Re: [sleuthkit-users] Naming Help Needed
Brought to you by:
carrier
From: Brian C. <ca...@sl...> - 2017-06-23 14:32:39
|
Thanks for everyone's comments on this. We decided to go with attributes because we already use that term in Autopsy and so it is less confusing. The remaining naming question is a generic name for lists of "known" things (good, bad, etc.): - hashsets - watch lists / black lists (i.e. phone numbers or emails of "bad" people) - white lists (i.e. generic phone numbers or emails) We've discussed the term "reference set". Any other ideas? We don't want to change the schema after we release this! thanks, brian On Wed, Jun 21, 2017 at 10:32 AM, Brian Carrier <ca...@sl...> wrote: > We're about to release the first version of a new database that Autopsy > can use to support various analytical features and we're having trouble > with terms and naming. So, we are seeking some more opinions. > > Question 1) A file has additional data, such as its path and MD5 values. > What do you call those? We've used the terms feature, indicator, artifact, > property, etc. Which makes the most sense to you? > > Question 2) A web bookmark has additional data, such as dates and URL. > What do you call those? Same as in Q1? > > To give some more context, we are about to release a new database that can > be used to correlate data between cases (or between devices in the same > case). But, we need a name to describe what we are storing, which includes: > - MD5 hash of files > - path of files > - Email addresses > - Domain names > - Phone numbers > > For a while, we were referring to these as artifacts, but that got too > confusing because we already have a notion of artifacts in Autopsy, which > are "bigger" things like web bookmarks and keyword hits. > > thanks, > brian > |