Thread: [sleuthkit-users] Default Timeline Scaling
Brought to you by:
carrier
Menu
▾
▴
sleuthkit-users
|
From: Brian C. <ca...@sl...> - 2014-09-15 20:47:52
|
As many of you may know, we've been working on a new timeline viewer for Autopsy as part of a DHS S&T contract. It's got some really cool features and I'm looking for some feedback on default settings. One view has bar graphs to show "how many things occurred in a given time frame". The primary use case was to answer questions about knowing when and how often the system was used. There is another view that provides details. My question is if linear or logarithmic scale is better as a default. In the bar chart, there are differently colored sections for file system activity, web activity, and "other" activity. There will be more bars as we add more features. Linear allows you to compare the size of each bar, but it means that many bars are not visible. Logarithmic is not as intuitive for people, but it allows you to see more of the bars. Below is an example. The Linear view doesn't show any of the blue bars. As a reference on the final bar in the log scale, the red bar has 53,000 events, the green has 3,500, and the blue has 54. My vote is to have log scale be the default so that you can see that there is web activity even though there is far less than file system times, but I wanted to get feedback before we did that. Votes? |
|
From: RB <ao...@gm...> - 2014-09-17 02:53:03
|
On Mon, Sep 15, 2014 at 2:47 PM, Brian Carrier <ca...@sl...> wrote: > My question is if linear or logarithmic scale is better as a default. > Mine too, so long as they're switchable. Logarithmic tends to provide a more "natural" vision of data, for lack of a better term. I do a lot of audio work and analysis, and I barely ever use linear scales because they fail to accurately depict the relative "weight" of given signals. This is kind of the same situation. |
|
From: Greg F. <gre...@gm...> - 2014-09-17 03:08:00
|
Logarithmic for me. Even light usage may be important and that could be missed on a linear scale. One click to go to linear makes easy to do and not having scale marks on the y axis will send even a novice looking at the options for how to get scale marks. Greg On September 15, 2014 4:47:41 PM EDT, Brian Carrier <ca...@sl...> wrote: >As many of you may know, we've been working on a new timeline viewer >for Autopsy as part of a DHS S&T contract. It's got some really cool >features and I'm looking for some feedback on default settings. One >view has bar graphs to show "how many things occurred in a given time >frame". The primary use case was to answer questions about knowing when >and how often the system was used. There is another view that provides >details. > >My question is if linear or logarithmic scale is better as a default. >In the bar chart, there are differently colored sections for file >system activity, web activity, and "other" activity. There will be >more bars as we add more features. Linear allows you to compare the >size of each bar, but it means that many bars are not visible. >Logarithmic is not as intuitive for people, but it allows you to see >more of the bars. Below is an example. The Linear view doesn't show >any of the blue bars. As a reference on the final bar in the log >scale, the red bar has 53,000 events, the green has 3,500, and the blue >has 54. > > >My vote is to have log scale be the default so that you can see that >there is web activity even though there is far less than file system >times, but I wanted to get feedback before we did that. Votes? > > > > >------------------------------------------------------------------------ > >------------------------------------------------------------------------------ >Want excitement? >Manually upgrade your production database. >When you want reliability, choose Perforce >Perforce version control. Predictably reliable. >http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > >------------------------------------------------------------------------ > >_______________________________________________ >sleuthkit-users mailing list >https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >http://www.sleuthkit.org -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. |
|
From: Stefan K. <sk...@bf...> - 2014-09-17 07:25:08
|
Brian, > Logarithmic for me. Even light usage may be important and that could be missed on a linear scale. One click to go to linear makes easy to do and not having scale marks on the y axis will send even a novice looking at the options for how to get scale marks. I second Greg's opinion. Cheers, Stefan. -- Stefan Kelm <sk...@bf...> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstrasse 100 Tel: +49-721-96201-1 D-76133 Karlsruhe Fax: +49-721-96201-99 |
|
From: Simson G. <si...@ac...> - 2014-09-17 08:44:42
|
Have a switch to allow either. Sent from my iPad > On Sep 15, 2014, at 4:47 PM, Brian Carrier <ca...@sl...> wrote: > > As many of you may know, we've been working on a new timeline viewer for Autopsy as part of a DHS S&T contract. It's got some really cool features and I'm looking for some feedback on default settings. One view has bar graphs to show "how many things occurred in a given time frame". The primary use case was to answer questions about knowing when and how often the system was used. There is another view that provides details. > > My question is if linear or logarithmic scale is better as a default. In the bar chart, there are differently colored sections for file system activity, web activity, and "other" activity. There will be more bars as we add more features. Linear allows you to compare the size of each bar, but it means that many bars are not visible. Logarithmic is not as intuitive for people, but it allows you to see more of the bars. Below is an example. The Linear view doesn't show any of the blue bars. As a reference on the final bar in the log scale, the red bar has 53,000 events, the green has 3,500, and the blue has 54. > > > My vote is to have log scale be the default so that you can see that there is web activity even though there is far less than file system times, but I wanted to get feedback before we did that. Votes? > > > <tl_lin.png><tl_log.png> > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Simson G. <si...@ac...> - 2014-09-17 09:50:20
|
I'm sorry, I misread the question. In the past I've tried a split scale. Have a lower part of the scale that goes 1-1000, and a break, and then an upper part that goes 1000-1M. This gets you two linear regions. Allow the split to be dragged up and down to change where the split happens. In my experience people have a hard time understanding logarithmic scales. Another approach is to have a magnifying glass that you can use to evaluate the bottom of the graph. However, if you can only go between linear and log, then I go for log as well. On Sep 17, 2014, at 4:44 AM, Simson Garfinkel <si...@ac...> wrote: > Have a switch to allow either. > > Sent from my iPad > >> On Sep 15, 2014, at 4:47 PM, Brian Carrier <ca...@sl...> wrote: >> >> As many of you may know, we've been working on a new timeline viewer for Autopsy as part of a DHS S&T contract. It's got some really cool features and I'm looking for some feedback on default settings. One view has bar graphs to show "how many things occurred in a given time frame". The primary use case was to answer questions about knowing when and how often the system was used. There is another view that provides details. >> >> My question is if linear or logarithmic scale is better as a default. In the bar chart, there are differently colored sections for file system activity, web activity, and "other" activity. There will be more bars as we add more features. Linear allows you to compare the size of each bar, but it means that many bars are not visible. Logarithmic is not as intuitive for people, but it allows you to see more of the bars. Below is an example. The Linear view doesn't show any of the blue bars. As a reference on the final bar in the log scale, the red bar has 53,000 events, the green has 3,500, and the blue has 54. >> >> >> My vote is to have log scale be the default so that you can see that there is web activity even though there is far less than file system times, but I wanted to get feedback before we did that. Votes? >> >> >> <tl_lin.png><tl_log.png> >> ------------------------------------------------------------------------------ >> Want excitement? >> Manually upgrade your production database. >> When you want reliability, choose Perforce >> Perforce version control. Predictably reliable. >> http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk >> _______________________________________________ >> sleuthkit-users mailing list >> https://lists.sourceforge.net/lists/listinfo/sleuthkit-users >> http://www.sleuthkit.org > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
|
From: Kalin K. <me....@gm...> - 2014-09-17 09:39:58
|
Logscale as default, with user option (UI or config file) to change it, in case someone really hates it. Additionally, for y-axis using K,M,G in labels (as x1000, NOT 1024) may make it more readable. Kalin. |
|
From: Brian C. <ca...@sl...> - 2014-09-17 14:45:48
|
Thanks everyone. log as default it is. To be clear, there is a button on the top to change scales, so it is easy to switch back and forth. The main question here was what should be the default (since many people may not realize that they can/should change it). Kalin, we'll add the units to the list to see if that can be easily done. On Sep 17, 2014, at 5:39 AM, Kalin KOZHUHAROV <me....@gm...> wrote: > Logscale as default, with user option (UI or config file) to change > it, in case someone really hates it. > > Additionally, for y-axis using K,M,G in labels (as x1000, NOT 1024) > may make it more readable. > > Kalin. > > ------------------------------------------------------------------------------ > Want excitement? > Manually upgrade your production database. > When you want reliability, choose Perforce > Perforce version control. Predictably reliable. > http://pubads.g.doubleclick.net/gampad/clk?id=157508191&iu=/4140/ostg.clktrk > _______________________________________________ > sleuthkit-users mailing list > https://lists.sourceforge.net/lists/listinfo/sleuthkit-users > http://www.sleuthkit.org |
×
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.
Thanks for helping keep SourceForge clean.
X