[sleuthkit-users] Solr / RegExp Update and Survey
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Solr / RegExp Update and Survey
|
From: Brian C. <ca...@sl...> - 2016-12-06 15:00:00
|
I have an update Solr / Elastic / regular expression work and a question about backward compatibility. Update: We’re sticking with Solr and will be breaking text into 32KB chunks to use a different regular expression searching approach that gives us better results. It is actually faster than before! Question: How much backward compatibility are people expecting? We have three general options: - no backward compatibility: You need to have Autopsy 4.2 to open existing 4.2 cases. Existing cases are not upgraded. We’d probably need to call this release Autopsy 5 to make it clear what can open what. I’m not sure there are enough new features to justify such a major version increase. - read-only: Autopsy 4.2 cases can be opened in the new Autopsy (let’s call it 4.3), but only searched. You can’t add new data sources to it and it would have the old regular expression searching. If you need to add Data Sources, open the case up in 4.2. - fully: Autopsy converts the old schema to the new schema (a time intensive process). You could open Autopsy cases originally created with 4.2 in 4.3 and add to them. I’ll bias this thread by saying my preference is the read-only approach. It’s the least amount of work to provide some level of backward compatibility. Historically, we have always upgraded cases to work with new versions of Autopsy. This is just a lot of work to fully upgrade and it isn’t clear that there is a lot of value in doing it. Who would be sad if we did the read-only approach? |
