[sleuthkit-developers] blindly indexing garbage...
Brought to you by:
carrier
Menu
▾
▴
[sleuthkit-developers] blindly indexing garbage...
|
From: t f <dor...@ho...> - 2004-02-24 00:54:45
|
Greetings, I see much fuss over indexing capabilities, but not a lot of discussion as to the purpose of said indexes. One might assume they are to be searched, but, why would one search on base64-encoded, zipped, cab'd, pdf'd, or otherwise "unreadable" data? I suppose it would be helpful for identifying certain malicious files as they lay on the drive, but I don't see too many other applications. My point is this: Shouldn't there be some work toward preprocessing this data, THEN indexing the intelligible bits?? Just a suggestion. Take it for what it's worth. I have seen a great deal of excellent discussion here over the past few months. Sleuthkit is becoming a very impressive tool. I look forward to seeing where it goes over the next few months. Thanks to all for the great work! -dorkus _________________________________________________________________ Watch high-quality video with fast playback at MSN Video. Free! http://click.atdmt.com/AVE/go/onm00200365ave/direct/01/ |
