Re: [sleuthkit-users] Autopsy Users / Version
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Autopsy Users / Version
|
From: Billy P. <bg...@gm...> - 2014-11-19 18:07:09
|
I think the one thing we are learning and agreeing on is that a better way needs to be found. We are all going to have different preferences. This is going to be because we all will have different methods in how we approach working a case. For me, nothing is simpler than the column approach because the spacebar activates/toggles the checkbox. What could be simpler for a keyboard shortcut? The difference comes in what happens next. It sounds like Ketil, Karl and Simson like to categorize in this first step. For me, I like to put all my tagged items in once place then go back and relook and categorize them. I feel I have a better idea of what is happening with the evidence as I look at all this a second time and sort. Now, I am sure a method could be created that would allow flexibility for the user. Just because a checkbox was available to tag, doesn't mean you couldn't use a keyboard shortcut with predefined values (Karl's idea). Personally, I do find a pop up going the wrong direction for ease of use, but that is just my preference and may not be the common view. Billy > On Nov 19, 2014, at 9:47 AM, Ketil Froyn <ke...@fr...> wrote: > > I like keyboard shortcuts. What about ctrl-t (or something) popping up a small window, where you can click on the tag you want if it's visible, or use a keyboard shortcut to select the tag you want. If you have lots of tags, simply typing could do a (sub)string search to filter matching tags and display those, and the user can type until there's only one tag left and just hit enter, or use mouse click or keyboard shortcut when they see the wanted tag. This could tag all selected files, or the current file only, or a complete tree structure. > > Just my 2 cents. If at all possible, I usually prefer the keyboard-only option. > > Cheers, Ketil > >> On 19 Nov 2014 17:58, "Karl Mortensen" <kmo...@ba...> wrote: >> Would keyboard shortcuts help? Control-1 assigns Tag1 to the currently selected item (or items), Control-2 for Tag2, etc? >> >> Tag names would be configurable. >> >> Karl >> >>> On Wed, Nov 19, 2014 at 10:24 AM, Billy Pronovost <bg...@gm...> wrote: >>> Richard, >>> >>> I think a generic bookmark/tag checkbox is fine to start. When the item is checked, it goes into a tree location for "bookmarks' that you can go look at all your bookmarked items. From here if you wanted to classify a category "Needs further review" or "Fraud Evidence" (etc) you could do that. >>> >>> I find the multiple section to be non-user friendly. This would mean that I would need to mentally keep track of the files I want to tag and then go back and select them all. If I am looking at pictures and there is 1000 clip art or pointless pictures and 5 non-similarly named evidence pictures, I would have to wade through the pics to find my 5 important pictures. >>> >>> I am not looking for a new version tomorrow, I am looking to try and help make Autopsy the best it can be and this to me is something that users would enjoy as it would make their lives easier. >>> >>> Billy >>> >>>> On Wed, Nov 19, 2014 at 6:57 AM, Richard Cordovano <rco...@ba...> wrote: >>>> Simson, not being a Mac user, I was not aware of the tagging feature of the OSX UI. Thanks for the idea. I will add it to the notes for this issue in our issue tracking system. I can also imagine adding menu items for the existing tags to the first level of the context (right-click) menu. This could be the new implementation of the "quick tag" feature, while still allowing for the "tag and comment" feature. Of course, this would get unwieldy if someone defined a large number of tags. >>>> >>>> As an alternative to popping up tag definition dialogs from the context menu, I'm wondering if having a separate UI, perhaps an options panel, for defining tags might fit in well with the NetBean RCP (rich client platform) framework with which Autopsy is built, while also being less cumbersome. >>>> >>>> Billy, I'm not sure I fully understand your suggestion. Thinking about your use case, something that we can consider is adding a column to the table results viewer with a check box just for the predefined "Bookmark" tag. This could be a way to make for a sort of quick tagging capability. You could then select the Bookmark tagged items in the tree view and sort them further with additional tags. >>>> >>>> Tagging can still be fairly quick with the current implementation, though. Is everyone aware of the ability to do multiple selection in the table view, a feature I added about a year ago? Billy, you might feel less pain if you select everything you want to bookmark, then tag them all in one go. >>>> >>>> I should also mention that the digital forensics team at Basis is pretty busy with customer paid work right now, so changes to the tagging feature by Basis staff are not on the horizon yet. >>>> >>>> >>>> >>>> >>>>> On Mon, Nov 17, 2014 at 12:34 PM, Billy Pronovost <bg...@gm...> wrote: >>>>> Simson, >>>>> >>>>> This is an interesting concept. I am a Mac user, I do understand, but I still don't use it. Mostly because I filter my stuff in folders already so the Tag seems redundant. >>>>> >>>>> I guess the only difference I would want to point out for Autopsy is that I am looking for a quick way to "tag" an item and move on and that is why a check box would be beneficial (because I can hit the space bar and tag the item and move on with the arrow keys). >>>>> >>>>> This method you described might be good for the next step of going back to my tagged items section, and filtering the items by putting them into categories. Your method would allow me to select multiple files at one time and categorize them from an easy dropdown menu. Also, having this dropdown available in the evidence window would allow someone that didn't just want to tag an item (like me) to select a file and tag/categorize it from here. If someone does this, then the Checkbox should automatically be checked by the system when a category is attached to a file. >>>>> >>>>> Make sense? >>>>> >>>>> Billy >>>>> >>>>>> On Mon, Nov 17, 2014 at 8:17 AM, Simson Garfinkel <si...@gm...> wrote: >>>>>> Richard, >>>>>> >>>>>> For a tag UI, you might look at how tags are implemented in MacOS 10.10. There's a "tag" button that brings up an interface that allows people to specify new tags or choose from an existing one: >>>>>> >>>>>> <PastedGraphic-1.png> >>>>>> >>>>>> New tags are created by simply typing their names: >>>>>> >>>>>> <PastedGraphic-2.png> >>>>>> >>>>>> Tags can then be listed whenever file names are shown: >>>>>> >>>>>> <PastedGraphic-3.png> >>>>>> >>>>>> However, it is worth pointing out that the vast majority of OSX users do not understand about the tag feature and do not use it. >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> On Nov 17, 2014, at 7:14 AM, Richard Cordovano <rco...@ba...> wrote: >>>>>>> >>>>>>> Tags in general are intended to allow a user to flag files or results of interest. Tags have names (e.g., Bookmark) so that files or results can be classified into different categories. Bookmark is actually just a predefined tag. So it's not Bookmark vs. tag - Bookmark is a tag. >>>>>>> >>>>>>> In addition to the ability to only include items with particular tags in reports, you can also see what items fall under what tags in the tree view on the left hand side of the main Autopsy window. This allows you to select a group of items with the same tag and view them in the table and thumbnail views to the right of the tree view. >>>>>>> >>>>>>> The UI for tags is definitely cumbersome. We already have a "story" in our internal issue tracking system at Basis Technology about making tagging more streamlined. >>>>>>> >>>>>>> The idea of having columns with check boxes in the table view is interesting. I think we would have difficulty scaling this up though. Let's say a user defines ten tags. A column for each tag would crowd out the actual data being displayed. This is not purely hypothetical; I know of at least one use case which requires five tags to do what the user needs to do with tagging. >>>>>>> >>>>>>> Richard Cordovano >>>>>>> Basis Technology >>>>>>> >>>>>>> >>>>>>> >>>>>>>> On Sun, Nov 16, 2014 at 10:48 PM, Billy Pronovost <bg...@gm...> wrote: >>>>>>>> Hello TSK users... I had a question and a comment/suggestion. >>>>>>>> >>>>>>>> What is the intended purpose of Bookmark and Tag (or versus)? >>>>>>>> >>>>>>>> I get that Bookmarking is putting the item into the Report, but what about >>>>>>>> Tag? >>>>>>>> >>>>>>>> For me, it seems like it should be just "tagging" and item, but I know that >>>>>>>> Bookmarking is a common term for forensic programs. >>>>>>>> >>>>>>>> Whatever the term is going to be, I really wish there was just a column >>>>>>>> with a check box for this action. It is ridiculous to have to go through a >>>>>>>> secondary click menu when this is one of the most common functions of an >>>>>>>> investigation (marking an item for a report). >>>>>>>> >>>>>>>> What are the chances people agree with me and we could see a feature like >>>>>>>> this in the next version? >>>>>>>> >>>>>>>> Thanks for your time. >>>>>>>> >>>>>>>> Billy >>>>>>>> >>>>>>>> ------------------------------------------------------------------------------ >>>>>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>>>>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>>>>>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more >>>>>>>> Get technology previously reserved for billion-dollar corporations, FREE >>>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk >>>>>>>> _______________________________________________ >>>>>>>> sleuthkit-users mailing list >>>>>>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>>>>>> http://www.sleuthkit.org >>>>>>> >>>>>>> ------------------------------------------------------------------------------ >>>>>>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>>>>>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>>>>>> with Interactivity, Sharing, Native Excel Exports, App Integration & more >>>>>>> Get technology previously reserved for billion-dollar corporations, FREE >>>>>>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk_______________________________________________ >>>>>>> sleuthkit-users mailing list >>>>>>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>>>>>> http://www.sleuthkit.org >>> >>> >>> ------------------------------------------------------------------------------ >>> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >>> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >>> with Interactivity, Sharing, Native Excel Exports, App Integration & more >>> Get technology previously reserved for billion-dollar corporations, FREE >>> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk >>> _______________________________________________ >>> sleuthkit-users mailing list >>> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >>> http://www.sleuthkit.org >> >> >> >> -- >> Sincerely, >> Karl Mortensen >> >> >> ------------------------------------------------------------------------------ >> Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server >> from Actuate! Instantly Supercharge Your Business Reports and Dashboards >> with Interactivity, Sharing, Native Excel Exports, App Integration & more >> Get technology previously reserved for billion-dollar corporations, FREE >> http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org |
