Re: [sleuthkit-developers] Branching BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Thanks Richard,

Do you know if there are plans to allow grouping of results in this fashion?

What are other common artifact types used by developers here to highlight files found/analysed?

If I want to highlight certain folders in the navigation tree what have you found to be a good way to do so?

Thanks

Rajmund

From: Richard Cordovano [mailto:rco...@ba...] 
Sent: 28 November 2014 14:38
To: Rajmund
Cc: Autopsy Developers
Subject: Re: [sleuthkit-developers] Branching BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT?

Sorry, Rajmund, there is currently no way to create the sort of hierarchy of interesting file set definitions you are envisioning. 

The code that shows interesting file hits in the "Interesting Items" tree groups the file hit results (artifacts) by file set name, and every file hit artifact has a single set name attribute. You could add separators to your set names, but that would only define new set names - the set names are not parsed to discover additional structure.    

On Fri, Nov 28, 2014 at 2:56 AM, Rajmund <ra...@4e... <mailto:ra...@4e...> > wrote:

Hi Team,

I was wondering if there is a way to branch/create child items for the BlackboardArtifact.ARTIFACT_TYPE.TSK_INTERESTING_FILE_HIT in order to group them together?

The goal would be that it would be shown in Autopsy as:

Interesting Items

              SetNameA

                             SetNameAB

                             SetNameAC

              SetNameB

Is there a separator to be used in TSK_SET_NAME? Or do I somehow have to add the children to the parent artifact?

Is there another artefact type which allows the above if this one does not?

Thanks

Rajmund

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=157005751 <http://pubads.g.doubleclick.net/gampad/clk?id=157005751&iu=/4140/ostg.clktrk> &iu=/4140/ostg.clktrk
_______________________________________________
sleuthkit-developers mailing list
sle...@li... <mailto:sle...@li...> 
https://lists.sourceforge.net/lists/listinfo/sleuthkit-developers