Re: [sleuthkit-users] Timeline Survey Question
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Timeline Survey Question
|
From: Alex N. <ajn...@cs...> - 2015-08-17 23:22:18
|
They’re interesting visualizations. The examples may be better with some examples of longer names (/deeper hierarchies/longer URLs) to get a better feel of cuts taken for horizontal clutter. —Alex > On Aug 17, 2015, at 18:38 , Brian Carrier <ca...@sl...> wrote: > > We’re reviewing some changes to the timeline module and wanted some feedback. > > Background: In the “details” view, we currently cluster together events if they happen close to each other. But, once there is a gap in events in a certain folder (or URL), then we break the cluster in the UI. This means that you could have clusters for the same folder (Program Files in the below example) that span multiple clusters. Notice in this image below, there are three “Program Files” clusters (two in the top row and one in the fifth row). The motivation for this was that it would be useful to know that there was a gap in between the clusters of events. > > > > <events_current.png> > > > We are looking at an alternative, which is to have a single cluster for the entire view (regardless of it there is a gap). This means that even if there are only events at left of the screen and right then it would be a solid band. It would look something like this: > > <events_spans.png> > > > The benefit of this would be that it would be obvious of all of the events in the given description (folder name, for example) and we would waste less space rewriting the name so often. It comes at the potential downside though that it may take more vertical space because we could have lots of sparse bands. > > Opinions? > > > ------------------------------------------------------------------------------ > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
