Re: [sleuthkit-users] Autopsy Users / Version
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy Users / Version
|
From: Billy P. <bg...@gm...> - 2014-11-19 15:24:57
|
Richard, I think a generic bookmark/tag checkbox is fine to start. When the item is checked, it goes into a tree location for "bookmarks' that you can go look at all your bookmarked items. From here if you wanted to classify a category "Needs further review" or "Fraud Evidence" (etc) you could do that. I find the multiple section to be non-user friendly. This would mean that I would need to mentally keep track of the files I want to tag and then go back and select them all. If I am looking at pictures and there is 1000 clip art or pointless pictures and 5 non-similarly named evidence pictures, I would have to wade through the pics to find my 5 important pictures. I am not looking for a new version tomorrow, I am looking to try and help make Autopsy the best it can be and this to me is something that users would enjoy as it would make their lives easier. Billy On Wed, Nov 19, 2014 at 6:57 AM, Richard Cordovano <rco...@ba... > wrote: > Simson, not being a Mac user, I was not aware of the tagging feature of > the OSX UI. Thanks for the idea. I will add it to the notes for this issue > in our issue tracking system. I can also imagine adding menu items for the > existing tags to the first level of the context (right-click) menu. This > could be the new implementation of the "quick tag" feature, while still > allowing for the "tag and comment" feature. Of course, this would get > unwieldy if someone defined a large number of tags. > > As an alternative to popping up tag definition dialogs from the context > menu, I'm wondering if having a separate UI, perhaps an options panel, for > defining tags might fit in well with the NetBean RCP (rich client platform) > framework with which Autopsy is built, while also being less cumbersome. > > Billy, I'm not sure I fully understand your suggestion. Thinking about > your use case, something that we can consider is adding a column to the > table results viewer with a check box just for the predefined "Bookmark" > tag. This could be a way to make for a sort of quick tagging capability. > You could then select the Bookmark tagged items in the tree view and sort > them further with additional tags. > > Tagging can still be fairly quick with the current implementation, though. > Is everyone aware of the ability to do multiple selection in the table > view, a feature I added about a year ago? Billy, you might feel less pain > if you select everything you want to bookmark, then tag them all in one go. > > I should also mention that the digital forensics team at Basis is pretty > busy with customer paid work right now, so changes to the tagging feature > by Basis staff are not on the horizon yet. > > > > > On Mon, Nov 17, 2014 at 12:34 PM, Billy Pronovost <bg...@gm...> > wrote: > >> Simson, >> >> This is an interesting concept. I am a Mac user, I do understand, but I >> still don't use it. Mostly because I filter my stuff in folders already so >> the Tag seems redundant. >> >> I guess the only difference I would want to point out for Autopsy is that >> I am looking for a quick way to "tag" an item and move on and that is why a >> check box would be beneficial (because I can hit the space bar and tag the >> item and move on with the arrow keys). >> >> This method you described might be good for the next step of going back >> to my tagged items section, and filtering the items by putting them into >> categories. Your method would allow me to select multiple files at one time >> and categorize them from an easy dropdown menu. Also, having this dropdown >> available in the evidence window would allow someone that didn't just want >> to tag an item (like me) to select a file and tag/categorize it from here. >> If someone does this, then the Checkbox should automatically be checked by >> the system when a category is attached to a file. >> >> Make sense? >> >> Billy >> >> On Mon, Nov 17, 2014 at 8:17 AM, Simson Garfinkel <si...@gm...> >> wrote: >> >>> Richard, >>> >>> For a tag UI, you might look at how tags are implemented in MacOS 10.10. >>> There's a "tag" button that brings up an interface that allows people to >>> specify new tags or choose from an existing one: >>> >>> >>> New tags are created by simply typing their names: >>> >>> >>> Tags can then be listed whenever file names are shown: >>> >>> >>> However, it is worth pointing out that the vast majority of OSX users do >>> not understand about the tag feature and do not use it. >>> >>> >>> >>> >>> On Nov 17, 2014, at 7:14 AM, Richard Cordovano <rco...@ba...> >>> wrote: >>> >>> Tags in general are intended to allow a user to flag files or results of >>> interest. Tags have names (e.g., Bookmark) so that files or results can be >>> classified into different categories. Bookmark is actually just a >>> predefined tag. So it's not Bookmark vs. tag - Bookmark is a tag. >>> >>> In addition to the ability to only include items with particular tags in >>> reports, you can also see what items fall under what tags in the tree view >>> on the left hand side of the main Autopsy window. This allows you to select >>> a group of items with the same tag and view them in the table and thumbnail >>> views to the right of the tree view. >>> >>> The UI for tags is definitely cumbersome. We already have a "story" in >>> our internal issue tracking system at Basis Technology about making tagging >>> more streamlined. >>> >>> The idea of having columns with check boxes in the table view is >>> interesting. I think we would have difficulty scaling this up though. Let's >>> say a user defines ten tags. A column for each tag would crowd out the >>> actual data being displayed. This is not purely hypothetical; I know of at >>> least one use case which requires five tags to do what the user needs to do >>> with tagging. >>> >>> Richard Cordovano >>> Basis Technology >>> >>> >>> >>> On Sun, Nov 16, 2014 at 10:48 PM, Billy Pronovost <bg...@gm...> >>> wrote: >>> >>>> Hello TSK users... I had a question and a comment/suggestion. >>>> >>>> What is the intended purpose of Bookmark and Tag (or versus)? >>>> >>>> I get that Bookmarking is putting the item into the Report, but what >>>> about >>>> Tag? >>>> >>>> For me, it seems like it should be just "tagging" and item, but I know >>>> that >>>> Bookmarking is a common term for forensic programs. >>>> >>>> Whatever the term is going to be, I really wish there was just a column >>>> with a check box for this action. It is ridiculous to have to go >>>> through a >>>> secondary click menu when this is one of the most common functions of an >>>> investigation (marking an item for a report). >>>> >>>> What are the chances people agree with me and we could see a feature >>>> like >>>> this in the next version? >>>> >>>> Thanks for your time. >>>> >>>> Billy >>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >>>> more >>>> Get technology previously reserved for billion-dollar corporations, FREE >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk >>>> _______________________________________________ >>>> sleuthkit-users mailing list >>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>> http://www.sleuthkit.org >>>> >>>> >>> >>> ------------------------------------------------------------------------------ >>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>> with Interactivity, Sharing, Native Excel Exports, App Integration & more >>> Get technology previously reserved for billion-dollar corporations, FREE >>> >>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk_______________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >>> >>> >>> >> > |
