[sleuthkit-users] Naming Help Needed
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-users] Naming Help Needed
|
From: Brian C. <ca...@sl...> - 2017-06-21 14:32:30
|
We're about to release the first version of a new database that Autopsy can use to support various analytical features and we're having trouble with terms and naming. So, we are seeking some more opinions. Question 1) A file has additional data, such as its path and MD5 values. What do you call those? We've used the terms feature, indicator, artifact, property, etc. Which makes the most sense to you? Question 2) A web bookmark has additional data, such as dates and URL. What do you call those? Same as in Q1? To give some more context, we are about to release a new database that can be used to correlate data between cases (or between devices in the same case). But, we need a name to describe what we are storing, which includes: - MD5 hash of files - path of files - Email addresses - Domain names - Phone numbers For a while, we were referring to these as artifacts, but that got too confusing because we already have a notion of artifacts in Autopsy, which are "bigger" things like web bookmarks and keyword hits. thanks, brian |
