Re: [sleuthkit-users] Default Timeline Scaling

[Simson G. <si...@ac...>]

Have a switch to allow either.

Sent from my iPad

> On Sep 15, 2014, at 4:47 PM, Brian Carrier <ca...@sl...> wrote:
> 
> As many of you may know, we've been working on a new timeline viewer for Autopsy as part of a DHS S&T contract. It's got some really cool features and I'm looking for some feedback on default settings.  One view has bar graphs to show "how many things occurred in a given time frame". The primary use case was to answer questions about knowing when and how often the system was used.  There is another view that provides details.
> 
> My question is if linear or logarithmic scale is better as a default.  In the bar chart, there are differently colored sections for file system activity, web activity, and "other" activity.  There will be more bars as we add more features. Linear allows you to compare the size of each bar, but it means that many bars are not visible. Logarithmic is not as intuitive for people, but it allows you to see more of the bars.  Below is an example.  The Linear view doesn't show any of the blue bars.  As a reference on the final bar in the log scale, the red bar has 53,000 events, the green has 3,500, and the blue has 54. 
> 
> 
> My vote is to have log scale be the default so that you can see that there is web activity even though there is far less than file system times, but I wanted to get feedback before we did that.  Votes?
> 
> 
> <tl_lin.png><tl_log.png>
> ------------------------------------------------------------------------------
> Want excitement?
> Manually upgrade your production database.
> When you want reliability, choose Perforce
> Perforce version control. Predictably reliable.
> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk
> _______________________________________________
> sleuthkit-users mailing list
> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users
> http://www.sleuthkit.org