Re: [sleuthkit-users] Feature Placement
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Feature Placement
|
From: Derrick K. <dk...@gm...> - 2015-04-17 14:06:27
|
Would it work to just have a single "Extract embedded data in files" module which would deep traverse files and look for embedded child objects such as pictures in docs/pdfs, pictures from thumbnails, cookies and blobs from browser sqlite databases, etc? It's a bit of a catch all module for all things embedded (not just graphics) so that you don't end up with an ever growing list of modules. I think the keyword module should be kept separate. For me, even though searching for ASCII/Unicode text uses the same library, the use case is very different. I only search for keywords in specific cases and often would just want to run the 'deep traverse' without running keywords. Derrick On Thu, Apr 16, 2015 at 9:46 PM, Hoyt Harness <hoy...@gm...> wrote: > Maybe it's a matter of renaming the keyword module and modifying the > hover tip so they're more inclusive once the embedded image feature is > added. That would solve it, I think, as well as maximize performance, > reduce the development task, and aid in ingest brevity. > > Hoyt > > On Thu, Apr 16, 2015 at 8:57 AM, Brian Carrier <ca...@sl...> wrote: >> Question for the Autopsy users on the list. We’re about to add a feature to extract pictures from inside of Word/PowerPoint/Excel docs and add them in as derived files that will be hashed, searched, etc. >> >> The question is where we put the module. >> >> Technically, it is using the same library that we use in Keyword Search to extract text from these file types, so it would be fastest and least code for us to add it as a by-product of that module. Though, it is not very intuitive that the Keyword Search module would be doing that (from a user experience perspective). >> >> A second option is to make a module just for that. In addition to a slight performance hit, my other concern with this is that the list of ingest modules is starting to get long. I don’t want Autopsy to have a list of 20 items to select from each time (when most of them will always be enabled). There are of course longer-term ways to group modules by category, but that doesn’t solve the problem of where do we check this in next week. >> >> A third option is to make a module that is graphic image focused and merge the EXIF module into it. So, this new module would extract images from Word and EXIF extract and have a name that is graphics-based. >> >> Any strong thoughts? Should performance trump a little confusion about who is actually going to be extracting the images? >> >> >> ------------------------------------------------------------------------------ >> BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT >> Develop your own process in accordance with the BPMN 2 standard >> Learn Process modeling best practices with Bonita BPM through live exercises >> http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ >> source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > > > -- > Hoyt > ----------------- > There are 11 kinds of people - those who think binary jokes are funny, > those who don't, ...and those who don't know binary. > > ------------------------------------------------------------------------------ > BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT > Develop your own process in accordance with the BPMN 2 standard > Learn Process modeling best practices with Bonita BPM through live exercises > http://www.bonitasoft.com/be-part-of-it/events/bpm-camp-virtual- event?utm_ > source=Sourceforge_BPM_Camp_5_6_15&utm_medium=email&utm_campaign=VA_SF > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
