[sleuthkit-users] R: Solr / RegExp Update and Survey
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] R: Solr / RegExp Update and Survey
|
From: Alessandro F. <ale...@al...> - 2016-12-06 22:07:17
|
Autopsy is big project and I really prefer to have improvement of performance or new feature instead of having backword compatibility. So for me option 1 is good if all old version wil still be available as today on https://sourceforge.net/projects/autopsy/files/autopsy/ Dott. Alessandro Fiorenzi www.studiofiorenzi.it af...@st... / +39 3487920172 Studio Fiorenzi - Security & Forensics Tel 0550351263 Vai Daniele Manin, 50 50019 Sesto Fiorentino http://www.studiofiorenzi.it IMPORTANTE: questa e-mail (inclusi tutti gli allegati) è inviata dallo Studio Informatica Forense Fiorenzi Alessandro e può contenere informazioni riservate soggette a segreto professionale. Essa può essere letta, copiata e usata solo dal destinatario indicato e non deve essere ritrasmessa con modifiche senza il nostro consenso. Se l'avete ricevuta per errore, Vi preghiamo di contattarci per e-mail o telefono e, quindi, di distruggerla senza mostrarla ad alcun estraneo. La sicurezza e l'affidabilità delle e-mail non è garantita. Noi adottiamo programmi anti virus, ma decliniamo ogni responsabilità in ordine alla prevenzione degli eventuali virus. -----Messaggio originale----- Da: Brian Carrier [mailto:ca...@sl...] Inviato: martedì 6 dicembre 2016 16.00 A: sle...@li... users <sle...@li...> Oggetto: [sleuthkit-users] Solr / RegExp Update and Survey I have an update Solr / Elastic / regular expression work and a question about backward compatibility. Update: We’re sticking with Solr and will be breaking text into 32KB chunks to use a different regular expression searching approach that gives us better results. It is actually faster than before! Question: How much backward compatibility are people expecting? We have three general options: - no backward compatibility: You need to have Autopsy 4.2 to open existing 4.2 cases. Existing cases are not upgraded. We’d probably need to call this release Autopsy 5 to make it clear what can open what. I’m not sure there are enough new features to justify such a major version increase. - read-only: Autopsy 4.2 cases can be opened in the new Autopsy (let’s call it 4.3), but only searched. You can’t add new data sources to it and it would have the old regular expression searching. If you need to add Data Sources, open the case up in 4.2. - fully: Autopsy converts the old schema to the new schema (a time intensive process). You could open Autopsy cases originally created with 4.2 in 4.3 and add to them. I’ll bias this thread by saying my preference is the read-only approach. It’s the least amount of work to provide some level of backward compatibility. Historically, we have always upgraded cases to work with new versions of Autopsy. This is just a lot of work to fully upgrade and it isn’t clear that there is a lot of value in doing it. Who would be sad if we did the read-only approach? ------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today.http://sdm.link/xeonphi _______________________________________________ sleuthkit-users mailing list https://lists.sourceforge.net/lists/listinfo/sleuthkit-users http://www.sleuthkit.org |
