Re: [sleuthkit-users] Naming Help Needed
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Naming Help Needed
|
From: Brian C. <ca...@sl...> - 2017-06-23 14:45:36
|
Actually, I should clarify. We are using the term attribute in the code so that there is an obvious mapping between "Blackboard Attributes" and "Correlation Attributes", but we'll likely use property in the UI since that seems to be a more natural term for users. On Fri, Jun 23, 2017 at 10:32 AM, Brian Carrier <ca...@sl...> wrote: > Thanks for everyone's comments on this. > > We decided to go with attributes because we already use that term in > Autopsy and so it is less confusing. > > The remaining naming question is a generic name for lists of "known" > things (good, bad, etc.): > - hashsets > - watch lists / black lists (i.e. phone numbers or emails of "bad" people) > - white lists (i.e. generic phone numbers or emails) > > We've discussed the term "reference set". Any other ideas? We don't want > to change the schema after we release this! > > thanks, > brian > > > > > > On Wed, Jun 21, 2017 at 10:32 AM, Brian Carrier <ca...@sl...> > wrote: > >> We're about to release the first version of a new database that Autopsy >> can use to support various analytical features and we're having trouble >> with terms and naming. So, we are seeking some more opinions. >> >> Question 1) A file has additional data, such as its path and MD5 values. >> What do you call those? We've used the terms feature, indicator, artifact, >> property, etc. Which makes the most sense to you? >> >> Question 2) A web bookmark has additional data, such as dates and URL. >> What do you call those? Same as in Q1? >> >> To give some more context, we are about to release a new database that >> can be used to correlate data between cases (or between devices in the same >> case). But, we need a name to describe what we are storing, which includes: >> - MD5 hash of files >> - path of files >> - Email addresses >> - Domain names >> - Phone numbers >> >> For a while, we were referring to these as artifacts, but that got too >> confusing because we already have a notion of artifacts in Autopsy, which >> are "bigger" things like web bookmarks and keyword hits. >> >> thanks, >> brian >> > > |
