Re: [sleuthkit-developers] re:stop-gap crap

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In addition to Michael's comments, HTML is slow when dealing with large 
directories (such as /dev/ on many Linux systems) because Autopsy makes 
a big table with thousands of entries and many browsers were not 
designed for that.

With HTML you can't stop intensive processes, such as keyword 
searching.  You can't right click on something to get a menu listing  
etc. There also aren't any menus for each mode.  Some of this could be 
fixed with javascript, but I'm too paranoid about having java script 
enabled while viewing suspect systems.

brian

On Apr 11, 2004, at 7:41 AM, Michael Cohen wrote:

> On Sun, 11 Apr 2004 02:53 pm, t f wrote:
> Hi dorkus,
>
>> I noticed that, on your projects page, you specify a "non-HTML" 
>> GUI...Is
>> Autopsy slow?  It seems that a well-designed web page (PHP) 
>> presenting data
>> from a well-designed database would be the ideal solution.  Apache, 
>> MySQL,
>> and PHP seem to run on just about everything these days...This 
>> approach
>> would make logging and metrics much cleaner, too.
>
> Sometimes its not a matter of having the gui too slow, some guis are 
> more
> appropriate than others for certain tasks. For example pyflag uses
> mysql/python html gui which is fine for many things. However, we are
> currently thinking about implementing a gtk gui for it in order to 
> experiment
> with some gui elements that are not possible to do in html (e.g. live
> progress bars etc). Also we currently have a command shell for pyflag 
> called
> flash ( the flag shell)... this is used for scripting analysis - so we 
> do a
> long nsrl comparison, and extract images/word document after loading 
> the case
> in automatically in about 5 lines of flash script.
>
> This way all the time consuming tasks are done overnight, 
> automatically, and
> we just examine the results. This is an example of a cli being better 
> than
> html for this task.
>
> Michael.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (Darwin)

iD8DBQFAecEkOK1gLsdFTIsRAg16AJ0d8azwPUtS5GECDsBHp2bjWTOJbwCfdu6P
gUbeoiegzM6JeS7PEgY9+LU=
=fyNO
-----END PGP SIGNATURE-----