Re: [sleuthkit-users] sleuthkit-users Digest, Vol 132, Issue 7
Brought to you by:
carrier
From: Jacquelyn B. <jac...@ic...> - 2017-06-24 15:34:53
|
Please remove jac...@ic... from your mailing list Continued Blessings, Jacquelyn Beckman > On Jun 24, 2017, at 7:04 AM, sle...@li... wrote: > > Send sleuthkit-users mailing list submissions to > sle...@li... > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > or, via email, send a message with subject or body 'help' to > sle...@li... > > You can reach the person managing the list at > sle...@li... > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of sleuthkit-users digest..." > > > Today's Topics: > > 1. Re: Naming Help Needed (Jasey DePriest) > 2. Re: Naming Help Needed (Kalin KOZHUHAROV) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Fri, 23 Jun 2017 09:45:56 -0500 > From: Jasey DePriest <jrd...@gm...> > To: Brian Carrier <ca...@sl...> > Cc: sleuthkit-users <sle...@li...> > Subject: Re: [sleuthkit-users] Naming Help Needed > Message-ID: > <CAM...@ma...> > Content-Type: text/plain; charset="utf-8" > > Would "indicators" work for these? We typically call the discovery of > known-bad hash values and hitting black listed sites an "indicator of > compromise". But not all indicators are necessarily negative. > > -Jasey > > On Fri, Jun 23, 2017 at 9:32 AM, Brian Carrier <ca...@sl...> > wrote: > >> Thanks for everyone's comments on this. >> >> We decided to go with attributes because we already use that term in >> Autopsy and so it is less confusing. >> >> The remaining naming question is a generic name for lists of "known" >> things (good, bad, etc.): >> - hashsets >> - watch lists / black lists (i.e. phone numbers or emails of "bad" people) >> - white lists (i.e. generic phone numbers or emails) >> >> We've discussed the term "reference set". Any other ideas? We don't want >> to change the schema after we release this! >> >> thanks, >> brian >> >> >> >> >> >> On Wed, Jun 21, 2017 at 10:32 AM, Brian Carrier <ca...@sl...> >> wrote: >> >>> We're about to release the first version of a new database that Autopsy >>> can use to support various analytical features and we're having trouble >>> with terms and naming. So, we are seeking some more opinions. >>> >>> Question 1) A file has additional data, such as its path and MD5 values. >>> What do you call those? We've used the terms feature, indicator, artifact, >>> property, etc. Which makes the most sense to you? >>> >>> Question 2) A web bookmark has additional data, such as dates and URL. >>> What do you call those? Same as in Q1? >>> >>> To give some more context, we are about to release a new database that >>> can be used to correlate data between cases (or between devices in the same >>> case). But, we need a name to describe what we are storing, which includes: >>> - MD5 hash of files >>> - path of files >>> - Email addresses >>> - Domain names >>> - Phone numbers >>> >>> For a while, we were referring to these as artifacts, but that got too >>> confusing because we already have a notion of artifacts in Autopsy, which >>> are "bigger" things like web bookmarks and keyword hits. >>> >>> thanks, >>> brian >>> >> >> >> ------------------------------------------------------------ >> ------------------ >> Check out the vibrant tech community on one of the world's most >> engaging tech sites, Slashdot.org! http://sdm.link/slashdot >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org >> >> > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 2 > Date: Fri, 23 Jun 2017 23:53:25 +0200 > From: Kalin KOZHUHAROV <me....@gm...> > To: Brian Carrier <ca...@sl...> > Cc: sleuthkit-users <sle...@li...> > Subject: Re: [sleuthkit-users] Naming Help Needed > Message-ID: > <CAK...@ma...> > Content-Type: text/plain; charset="utf-8" > > On Jun 23, 2017 16:33, "Brian Carrier" <ca...@sl...> wrote: > > Thanks for everyone's comments on this. > > We decided to go with attributes because we already use that term in > Autopsy and so it is less confusing. > > The remaining naming question is a generic name for lists of "known" things > (good, bad, etc.): > - hashsets > - watch lists / black lists (i.e. phone numbers or emails of "bad" people) > - white lists (i.e. generic phone numbers or emails) > > We've discussed the term "reference set". Any other ideas? > > > Simply list/s or matchlist/s may do. > > Kalin. > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > ------------------------------ > > Subject: Digest Footer > > _______________________________________________ > sleuthkit-users mailing list > sle...@li... > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > > > ------------------------------ > > End of sleuthkit-users Digest, Vol 132, Issue 7 > *********************************************** |