Re: [sleuthkit-users] Autopsy Users / Version
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy Users / Version
|
From: Richard C. <rco...@ba...> - 2014-11-19 15:31:27
|
Billy, thanks for the input! I also want Autopsy to be the best it can be. It just might take awhile to get there. ;-) On Wed, Nov 19, 2014 at 10:24 AM, Billy Pronovost <bg...@gm...> wrote: > Richard, > > I think a generic bookmark/tag checkbox is fine to start. When the item is > checked, it goes into a tree location for "bookmarks' that you can go look > at all your bookmarked items. From here if you wanted to classify a > category "Needs further review" or "Fraud Evidence" (etc) you could do > that. > > I find the multiple section to be non-user friendly. This would mean that > I would need to mentally keep track of the files I want to tag and then go > back and select them all. If I am looking at pictures and there is 1000 > clip art or pointless pictures and 5 non-similarly named evidence pictures, > I would have to wade through the pics to find my 5 important pictures. > > I am not looking for a new version tomorrow, I am looking to try and help > make Autopsy the best it can be and this to me is something that users > would enjoy as it would make their lives easier. > > Billy > > On Wed, Nov 19, 2014 at 6:57 AM, Richard Cordovano < > rco...@ba...> wrote: > >> Simson, not being a Mac user, I was not aware of the tagging feature of >> the OSX UI. Thanks for the idea. I will add it to the notes for this issue >> in our issue tracking system. I can also imagine adding menu items for the >> existing tags to the first level of the context (right-click) menu. This >> could be the new implementation of the "quick tag" feature, while still >> allowing for the "tag and comment" feature. Of course, this would get >> unwieldy if someone defined a large number of tags. >> >> As an alternative to popping up tag definition dialogs from the context >> menu, I'm wondering if having a separate UI, perhaps an options panel, for >> defining tags might fit in well with the NetBean RCP (rich client platform) >> framework with which Autopsy is built, while also being less cumbersome. >> >> Billy, I'm not sure I fully understand your suggestion. Thinking about >> your use case, something that we can consider is adding a column to the >> table results viewer with a check box just for the predefined "Bookmark" >> tag. This could be a way to make for a sort of quick tagging capability. >> You could then select the Bookmark tagged items in the tree view and sort >> them further with additional tags. >> >> Tagging can still be fairly quick with the current implementation, >> though. Is everyone aware of the ability to do multiple selection in the >> table view, a feature I added about a year ago? Billy, you might feel less >> pain if you select everything you want to bookmark, then tag them all in >> one go. >> >> I should also mention that the digital forensics team at Basis is pretty >> busy with customer paid work right now, so changes to the tagging feature >> by Basis staff are not on the horizon yet. >> >> >> >> >> On Mon, Nov 17, 2014 at 12:34 PM, Billy Pronovost <bg...@gm...> >> wrote: >> >>> Simson, >>> >>> This is an interesting concept. I am a Mac user, I do understand, but I >>> still don't use it. Mostly because I filter my stuff in folders already so >>> the Tag seems redundant. >>> >>> I guess the only difference I would want to point out for Autopsy is >>> that I am looking for a quick way to "tag" an item and move on and that is >>> why a check box would be beneficial (because I can hit the space bar and >>> tag the item and move on with the arrow keys). >>> >>> This method you described might be good for the next step of going back >>> to my tagged items section, and filtering the items by putting them into >>> categories. Your method would allow me to select multiple files at one time >>> and categorize them from an easy dropdown menu. Also, having this dropdown >>> available in the evidence window would allow someone that didn't just want >>> to tag an item (like me) to select a file and tag/categorize it from here. >>> If someone does this, then the Checkbox should automatically be checked by >>> the system when a category is attached to a file. >>> >>> Make sense? >>> >>> Billy >>> >>> On Mon, Nov 17, 2014 at 8:17 AM, Simson Garfinkel <si...@gm...> >>> wrote: >>> >>>> Richard, >>>> >>>> For a tag UI, you might look at how tags are implemented in MacOS >>>> 10.10. There's a "tag" button that brings up an interface that allows >>>> people to specify new tags or choose from an existing one: >>>> >>>> >>>> New tags are created by simply typing their names: >>>> >>>> >>>> Tags can then be listed whenever file names are shown: >>>> >>>> >>>> However, it is worth pointing out that the vast majority of OSX users >>>> do not understand about the tag feature and do not use it. >>>> >>>> >>>> >>>> >>>> On Nov 17, 2014, at 7:14 AM, Richard Cordovano < >>>> rco...@ba...> wrote: >>>> >>>> Tags in general are intended to allow a user to flag files or results >>>> of interest. Tags have names (e.g., Bookmark) so that files or results can >>>> be classified into different categories. Bookmark is actually just a >>>> predefined tag. So it's not Bookmark vs. tag - Bookmark is a tag. >>>> >>>> In addition to the ability to only include items with particular tags >>>> in reports, you can also see what items fall under what tags in the tree >>>> view on the left hand side of the main Autopsy window. This allows you to >>>> select a group of items with the same tag and view them in the table and >>>> thumbnail views to the right of the tree view. >>>> >>>> The UI for tags is definitely cumbersome. We already have a "story" in >>>> our internal issue tracking system at Basis Technology about making tagging >>>> more streamlined. >>>> >>>> The idea of having columns with check boxes in the table view is >>>> interesting. I think we would have difficulty scaling this up though. Let's >>>> say a user defines ten tags. A column for each tag would crowd out the >>>> actual data being displayed. This is not purely hypothetical; I know of at >>>> least one use case which requires five tags to do what the user needs to do >>>> with tagging. >>>> >>>> Richard Cordovano >>>> Basis Technology >>>> >>>> >>>> >>>> On Sun, Nov 16, 2014 at 10:48 PM, Billy Pronovost <bg...@gm...> >>>> wrote: >>>> >>>>> Hello TSK users... I had a question and a comment/suggestion. >>>>> >>>>> What is the intended purpose of Bookmark and Tag (or versus)? >>>>> >>>>> I get that Bookmarking is putting the item into the Report, but what >>>>> about >>>>> Tag? >>>>> >>>>> For me, it seems like it should be just "tagging" and item, but I know >>>>> that >>>>> Bookmarking is a common term for forensic programs. >>>>> >>>>> Whatever the term is going to be, I really wish there was just a column >>>>> with a check box for this action. It is ridiculous to have to go >>>>> through a >>>>> secondary click menu when this is one of the most common functions of >>>>> an >>>>> investigation (marking an item for a report). >>>>> >>>>> What are the chances people agree with me and we could see a feature >>>>> like >>>>> this in the next version? >>>>> >>>>> Thanks for your time. >>>>> >>>>> Billy >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>>> from Actuate! Instantly Supercharge Your Business Reports and >>>>> Dashboards >>>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >>>>> more >>>>> Get technology previously reserved for billion-dollar corporations, >>>>> FREE >>>>> >>>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk >>>>> _______________________________________________ >>>>> sleuthkit-users mailing list >>>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>>> http://www.sleuthkit.org >>>>> >>>>> >>>> >>>> ------------------------------------------------------------------------------ >>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>>> with Interactivity, Sharing, Native Excel Exports, App Integration & >>>> more >>>> Get technology previously reserved for billion-dollar corporations, FREE >>>> >>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk_______________________________________________ >>>> sleuthkit-users mailing list >>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>> http://www.sleuthkit.org >>>> >>>> >>>> >>> >> > |
