[sleuthkit-developers] Splitting and progress
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] Splitting and progress
|
From: Paul B. <ba...@fo...> - 2003-09-11 13:01:32
|
Hi Brian end everybody else, The list has been a bit empty lately.... I'm on the verge of a new release of the Indexed search functionality. I = was wondering how the progress on the Autopsy restructuring was going. = If you plan to release a new version soon, I will hold my release to go = with it.. Otherwise I will release a version for Sleuthkit 1.65 and = Autopsy 1.74. Has anybody else already tested/used these tools? I would like to = receive some feedback if possible... I have just conducted a forensic investigation on a 100 Gb disk... And = therefore got ample oppertunity to test the new indexing features.. A few numbers: Indexing of the disk took only 9 hours and resulted in 4.7 Billion = indexed points.... All words letter and number combinations of length 3 to 8 were indexed. Combining of the index files into a single index took 4.5 hours and = resulted in a 17 Gb file. Searches for a specific word resulted in 75000 hits and only took 7 = seconds to perform. -- Paul Bakker |
