[sleuthkit-users] "Recent Files" view in Autopsy
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] "Recent Files" view in Autopsy
|
From: Brian C. <ca...@sl...> - 2015-06-05 13:29:59
|
Every time I do Autopsy training, I always tell people that the “Recent Files” view in Autopsy should go away because it doesn’t really serve the purpose I intended it to (in my opinion). This is the area that shows you all files that had any activity on the “Final Day” of the system (which is the most recent day before the current day that there was file system activity) and the day before the final day, and 2 days before the final day, etc. (with a view for each day for the last week). My problem with the view is that it shows way too much stuff. You usually have hundreds of files in there. It needs additional filtering to make it useful. We don’t have filtering in on the queue, so my vote is to remove it to simplify things. I think the timeline feature is much better at this now. Anybody using it and will be very sad if we disable it until we add filtering in? brian |
