Re: [sleuthkit-users] Naming Help Needed
Brought to you by:
carrier
Menu
▾
▴
Re: [sleuthkit-users] Naming Help Needed
|
From: Jasey D. <jrd...@gm...> - 2017-06-23 14:46:23
|
Would "indicators" work for these? We typically call the discovery of known-bad hash values and hitting black listed sites an "indicator of compromise". But not all indicators are necessarily negative. -Jasey On Fri, Jun 23, 2017 at 9:32 AM, Brian Carrier <ca...@sl...> wrote: > Thanks for everyone's comments on this. > > We decided to go with attributes because we already use that term in > Autopsy and so it is less confusing. > > The remaining naming question is a generic name for lists of "known" > things (good, bad, etc.): > - hashsets > - watch lists / black lists (i.e. phone numbers or emails of "bad" people) > - white lists (i.e. generic phone numbers or emails) > > We've discussed the term "reference set". Any other ideas? We don't want > to change the schema after we release this! > > thanks, > brian > > > > > > On Wed, Jun 21, 2017 at 10:32 AM, Brian Carrier <ca...@sl...> > wrote: > >> We're about to release the first version of a new database that Autopsy >> can use to support various analytical features and we're having trouble >> with terms and naming. So, we are seeking some more opinions. >> >> Question 1) A file has additional data, such as its path and MD5 values. >> What do you call those? We've used the terms feature, indicator, artifact, >> property, etc. Which makes the most sense to you? >> >> Question 2) A web bookmark has additional data, such as dates and URL. >> What do you call those? Same as in Q1? >> >> To give some more context, we are about to release a new database that >> can be used to correlate data between cases (or between devices in the same >> case). But, we need a name to describe what we are storing, which includes: >> - MD5 hash of files >> - path of files >> - Email addresses >> - Domain names >> - Phone numbers >> >> For a while, we were referring to these as artifacts, but that got too >> confusing because we already have a notion of artifacts in Autopsy, which >> are "bigger" things like web bookmarks and keyword hits. >> >> thanks, >> brian >> > > > ------------------------------------------------------------ > ------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org > > |
