to know precisely based on the information we have, but have you tried adding your search term as part of a keyword list and re-running ingest? If you have logs ( Help > About > Userdir:) that you can share, that would help us see if something is throwing an error.
>
> Another thing I notice is that in searching for acronyms with periods at the end of them, the trailing period is ignored in the actual hits. For instance, Ms. will return matches for any occurrence of ms, likewise, m.s. will match occurrences for "m.s" - I am not sure if either of these help with your particular issue, but it could be that you have more hits than you expect based on this and loading is taking more time than expected as highlighting the keyword hits and showing a preview turns out to be a somewhat intensive process.
>
> Jason
>
>
>
>
>
>
> ------------------------------------------------
>
> Jason Letourneau
> Product Manager, Digital Forensics
> Basis Technology
> jle...@ba...
> 617-386-2000 ext. 152
>
>
>
>
> On Apr 17, 2014, at 9:35 AM, MATT PIERCE <mat...@ad...> wrote:
>
>
> I’m sorry to repost but I was hoping someone could explain why my keyword search didn’t progress.
>
>
>
> From: MATT PIERCE
> Sent: Monday, April 14, 2014 4:15 PM
> To: sle...@li...
> Subject: Keyword Searching for three letter term results in Please Wait
>
>
> I’m running Autopsy 3.0.9. I have imported two directories worth of extracted files from a workstation under ediscovery. I can run various keyword searches and get appropriate responses. When I search for a three letter acronym relevant to the case I get “Please Wait” the search never returns from that state. Does anyone have any guidance?
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
>
> ------------------------------------------------------------------------------
> Learn Graph Databases - Download FREE O'Reilly Book
> "Graph Databases" is the definitive new guide to graph databases and their
> applications. Written by three acclaimed leaders in the field,
> this first edition is now available. Download your free book today!
> http://p.sf.net/sfu/NeoTech_______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org
|
